|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Bronek Kozicki (brok
rubikon.pl)Date: Mon Feb 04 2002 - 10:29:44 CST
Monday, February 04, 2002, 2:14:39 PM, you wrote:
> I've enabled TCP/IP filtering on a W2KAS IIS server. As a result, the
> server can no longer use DNS (as a client). According to MSKB Q309798,
> "TCP/IP Filtering can filter only inbound traffic. This feature does not
UDP response IS always "incoming traffic" ... that's because it's datagram
based. There's no "connection" in DNS query/response cycle, so there is
no "direction" too. Effectively IP filtering will disable all DNS replies,
unless you allow all UDP.
There's workarond, though. You can install DNS locally (caching only) and
this DNS is supposed to forward queries (to the real world DNS servers)
from 53 port only (both types: UDP and TCP, depending on size of query).
Effectivelly all response will come to 53 port only, not some random high
port as with built-in DNS client resolver. I tried this trick long time
ago with WinNT 4.0 Wrkst and free Bind version for WinNT, it worked like
a charm.
Kind regards
B.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]