Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ACL for DNS zone transfer and querries

Hi,

I had an ACL for allowing DNS zone transfer and DNS queries to our DNS server that was allowing TCP/Domain and not UDP on port 53. I also must note that I didn't written that rule but inheritted it.

after I added another ACL and created a pool through PDM to allow UPD, Domain and port renge 53 to 53, the query started to work.

I was wondering if selecting TCP and Domian would do the trick by itself when it comes to PIX Firewalls?

Thx,

Masood

1 REPLY
Hall of Fame Super Silver

Re: ACL for DNS zone transfer and querries

Masood

While zone transfers use TCP most DNS querries use UDP. So I would expect that a rule selecting only TCP would not work.

HTH

Rick

264
Views
0
Helpful
1
Replies