Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Sunday, April 9, 2017 4:04 PM | 1 vote
Hello,
I have a simple setup: DNS server (X.X.X.X) and a client. Client runs Windows 7.
I'm trying to resolve a name www.microsoft.com. using nslookup from the client as follows:
nslookup www.microsoft.com. X.X.X.X
and see the traffic with a sniffer. The queries are sent from the UDP port 53 to randomly selected UDP port (let's say 57995). Of course the server responds with ICMP port unreachable.
The issue is observed only for Internet FQDNs. I also have a local zone (.local.), and names from that zone are resolved correctly (queries go to UDP/53).
My question is: how is it possible that a client sends DNS queries FROM UDP/53 instead of sending them TO UDP/53?
Any help is appreciated.
All replies (5)
Monday, April 10, 2017 6:30 AM
Hi Andrey,
>>My question is: how is it possible that a client sends DNS queries FROM UDP/53 instead of sending them TO UDP/53?
As far as I know, this process is by design.
Here is article below about DNS port for your reference:
Network Ports Used by DNS
https://technet.microsoft.com/en-us/library/dd197515(v=ws.10).aspx
Best Regards
John
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Monday, April 10, 2017 7:25 AM | 1 vote
Hi John,
No, this is not by design. And you article proves that: "...all DNS queries are sent from a high-numbered source port (49152 or above) to destination port 53...".
In my case DNS queries are sent from a source port 53 to a high-numbered destination port (49152 or above).
Andrey.
Tuesday, April 11, 2017 2:11 AM
Hi Andrey,
>>In my case DNS queries are sent from a source port 53 to a high-numbered destination port (49152 or above).
DNS server send response to client by using port from 53 to a high-numbered port.
Could you please provide details of this issue to here for further troubleshooting?
Best Regards
John
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Monday, April 24, 2017 6:18 AM
Hi,
Just want to confirm the current situations.
Please feel free to let us know if you need further assistance.
Best Regards,
John
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Wednesday, November 13, 2019 1:16 AM
Hi John,
No, this is not by design. And you article proves that: "...all DNS queries are sent from a high-numbered source port (49152 or above) to destination port 53...".
In my case DNS queries are sent from a source port 53 to a high-numbered destination port (49152 or above).
Andrey.
Hi Andrey, I see this requirement too. Search Google (I can't post links) for this:
site:microsoft.com 179442 how-to-configure-a-firewall-for-domains-and-trusts