UDP packet/DNS server

Matthew_Petach2 · September 28, 1998, 4:11am

Hello Nanog,

I am trying get zone trasfer from a host, but it seems that because of
firewals?, I can not get any record.
They acknowelged that there is a host behind the firewalls but they claim
it should not affect it. (I don't believe it.)
But I don't know how to check/prove that if certain host can
receive/send an UDP packet.

Zone transfers are handled via TCP, not UDP. See if you
can telnet to port 51 on their nameserver; if you can't
get a connection established, you won't be able to do
a zone transfer.

TIA,
Tatsuya

Matt

Megatron · September 28, 1998, 4:34am

>
> Hello Nanog,
>
> I am trying get zone trasfer from a host, but it seems that because of
> firewals?, I can not get any record.
> They acknowelged that there is a host behind the firewalls but they claim
> it should not affect it. (I don't believe it.)
> But I don't know how to check/prove that if certain host can
> receive/send an UDP packet.

Zone transfers are handled via TCP, not UDP. See if you
can telnet to port 51 on their nameserver; if you can't
get a connection established, you won't be able to do
a zone transfer.

I think you mean port 53. This is both TCP and UDP. I thought DNS
used both TCP and UDP. Thus firewall that is blocking UDP traffic will
cause zone updates to fail.

name 42/udp nameserver
whois 43/tcp nicname # usually to sri-nic
domain 53/tcp
domain 53/udp

Cheers

Mathias_Koerber1 · September 28, 1998, 4:38am

Date: Sun, 27 Sep 1998 21:11:32 -0700 (PDT)
From: Matthew Petach <mpetach@netflight.com>
To: Tatsuya Kawasaki <tatsuya@giganet.net>
Cc: nanog@merit.edu
Subject: Re: UDP packet/DNS server

>
> Hello Nanog,
>
> I am trying get zone trasfer from a host, but it seems that because of
> firewals?, I can not get any record.
> They acknowelged that there is a host behind the firewalls but they claim
> it should not affect it. (I don't believe it.)
> But I don't know how to check/prove that if certain host can
> receive/send an UDP packet.

Zone transfers are handled via TCP, not UDP. See if you
can telnet to port 51 on their nameserver; if you can't

That's port 53...

get a connection established, you won't be able to do
a zone transfer.

> TIA,
> Tatsuya

Matt

Mathias Koerber | Tel: +65 / 471 9820 | mathias@staff.singnet.com.sg
SingNet NOC | Fax: +65 / 475 3273 | mathias@koerber.org
Q'town Tel. Exch. | PGP: Keyid: 768/25E082BD, finger mathias@singnet.com.sg
2 Stirling Rd | 1A 8B FC D4 93 F1 9A FC BD 98 A3 1A 0E 73 01 65
S'pore 148943 | Disclaimer: I speak only for myself
* Eifersucht ist eine Leidenschaft, die mit Eifer sucht, was Leiden schafft *

Aaron_Goldblatt · September 29, 1998, 10:19pm

I think you mean port 53. This is both TCP and UDP. I thought DNS
used both TCP and UDP. Thus firewall that is blocking UDP traffic will
cause zone updates to fail.
name 42/udp nameserver
whois 43/tcp nicname # usually to sri-nic
domain 53/tcp
domain 53/udp

Queries are done via UDP; zone transfers are always fully TCP.

ag