port fowarding for DNS - Networking

This is a discussion on port fowarding for DNS - Networking ; I am running BIND on a Linux box on my home LAN. To make it accessible from the Internet, I need to use port forwarding at the Dell Truemobiled 2300 router. I can't tell from http://www.iana.org/assignments/port-numbers what port(s) DNS uses. ...

+ Reply to Thread
Results 1 to 13 of 13

Thread: port fowarding for DNS

  1. port fowarding for DNS

    I am running BIND on a Linux box on my home LAN. To make it
    accessible from the Internet, I need to use port forwarding at the
    Dell Truemobiled 2300 router.

    I can't tell from http://www.iana.org/assignments/port-numbers what
    port(s) DNS uses.

    Can anyone tell me?

    Thanks.

    Vwaju
    New York City

  2. Re: port fowarding for DNS

    Am Tue, 14 Oct 2008 11:04:34 -0700 schrieb Vwaju:

    > I am running BIND on a Linux box on my home LAN. To make it
    > accessible from the Internet, I need to use port forwarding at the
    > Dell Truemobiled 2300 router.
    >
    > I can't tell from http://www.iana.org/assignments/port-numbers what
    > port(s) DNS uses.
    >
    > Can anyone tell me?


    udp/53

  3. Re: port fowarding for DNS

    Vwaju writes:

    > I am running BIND on a Linux box on my home LAN. To make it
    > accessible from the Internet, I need to use port forwarding at the
    > Dell Truemobiled 2300 router.
    >
    > I can't tell from http://www.iana.org/assignments/port-numbers what
    > port(s) DNS uses.


    From the page you cite:

    domain 53/tcp Domain Name Server
    domain 53/udp Domain Name Server

  4. Re: port fowarding for DNS

    On Oct 14, 2:16*pm, Burkhard Ott wrote:
    > Am Tue, 14 Oct 2008 11:04:34 -0700 schrieb Vwaju:
    >
    > > I am running BIND on a Linux box on my home LAN. *To make it
    > > accessible from the Internet, I need to use port forwarding at the
    > > Dell Truemobiled 2300 router.

    >
    > > I can't tell fromhttp://www.iana.org/assignments/port-numberswhat
    > > port(s) DNS uses.

    >
    > > Can anyone tell me?

    >
    > udp/53


    Thank you!

    Is there a TCP port as well, or is DNS connectionless?

    Best Regards,

    Vwaju
    New York City

  5. Re: port fowarding for DNS

    In news:fd6aa18d-a957-4f5e-bb52-51123b06f350@q26g2000prq.googlegroups.com,
    Vwaju typed:

    > I can't tell from http://www.iana.org/assignments/port-numbers what
    > port(s) DNS uses.


    Didn't spend any time looking, did you? It tells you the same as

    grep domain /etc/services

    tells you.



  6. Re: port fowarding for DNS

    On October 14, 2008 14:57, in comp.os.linux.networking, Vwaju
    (lou@manhattanhandyman.com) wrote:

    > On Oct 14, 2:16*pm, Burkhard Ott wrote:
    >> Am Tue, 14 Oct 2008 11:04:34 -0700 schrieb Vwaju:
    >>
    >> > I am running BIND on a Linux box on my home LAN. *To make it
    >> > accessible from the Internet, I need to use port forwarding at the
    >> > Dell Truemobiled 2300 router.

    >>
    >> > I can't tell fromhttp://www.iana.org/assignments/port-numberswhat
    >> > port(s) DNS uses.

    >>
    >> > Can anyone tell me?

    >>
    >> udp/53

    >
    > Thank you!
    >
    > Is there a TCP port as well, or is DNS connectionless?


    DNS uses both UDP port 53 /and/ TCP port 53.

    Primarily, DNS uses UDP, but if the query or the response is too big for a
    single UDP datagram, DNS uses TCP to transfer the details.

    --
    Lew Pitcher

    Master Codewright & JOAT-in-training | Registered Linux User #112576
    http://pitcher.digitalfreehold.ca/ | GPG public key available by request
    ---------- Slackware - Because I know what I'm doing. ------



  7. Re: port fowarding for DNS

    On Oct 14, 3:23*pm, "b.jeswine" wrote:
    > Innews:fd6aa18d-a957-4f5e-bb52-51123b06f350@q26g2000prq.googlegroups.com,
    > Vwaju typed:
    >
    > > I can't tell fromhttp://www.iana.org/assignments/port-numberswhat
    > > port(s) DNS uses.

    >
    > Didn't spend any time looking, did you? It tells you the same as
    >
    > * * grep domain /etc/services
    >
    > tells you.


    Actually, I searched http://www.iana.org/assignments/port-numbers for
    "dns", but not for "Domain Name Server". Oops.

    About /etc/services, I did not know.

    Sorry for wasting your time.

  8. Re: port fowarding for DNS

    On Tue, 14 Oct 2008 15:34:05 -0400, Lew Pitcher wrote:

    >On October 14, 2008 14:57, in comp.os.linux.networking, Vwaju
    >(lou@manhattanhandyman.com) wrote:
    >
    >> On Oct 14, 2:16*pm, Burkhard Ott wrote:
    >>> Am Tue, 14 Oct 2008 11:04:34 -0700 schrieb Vwaju:
    >>>
    >>> > I am running BIND on a Linux box on my home LAN. *To make it
    >>> > accessible from the Internet, I need to use port forwarding at the
    >>> > Dell Truemobiled 2300 router.
    >>>
    >>> > I can't tell fromhttp://www.iana.org/assignments/port-numberswhat
    >>> > port(s) DNS uses.
    >>>
    >>> > Can anyone tell me?
    >>>
    >>> udp/53

    >>
    >> Thank you!
    >>
    >> Is there a TCP port as well, or is DNS connectionless?

    >
    >DNS uses both UDP port 53 /and/ TCP port 53.
    >
    >Primarily, DNS uses UDP, but if the query or the response is too big for a
    >single UDP datagram, DNS uses TCP to transfer the details.


    I thought 53/tcp was for zone transfers? (Yes, a large response).

    Grant.

  9. Re: port fowarding for DNS

    Vwaju writes:

    > On Oct 14, 2:16*pm, Burkhard Ott wrote:
    >> Am Tue, 14 Oct 2008 11:04:34 -0700 schrieb Vwaju:
    >>
    >> > I am running BIND on a Linux box on my home LAN. *To make it
    >> > accessible from the Internet, I need to use port forwarding at the
    >> > Dell Truemobiled 2300 router.

    >>
    >> > I can't tell fromhttp://www.iana.org/assignments/port-numberswhat
    >> > port(s) DNS uses.

    >>
    >> > Can anyone tell me?

    >>
    >> udp/53

    >
    > Thank you!
    >
    > Is there a TCP port as well, or is DNS connectionless?


    It is connectionless (and the protocol it uses is specifally UDP).
    But there's a long-standing tradition to allocate UDP-TCP ports in
    pairs to avoid confusion.

  10. Re: port fowarding for DNS

    On October 14, 2008 16:28, in comp.os.linux.networking, Grant
    (g_r_a_n_t_@bugsplatter.id.au) wrote:

    > On Tue, 14 Oct 2008 15:34:05 -0400, Lew Pitcher
    > wrote:
    >
    >>On October 14, 2008 14:57, in comp.os.linux.networking, Vwaju
    >>(lou@manhattanhandyman.com) wrote:
    >>
    >>> On Oct 14, 2:16*pm, Burkhard Ott wrote:
    >>>> Am Tue, 14 Oct 2008 11:04:34 -0700 schrieb Vwaju:
    >>>>
    >>>> > I am running BIND on a Linux box on my home LAN. *To make it
    >>>> > accessible from the Internet, I need to use port forwarding at the
    >>>> > Dell Truemobiled 2300 router.
    >>>>
    >>>> > I can't tell fromhttp://www.iana.org/assignments/port-numberswhat
    >>>> > port(s) DNS uses.

    [snip]
    >>DNS uses both UDP port 53 /and/ TCP port 53.
    >>
    >>Primarily, DNS uses UDP, but if the query or the response is too big for a
    >>single UDP datagram, DNS uses TCP to transfer the details.

    >
    > I thought 53/tcp was for zone transfers? (Yes, a large response).


    I'm no DNS expert, so I bow to various expert authors for answers like
    these. In "TCP/IP Illustrated - Volume 1 - The Protocols" by the late W..
    Richard Stevens, in chapter 14 ("DNS: The Domanin Name System"), section
    14.8 ("UDP or TCP"), Richard Stevens says
    "When the resolver issues a query and the response comes back with the TC
    bit set ("truncated") it means the size of the response exceeded 512
    bytes, so only the first 512 bytes were returned by the server. The
    resolver normally issues the request again, using TCP. This allows more
    than 512 bytes to be returned."

    I notice that a DNS request can ask for all records associated with a domain
    name. If the DNS server tries to return /all/ the records (A, multiple NS,
    multiple CNAME, large HINFO, multiple MX, etc), then the response size can
    easily exceed the 512 octet limit. This sort of request would be a legal
    DNS query that is not a zone transfer.

    --
    Lew Pitcher

    Master Codewright & JOAT-in-training | Registered Linux User #112576
    http://pitcher.digitalfreehold.ca/ | GPG public key available by request
    ---------- Slackware - Because I know what I'm doing. ------



  11. Re: port fowarding for DNS

    On Tue, 14 Oct 2008 17:34:46 -0400, Lew Pitcher wrote:

    >On October 14, 2008 16:28, in comp.os.linux.networking, Grant
    >(g_r_a_n_t_@bugsplatter.id.au) wrote:

    ....
    >> I thought 53/tcp was for zone transfers? (Yes, a large response).

    >
    >I'm no DNS expert, so I bow to various expert authors for answers like
    >these. In "TCP/IP Illustrated - Volume 1 - The Protocols" by the late W.
    >Richard Stevens, in chapter 14 ("DNS: The Domanin Name System"), section
    >14.8 ("UDP or TCP"), Richard Stevens says
    > "When the resolver issues a query and the response comes back with the TC
    > bit set ("truncated") it means the size of the response exceeded 512
    > bytes, so only the first 512 bytes were returned by the server. The
    > resolver normally issues the request again, using TCP. This allows more
    > than 512 bytes to be returned."
    >
    >I notice that a DNS request can ask for all records associated with a domain
    >name. If the DNS server tries to return /all/ the records (A, multiple NS,
    >multiple CNAME, large HINFO, multiple MX, etc), then the response size can
    >easily exceed the 512 octet limit. This sort of request would be a legal
    >DNS query that is not a zone transfer.


    Okay, checks firewall log...

    root@deltree:~# zgrep JLEutkay /var/log/messages.1.gz| grep PROTO=TCP| \
    grep "DPT=53 "| wc -l
    52

    That's per week from here, I don't log the outgoing 53/udp.

    Never noticed it before

    Grant.
    --
    http://bugsplatter.id.au

  12. Re: port fowarding for DNS

    Vwaju wrote:

    > I am running BIND on a Linux box on my home LAN. To make it
    > accessible from the Internet, I need to use port forwarding at the
    > Dell Truemobiled 2300 router.
    >
    > I can't tell from http://www.iana.org/assignments/port-numbers what
    > port(s) DNS uses.
    >
    > Can anyone tell me?
    >
    > Thanks.
    >
    > Vwaju
    > New York City


    grep domain /etc/services
    domain 53/tcp # name-domain server
    domain 53/udp


  13. Re: port fowarding for DNS

    Joe Pfeiffer writes:

    > Vwaju writes:
    >
    >> On Oct 14, 2:16*pm, Burkhard Ott wrote:
    >>> Am Tue, 14 Oct 2008 11:04:34 -0700 schrieb Vwaju:
    >>>
    >>> > I am running BIND on a Linux box on my home LAN. *To make it
    >>> > accessible from the Internet, I need to use port forwarding at the
    >>> > Dell Truemobiled 2300 router.
    >>>
    >>> > I can't tell fromhttp://www.iana.org/assignments/port-numberswhat
    >>> > port(s) DNS uses.
    >>>
    >>> > Can anyone tell me?
    >>>
    >>> udp/53

    >>
    >> Thank you!
    >>
    >> Is there a TCP port as well, or is DNS connectionless?

    >
    > It is connectionless (and the protocol it uses is specifally UDP).
    > But there's a long-standing tradition to allocate UDP-TCP ports in
    > pairs to avoid confusion.


    Following up my own post (sorry), after seeing Lew's answer I checked
    and RFC 1035 does permit DNS to use either UDP or TCP for queries
    (something I never knew before -- as you can see from my previous
    answer, I thought it only used UDP); as Lew said, it uses TCP for zone
    transfers.

+ Reply to Thread