Name Resolution issue with one domain
Anand Buddhdev
anandb at ripe.net
Wed Mar 21 22:41:48 UTC 2012
On 21/03/2012 09:41, Matus UHLAR - fantomas wrote:
> maybe the admin set that up to force local servers using random ports,
> instead of 53, for outgoing requests. Nobody should use port 53 for
> _ougtoing_ requests.
You're wrong. A name server can use any source port from 1 up to 65535
for an outgoing query, as long as that port is not in use by any other
process on the system.
In fact, up until Kaminsky's revelation, many BIND servers used a fixed
source port of 53.
>> bsdi# dig -b 0.0.0.0#53 www.dubaiairport.com @svr-b003.dubaiairport.com
>> 09:13:17.909493 211.30.172.21.53 > 213.42.52.75.53: 18071+$ [1au] A?
>> www.dubaiairport.com. ar: OPT UDPsize=4096 (49)
>> 09:13:22.918018 211.30.172.21.53 > 213.42.52.75.53: 18071+$ [1au] A?
>> www.dubaiairport.com. ar: OPT UDPsize=4096 (49)
>> 09:13:27.928099 211.30.172.21.53 > 213.42.52.75.53: 18071+$ [1au] A?
>> www.dubaiairport.com. ar: OPT UDPsize=4096 (49)
>>
>> ; <<>> DiG 9.9.0rc2 <<>> -b 0.0.0.0#53 www.dubaiairport.com
>> @svr-b003.dubaiairport.com
>> ;; global options: +cmd
>> ;; connection timed out; no servers could be reached
>> bsdi#
There appear to be firewalls in front of the name servers of
dubaiairport.com which drop all queries with a source port less than
1024. I just tried several queries with low-numbered source ports, and
they all failed until I got to 1024. Then they began replying to all my
queries.
Babu Dheen, if you're reading this, take note. The problem has been
identified. Find a contact at dubaiairport.com, and tell him to fix his
firewall.
More information about the bind-users
mailing list