Solved

NSLOOKUP with IP filter enabled

Posted on 1998-08-21
6
1,755 Views
Last Modified: 2013-12-23
What port number is NSLOOKUP on NT4 using?
I have enabled the IP security and enabled Port 53 (DNS) for UDP. But any NSLOOKUP is timing out. When I enable all UDP Ports, the request is done (of course).

Which UDP Port has I to enable too?
0
Comment
Question by:PeterNeff
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
6 Comments
 
LVL 37

Expert Comment

by:bbao
ID: 1560978
Either TCP and UDP all use port 53 as its DNS port, certainly NSLOOKUP uses this port.
0
 

Author Comment

by:PeterNeff
ID: 1560979
I've written, I have enabled Port 53. But NSLOOKUP (and also PING and TRACERT) use another port to call the DNS Server.
On the Server where the DNS is running, Port 53 is fine. but not on the Computer which is calling the DNS Server.
0
 
LVL 37

Expert Comment

by:bbao
ID: 1560980
Which port NSLOOKUP uses to call DNS server?
0
Salesforce Has Never Been Easier

Improve and reinforce salesforce training & adoption using WalkMe's digital adoption platform. Start saving on costly employee training by creating fast intuitive Walk-Thrus for Salesforce. Claim your Free Account Now

 
LVL 5

Accepted Solution

by:
heiko earned 100 total points
ID: 1560981
bbao is right about DNS port,
but you have to enable more then only UDP(53). because of client is using a dynamicly assigned port above 1024 to query. Only server is always using UDP(53).
so you have to enable

UDP(>1024) <--> UDP(53)
UDP(53)    <--> UDP(>1024)

for PING and TRACERT you need in addition ICMP.

thats all

Heiko
0
 

Author Comment

by:PeterNeff
ID: 1560982
I enabled now UDP Ports 1024 - 1030 and now, the DNS Request is made.

How can I controll, which Ports are dynamicly allocated?
What is the rule of the port-allocation?
0
 
LVL 5

Expert Comment

by:heiko
ID: 1560983
there is no way to control port dynamicaly assigned to client.

the range of 1024-1030 is not large enough. the range is valid from 1024 to 65535 depending on open connections and sessions.

the rule for assignement is to get next unused port above 1024.
so normaly you will get a port less then 2000. some implementations are using next port above 1024 and highest used port until 65535 is reached. so you have much higher numbers.

NT is using 1. implementation. so you can limit to 2000 mostly.

0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Downtime reduced, data recovered by utilizing an Experts Exchange Business Account Challenge The United States Marine Corps employs more than 200,000 active-duty Marines with operations in four continents, all requiring complex networking system…
This article is in response to a question (http://www.experts-exchange.com/Networking/Network_Management/Network_Analysis/Q_28230497.html) here at Experts Exchange. The Original Poster (OP) requires a utility that will accept a list of IP addresses …
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question