DNS Ports

  • Thread starter Thread starter davidsll
  • Start date Start date
D

davidsll

What are the required DNS ports that need to be openned on
a firewall to allow a win 2k DNS to connect outboud to a
Internet DNS Server?
 
Unrelated to Win2K in particular. You need outbound from that
IP (internal DNS) to ANY destination on port 53 UDP (and perhaps
port 53 TCP) and to allow the response.
 
In
Herb Martin said:
Unrelated to Win2K in particular. You need outbound from that
IP (internal DNS) to ANY destination on port 53 UDP (and perhaps
port 53 TCP) and to allow the response.
Click to expand...

You'll also need to open up the upper UDP range for the emphereal response
port. This normally I've seen to be between 1024 - 5000. I've seen it higher
too. Some admins will open up 1024-65534 just in case. Review your firewall
logs to see what I mean.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
You'll also need to open up the upper UDP range for the emphereal response
port. This normally I've seen to be between 1024 - 5000. I've seen it higher
too. Some admins will open up 1024-65534 just in case. Review your firewall
logs to see what I mean.
Click to expand...

Right; as a rule of thumb, the firewall packet filtering should
allow the following:

src_address <local_ip>
src_port 1024-5000 (dynamic ports)
dst_address <any>
dst_port 53
protocol TCP _and_ UDP

btw such a firewall rule is needed if you use the default DNS
settings, otherwise you may use the "SendPort" entry in the
registry to specify the port used for external queries, in this
case the DNS will only use such a port and, instead of using
that 1024-5000 in the firewall rule you'll only need to add such
a "SendPort" (e.g. 5353); for more details see the MS DNS
documentation and in particular the DNS server registry keys

Regards

--

* ObiWan

DNS "fail-safe" for Windows 2000 and 9X clients.
http://ntcanuck.com

408 XP/2000 tweaks and tips
http://ntcanuck.com/tq/Tip_Quarry.htm
 
ObiWan said:
Right; as a rule of thumb, the firewall packet filtering should
allow the following:

src_address <local_ip>
src_port 1024-5000 (dynamic ports)
dst_address <any>
dst_port 53
protocol TCP _and_ UDP

btw such a firewall rule is needed if you use the default DNS
settings, otherwise you may use the "SendPort" entry in the
registry to specify the port used for external queries, in this
case the DNS will only use such a port and, instead of using
that 1024-5000 in the firewall rule you'll only need to add such
a "SendPort" (e.g. 5353); for more details see the MS DNS
documentation and in particular the DNS server registry keys

Regards
Click to expand...

I actually got that from NTCanuck when I emailed him about the same exact
topic!

Ace
 
In
ObiWan said:
Well, you got that from _me_ :-) although I wrote
through the "support" mail address <g>, but that's
not a problem, the important thing here is that we
have a solution for david :-) !!
Click to expand...

Ahh, that was you? Cool!
Sorry about that.
:-)

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
Back
Top