SOLVED! (was: Re: How do I disable high ports?)

Mark admin at
Wed Jan 29 03:11:33 UTC 2003

<phn at> wrote in message
news:b16mae$pfa$1 at

> Older firewall admins have been observed to think that dns traffic
> is from port 53 to port 53. That is wrong.

I am happy to report that the issue is resolved now. :) A decent chap on a
FreeBSD mailing list had the answer.

Upon further investigation, it appears a faulty router caused outgoing NAT
packets to not always keep the same port. Hence, causing UDP domain packets
with a destination port of 53 to be replaced with a random higher port.
Although many DNS servers picked up on the alternate port anyway, several
did not (and rightly so).

P.S. I am not THAT old. :)

- Mark

More information about the bind-users mailing list