Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Explanation of DNS requests

Posted on 2006-06-24
3
Medium Priority
?
282 Views
Last Modified: 2010-03-18
I've had a problem with intermittent DNS through my ISP for some time.  I'm running my own DNS servers, which are nat'd behind a PIX 501 firewall along with the rest of my LAN.  Both servers have external IP addresses with static routes + access rules defined in the PIX.  At first I blamed my RHES server, which would lose DNS resolution where my Debian server did not, however as the primary server for the primary domain it would seem natural that the Redhat machine would get more requests than the Debian machine.  I have put the Redhat server outside the PIX and had no problem with DNS resolution, however the test period was brief, since I'm not running iptables on that machine.  At one point recently I lost DNS simultaneously on both servers (during these times I do not lose comms - I can ping external IP addresses from either server).   I decided to change the PIX log level to warning, and a pattern has emerged, which I copy below.
Explanatory notes:  
PIX inside interface: 192.168.0.1
PIX outside interface: 1.2.3.4
spn:  some port number, which appears to be random, such as 1217, 1220, 1392, 1401, 159, 179, 1, 36, 11, 1032, 14, 22, 34, etc.  

Jun 21 14:48:15 192.168.0.1 Jun 22 2006 13:24:40 pix : %PIX-4-106023: Deny udp src outside:65.216.72.15/53 dst inside:1.2.3.4/spn by access-group "acl_out"

Jun 22 15:47:10 192.168.0.1 Jun 22 2006 14:23:36 pix : %PIX-4-106023: Deny udp src outside:65.216.72.15/53 dst inside:1.2.3.4/spn by access-group "acl_out"

Jun 23 16:33:01 192.168.0.1 Jun 22 2006 15:09:26 pix : %PIX-4-106023: Deny udp src outside:204.0.99.15/53 dst inside:1.2.3.4/spn by access-group "acl_out"

Jun 24 17:43:02 192.168.0.1 Jun 22 2006 15:09:28 pix : %PIX-4-106023: Deny udp src outside:204.0.99.15/53 dst inside:1.2.3.4/spn by access-group "acl_out"

These DNS requests are blocked because I'm nat'd - as I understand it, DNS requests are supposed to be answered by Network Solutions where I'm registered.  So the PIX is probably not the culprit, but I was wondering why the frequent requests (about 25 per day) for DNS on such a wide range of destination ports.  I looked up the two requesting IPs and one belongs to UUNET, the other to NTT America (most of the requests originate from UUNET).


0
Comment
Question by:klukac
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 

Author Comment

by:klukac
ID: 16977346
Pls ignore the inconsistencies in the 2d date set (all 22 Jun) - I was trying to show a representative sample from the pix log file but obviously didn't finish my edit :(
0
 
LVL 51

Accepted Solution

by:
ahoffmann earned 1000 total points
ID: 16977941
sounds like your PIX does not allow outdoing UDP with destination port 53 (DNS)
0
 

Author Comment

by:klukac
ID: 16979181
what was I thinking...thanks :)
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
This course is ideal for IT System Administrators working with VMware vSphere and its associated products in their company infrastructure. This course teaches you how to install and maintain this virtualization technology to store data, prevent vuln…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Suggested Courses

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question