Opening a DNS port

  • Thread starter Thread starter John Smith
  • Start date Start date
J

John Smith

hi all,

i was tasked to open up dns port 53 to service dns resolution and everything
is fine except when i was about to assign the name service in the registrar
it indicates that there's no connection available. when i ran port scan, the
scan indicates this particular computer as having a "healthy" configuration
as there's no responses received when probed on various ports. so i tested
another port opening (80) to ensure that data packets actually go into those
opened ports (now 53 & 80) and sure enough i'm getting a page on my browser
which indicates that i did the port opening on both 53 & 80 correctly. after
this test i've disabled 80 again.

perhaps the registrar also did a scan specifically on port 53 to check but
didn't receive any response (like the port scan/probing). so the question
is: how do i let just the port 53 respond to a ping or icmp or any sort or
probing?

much thanks for any assistance you can give.
regards,
`js.
 
Make sure you have both TCP & UDP port open

DNS Administration TCP:139
DNS Resolution UDP:53
DNS Zone Transfer TCP:53
 
yep. they're open. i missed 139 but now it's also opened. still no dice. :(
and thank you still.
 
Well, your 139 is not really needed for proper DNS operation as it is an administrative
port. With both TCP 53 & UDP 53 open you DNS should work fine.
Since it dosen't I'd look into things that may prevent it's operation.
1) is there a virus or a trojan on this box? (even if it has been removed
recently it may created some problems that are left behind)
2) is there additional firewall running on this box?
(you may have port filtering set under your NIC's settings and you may
have NAV's firewall preventing access to it)
3) is there port filtering setup on your router or upstream router? (for
at least 2-3 years with all the attacks through port 135 many providers are
blocking ports on their routers and 53 may be one of them)


If all fails I'd substitude a known good running box and take it from there
- see if it is the box itself.

Have fun :-)
 
Also remember that DNS queries don't source on port 53, so you need any ->
53 and 53 -> any.

....kurt
 
Thanks gang. I haven't found an exact solution yet, so for now I rented an
external DNS service for my boss at least for another 12 months (kinda
cheated to buy me time) :) I'd rather pay for it myself (shhh) now while
trying to really figure out what's going on. Thank you still for all the
input.
 
Back
Top