Re: SendPort

From: Sharad Naik (sharadnaik_at_nospam-vsnl.net)
Date: 08/28/04 

Date: Sat, 28 Aug 2004 23:46:03 +0530

If you want your DNS server should listen on port other than 53,
the best way would be to have a firewall or set up NAT,
and do port forwarding from 'what ever port you wish' to forward to
port 53 on the DNS server IP address.

If it is the other way round, that you want to make DNS server to listen
on other port and then set the firewall / NAT to forward port 53 to 'that
whaterver port'
on which the DNS servers is listening then what will you achieve with this?
It will be as good as the DNS server listening on port 53 as for as the
external queries are concerned.
Allyou can acheive is ' Full DNS access to people querrying from outsite
your LAN (internet)",
and "no access to your clients within your LAN"

And if this what your really want to protect (insiders are enimies and
outsiders are friends) then
any insider can happilly become an outsider simply by connecting to internet
directly (e.g. dial-up modem
or going to a NetCafe and querrying from there.)

OR if your DNS server hold some secret records which you want only certain
people 'who you will
tell what port to send querry on' then the better way to would be use a
host-file and un-install the DNS
server.

Sharad

"John" <anonymous@discussions.microsoft.com> wrote in message
news:1fa401c48d26$e1cd5360$a301280a@phx.gbl...
> Actually, I didnt know that, thanks. Is there anyway to
> control the port that the DNS server listens on then?
> >-----Original Message-----
> >You are clear that SendPort only controls outbound port
> >used for sending of UDP queries to other DNS servers,
> >right?
> >
> >--
> >Roger Abell
> >Microsoft MVP (Windows Server System: Security)
> >MCSE (W2k3,W2k,Nt4) MCDBA
> >"John" <anonymous@discussions.microsoft.com> wrote in
> message
> >news:1a4f01c48ca2$9dc4fda0$a601280a@phx.gbl...
> >> Hey, back in windows 2000 there was a registry
> parameter
> >> you could edit called SendPort that would change the
> >> default port (from 53) to what ever you specified. Does
> >> any one know what it is for the 2003 DNS server?
> >
> >
> >.
> >

Relevant Pages

  • Re: Just want to keep the crap out!!
    ... hardware NAT. ... Yes, because NAT is not a security feature, and never was intended for ... your computer wouldn't be listening anymore after the FIN. ... And that's on a high random port out of range of any listening services. ...
    (comp.security.firewalls)
  • Re: The connection was refused when trying to connect to ...
    ... > It does look as if they're listening normally. ... Port 80 is http and port ... > The problem has to be at the modem. ... > documentation under either NAT or Port Forwarding, ...
    (comp.os.linux.misc)
  • Re: can named listen to other port not 53 / some dnsmasq question.
    ... and how to make named listening to on a non-standard localnet address like 127.0.0.2 ... how to make the DNS Bind Name listen to other port e.g 54 instead of port 53 ?? ... Any one used DNSmasq before? ... DNSmasq can query the named DNS server and if the record is not ...
    (Fedora)
  • Re: Unknown svchost.exe DNS port 53 network activity
    ... activity on my router as well as my PC LAN connection icon in the tray. ... port 53 with a remote address of my ISP's DNS server. ... No traffic can come to the machine, unless you have opened the inbound port ... Svchost allows the communication between machines in a LAN or WAN situation. ...
    (comp.security.firewalls)
  • RE: problems receiving e-mail to my server redux
    ... I installed BIND on my Linux box and set it up to start at every ... > To: Ed McCorduck ... > run a dns server if you want things to work. ... > which implies that you are trying to use port 80 for your dns server. ...
    (RedHat)