Solved

Explanation of DNS requests

Posted on 2006-06-24
3
276 Views
Last Modified: 2010-03-18
I've had a problem with intermittent DNS through my ISP for some time.  I'm running my own DNS servers, which are nat'd behind a PIX 501 firewall along with the rest of my LAN.  Both servers have external IP addresses with static routes + access rules defined in the PIX.  At first I blamed my RHES server, which would lose DNS resolution where my Debian server did not, however as the primary server for the primary domain it would seem natural that the Redhat machine would get more requests than the Debian machine.  I have put the Redhat server outside the PIX and had no problem with DNS resolution, however the test period was brief, since I'm not running iptables on that machine.  At one point recently I lost DNS simultaneously on both servers (during these times I do not lose comms - I can ping external IP addresses from either server).   I decided to change the PIX log level to warning, and a pattern has emerged, which I copy below.
Explanatory notes:  
PIX inside interface: 192.168.0.1
PIX outside interface: 1.2.3.4
spn:  some port number, which appears to be random, such as 1217, 1220, 1392, 1401, 159, 179, 1, 36, 11, 1032, 14, 22, 34, etc.  

Jun 21 14:48:15 192.168.0.1 Jun 22 2006 13:24:40 pix : %PIX-4-106023: Deny udp src outside:65.216.72.15/53 dst inside:1.2.3.4/spn by access-group "acl_out"

Jun 22 15:47:10 192.168.0.1 Jun 22 2006 14:23:36 pix : %PIX-4-106023: Deny udp src outside:65.216.72.15/53 dst inside:1.2.3.4/spn by access-group "acl_out"

Jun 23 16:33:01 192.168.0.1 Jun 22 2006 15:09:26 pix : %PIX-4-106023: Deny udp src outside:204.0.99.15/53 dst inside:1.2.3.4/spn by access-group "acl_out"

Jun 24 17:43:02 192.168.0.1 Jun 22 2006 15:09:28 pix : %PIX-4-106023: Deny udp src outside:204.0.99.15/53 dst inside:1.2.3.4/spn by access-group "acl_out"

These DNS requests are blocked because I'm nat'd - as I understand it, DNS requests are supposed to be answered by Network Solutions where I'm registered.  So the PIX is probably not the culprit, but I was wondering why the frequent requests (about 25 per day) for DNS on such a wide range of destination ports.  I looked up the two requesting IPs and one belongs to UUNET, the other to NTT America (most of the requests originate from UUNET).


0
Comment
Question by:klukac
  • 2
3 Comments
 

Author Comment

by:klukac
ID: 16977346
Pls ignore the inconsistencies in the 2d date set (all 22 Jun) - I was trying to show a representative sample from the pix log file but obviously didn't finish my edit :(
0
 
LVL 51

Accepted Solution

by:
ahoffmann earned 250 total points
ID: 16977941
sounds like your PIX does not allow outdoing UDP with destination port 53 (DNS)
0
 

Author Comment

by:klukac
ID: 16979181
what was I thinking...thanks :)
0

Featured Post

Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Embeded Linux on Router 9 106
connect an Odroid to Windows PC via ethernet cable? 14 331
Linux : can't create transaction lock error 1 67
Remote desktop Ubuntu from Windows 10 5 65
I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…

832 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question