<html><body><div style="color:#000; background-color:#fff; font-family:times new roman, new york, times, serif;font-size:12pt"><div><span>Dear All,</span></div><div><span></span> </div><div><span> Thanks alot for helpming to identify the exact problem. Now my problem has been solved once i chang the source port from 53 to empherial port.</span></div><div><span></span> </div><div><span>Regards</span></div><div><span>Babudheen</span></div><div><br></div> <div style="font-family: times new roman, new york, times, serif; font-size: 12pt;"> <div style="font-family: times new roman, new york, times, serif; font-size: 12pt;"> <div dir="ltr"> <font size="2" face="Arial"> <div style="margin: 5px 0px; padding: 0px; border: 1px solid rgb(204, 204, 204); height: 0px; line-height: 0; font-size: 0px;" class="hr" contentEditable="false" readonly="true"></div> <b><span style="font-weight: bold;">From:</span></b> Matus UHLAR - fantomas
<uhlar@fantomas.sk><br> <b><span style="font-weight: bold;">To:</span></b> bind-users@lists.isc.org <br> <b><span style="font-weight: bold;">Sent:</span></b> Thursday, 22 March 2012 12:46 PM<br> <b><span style="font-weight: bold;">Subject:</span></b> Re: Name Resolution issue with one domain<br> </font> </div> <br>> On 21/03/2012 09:41, Matus UHLAR - fantomas wrote:<br>>> maybe the admin set that up to force local servers using random ports,<br>>> instead of 53, for outgoing requests. Nobody should use port 53 for<br>>> _ougtoing_ requests.<br><br>On 21.03.12 23:41, Anand Buddhdev wrote:<br>> You're wrong. A name server can use any source port from 1 up to 65535<br>> for an outgoing query, as long as that port is not in use by any other<br>> process on the system.<br><br>well, it _can_ but because ports < 1024 are undesrtood as privileged, it should not use them.<br><br>> In fact, up until Kaminsky's revelation,
many BIND servers used a fixed<br>> source port of 53.<br><br>yes, but because of Kaminsky's revelation, servers should not use that port anymore.<br><br>While it's of up to the the admin of resolving server, it's possible that FW admin at dubai airport had reason to block ports>1024. <br>Maybe they got attack from enabled chargen or echo UDP services from somewhere. We do not knot that. But we surely know that OP's nameservers use port 53 which they should not use...<br><br><br>-- Matus UHLAR - fantomas, <a href="mailto:uhlar@fantomas.sk" ymailto="mailto:uhlar@fantomas.sk">uhlar@fantomas.sk</a> ; <a href="http://www.fantomas.sk/" target="_blank">http://www.fantomas.sk/</a><br>Warning: I wish NOT to receive e-mail advertising to this address.<br>Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.<br>Posli tento mail 100 svojim znamim - nech vidia aky si idiot<br>Send this email to 100 your friends - let them see what an idiot you
are<br>_______________________________________________<br>Please visit <a href="https://lists.isc.org/mailman/listinfo/bind-users" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a> to unsubscribe from this list<br><br>bind-users mailing list<br><a href="mailto:bind-users@lists.isc.org" ymailto="mailto:bind-users@lists.isc.org">bind-users@lists.isc.org</a><br><a href="https://lists.isc.org/mailman/listinfo/bind-users" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a><br><br><br> </div> </div> </div></body></html>