centrepc
asked on
Public DNS Servers Behind a Firewall
What ports need to be forwarded through a pix to be able to have dns servers on a private ip instead of a public and still work. I have tried port 53 and it doesn't seem to be enough.
This is probably fairly easy but it worth 500 points due to the urgency!!!!
My dns servers are slammed with bugs from having public IPs
This is probably fairly easy but it worth 500 points due to the urgency!!!!
My dns servers are slammed with bugs from having public IPs
PsiCop
What is the DNS server software? If you're using BIND, you need to configure it to use only port 53.
Umm, port 53 using what? Normal DNS uses UDP not TCP.
port 53/UDP for standard DNS queries
port 53/TCP for DNS zone transfers
port 53/TCP for DNS zone transfers
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
as somebody told before 53/udp and 53/tcp should be enough
ASKER
Thanks to all for the quick responses. I will try the suggestions later tonight when the server can be down for a few minutes.
To answer a couple of your questions.
I am running 2000 server dns. I think when I first tried to forward port 53 it was only tcp and udp. That may have been the problem.
Someone told me that dns can randomly change ports that it communicates on. Can this be even close to being true. How would it work if there isn't a standard port.
Thanks again for the help
To answer a couple of your questions.
I am running 2000 server dns. I think when I first tried to forward port 53 it was only tcp and udp. That may have been the problem.
Someone told me that dns can randomly change ports that it communicates on. Can this be even close to being true. How would it work if there isn't a standard port.
Thanks again for the help
every dns query come to 53/udp port and zone tranfer comes to 53/tcp port
maybe You have something blocked/blackilted on Your firewall ?
maybe You have something blocked/blackilted on Your firewall ?
Your PIX also has a dns fixup enabled. You may have to increase the default size from 512 to 1024
unless you are a Primay DNS and have a secondary DNS outside the PIX, you should not be allowing any zone transfers - ever. All you should need is UDP/53
How old is your PIX OS version?
unless you are a Primay DNS and have a secondary DNS outside the PIX, you should not be allowing any zone transfers - ever. All you should need is UDP/53
How old is your PIX OS version?