Name Resolution issue with one domain
Matus UHLAR - fantomas
uhlar at fantomas.sk
Wed Mar 21 08:41:59 UTC 2012
On 21.03.12 09:23, Mark Andrews wrote:
>Stupid firewall rules in front of the nameservers. They block
>traffic sent from port 53 which is the port lots of nameservers
>used to send query traffic. When will firewall administrators learn
>that the source ports can be anything, that they are not significant,
>and that blocking traffic based on the source port is stupid.
maybe the admin set that up to force local servers using random ports,
instead of 53, for outgoing requests. Nobody should use port 53 for
_ougtoing_ requests.
>bsdi# dig -b 0.0.0.0#53 www.dubaiairport.com @svr-b003.dubaiairport.com
>09:13:17.909493 211.30.172.21.53 > 213.42.52.75.53: 18071+$ [1au] A? www.dubaiairport.com. ar: OPT UDPsize=4096 (49)
>09:13:22.918018 211.30.172.21.53 > 213.42.52.75.53: 18071+$ [1au] A? www.dubaiairport.com. ar: OPT UDPsize=4096 (49)
>09:13:27.928099 211.30.172.21.53 > 213.42.52.75.53: 18071+$ [1au] A? www.dubaiairport.com. ar: OPT UDPsize=4096 (49)
>
>; <<>> DiG 9.9.0rc2 <<>> -b 0.0.0.0#53 www.dubaiairport.com @svr-b003.dubaiairport.com
>;; global options: +cmd
>;; connection timed out; no servers could be reached
>bsdi#
--
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Quantum mechanics: The dreams stuff is made of.
More information about the bind-users
mailing list