Solved

NSLOOKUP with IP filter enabled

Posted on 1998-08-21
6
1,750 Views
Last Modified: 2013-12-23
What port number is NSLOOKUP on NT4 using?
I have enabled the IP security and enabled Port 53 (DNS) for UDP. But any NSLOOKUP is timing out. When I enable all UDP Ports, the request is done (of course).

Which UDP Port has I to enable too?
0
Comment
Question by:PeterNeff
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
6 Comments
 
LVL 37

Expert Comment

by:bbao
ID: 1560978
Either TCP and UDP all use port 53 as its DNS port, certainly NSLOOKUP uses this port.
0
 

Author Comment

by:PeterNeff
ID: 1560979
I've written, I have enabled Port 53. But NSLOOKUP (and also PING and TRACERT) use another port to call the DNS Server.
On the Server where the DNS is running, Port 53 is fine. but not on the Computer which is calling the DNS Server.
0
 
LVL 37

Expert Comment

by:bbao
ID: 1560980
Which port NSLOOKUP uses to call DNS server?
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 5

Accepted Solution

by:
heiko earned 100 total points
ID: 1560981
bbao is right about DNS port,
but you have to enable more then only UDP(53). because of client is using a dynamicly assigned port above 1024 to query. Only server is always using UDP(53).
so you have to enable

UDP(>1024) <--> UDP(53)
UDP(53)    <--> UDP(>1024)

for PING and TRACERT you need in addition ICMP.

thats all

Heiko
0
 

Author Comment

by:PeterNeff
ID: 1560982
I enabled now UDP Ports 1024 - 1030 and now, the DNS Request is made.

How can I controll, which Ports are dynamicly allocated?
What is the rule of the port-allocation?
0
 
LVL 5

Expert Comment

by:heiko
ID: 1560983
there is no way to control port dynamicaly assigned to client.

the range of 1024-1030 is not large enough. the range is valid from 1024 to 65535 depending on open connections and sessions.

the rule for assignement is to get next unused port above 1024.
so normaly you will get a port less then 2000. some implementations are using next port above 1024 and highest used port until 65535 is reached. so you have much higher numbers.

NT is using 1. implementation. so you can limit to 2000 mostly.

0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

FIPS stands for the Federal Information Processing Standardisation and FIPS 140-2 is a collection of standards that are generically associated with hardware and software cryptography. In most cases, people can refer to this as the method of encrypti…
Greetings, Experts! First let me state that this website is top notch. I thoroughly enjoy the community that is shared here; those seeking help and those willing to sacrifice their time to help. It is fantastic. I am writing this article at th…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question