• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1792
  • Last Modified:

NSLOOKUP with IP filter enabled

What port number is NSLOOKUP on NT4 using?
I have enabled the IP security and enabled Port 53 (DNS) for UDP. But any NSLOOKUP is timing out. When I enable all UDP Ports, the request is done (of course).

Which UDP Port has I to enable too?
0
PeterNeff
Asked:
PeterNeff
  • 2
  • 2
  • 2
1 Solution
 
bbaoIT ConsultantCommented:
Either TCP and UDP all use port 53 as its DNS port, certainly NSLOOKUP uses this port.
0
 
PeterNeffAuthor Commented:
I've written, I have enabled Port 53. But NSLOOKUP (and also PING and TRACERT) use another port to call the DNS Server.
On the Server where the DNS is running, Port 53 is fine. but not on the Computer which is calling the DNS Server.
0
 
bbaoIT ConsultantCommented:
Which port NSLOOKUP uses to call DNS server?
0
Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

 
heikoCommented:
bbao is right about DNS port,
but you have to enable more then only UDP(53). because of client is using a dynamicly assigned port above 1024 to query. Only server is always using UDP(53).
so you have to enable

UDP(>1024) <--> UDP(53)
UDP(53)    <--> UDP(>1024)

for PING and TRACERT you need in addition ICMP.

thats all

Heiko
0
 
PeterNeffAuthor Commented:
I enabled now UDP Ports 1024 - 1030 and now, the DNS Request is made.

How can I controll, which Ports are dynamicly allocated?
What is the rule of the port-allocation?
0
 
heikoCommented:
there is no way to control port dynamicaly assigned to client.

the range of 1024-1030 is not large enough. the range is valid from 1024 to 65535 depending on open connections and sessions.

the rule for assignement is to get next unused port above 1024.
so normaly you will get a port less then 2000. some implementations are using next port above 1024 and highest used port until 65535 is reached. so you have much higher numbers.

NT is using 1. implementation. so you can limit to 2000 mostly.

0

Featured Post

[Webinar] Kill tickets & tabs using PowerShell

Are you tired of cycling through the same browser tabs everyday to close the same repetitive tickets? In this webinar JumpCloud will show how you can leverage RESTful APIs to build your own PowerShell modules to kill tickets & tabs using the PowerShell command Invoke-RestMethod.

  • 2
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now