SOLVED! (was: Re: How do I disable high ports?)
admin at asarian-host.net
Wed Jan 29 03:11:33 UTC 2003
<phn at icke-reklam.ipsec.nu> wrote in message
news:b16mae$pfa$1 at nyheter.crt.se...
> Older firewall admins have been observed to think that dns traffic
> is from port 53 to port 53. That is wrong.
I am happy to report that the issue is resolved now. :) A decent chap on a
FreeBSD mailing list had the answer.
Upon further investigation, it appears a faulty router caused outgoing NAT
packets to not always keep the same port. Hence, causing UDP domain packets
with a destination port of 53 to be replaced with a random higher port.
Although many DNS servers picked up on the alternate port anyway, several
did not (and rightly so).
P.S. I am not THAT old. :)
More information about the bind-users