cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1110
Views
4
Helpful
12
Replies

DNS queries from CUBE to ITSP only at UDP port

silvakizir
Level 1
Level 1

Hi.

I have a newly created SIP Trunk from Cisco Router 4321 acting as a CUBE with the ITSP provider.

The Router sends DNS requests to the ITSP at TCP port 53 but the provider accepts only requests at UDP port 53.

Does anyone know how can I control the ports used for the requests?

Thank you.

12 Replies 12

Not an answer to your actual question, but why do you need to use external or even the ITSP DNS servers? You can use any internal DNS servers that does forwarded lookups to external DNS services when the request is for an external located server/service. Just remember to change the binding for the interface used for DNS queries on the router.



Response Signature


The ITSP provider has some SBCs which are found/queried via DNS requests to their DNS Servers but their DNS Servers accept only UDP packets.

For the time being I have used the command "session server-group XXX" under the dial-peer where I have put the IPs of the ITSPs SBCs in the server group but the implementation must be done using their DNS Servers with the according command "session target dns:xxxx" under the dial-peer.

Hi,

Maybe you activated dns server on your router and using provider’s DNS as forwarder.

By default UDP is used for DNS queries while TCP for DNS zone transfer/updates

 

HTH

 

Regards

 

Carlo

Please rate all helpful posts "The more you help the more you learn"

I have done packet capture on the interface towards the ITSP where I can only see TCP DNS queries and not UDP and as a result the Router can't fetch any resolutions.

If you could share your running configuration, in an attached text file, we can help you verify your configuration. Do remove any sensitive information from your configuration before sharing it.



Response Signature


Bellow you can find the packet capture from the interface showing that the CUBE sends queries only via TCP protocol.

Also attached are the relative commands.

silvakizir_0-1709646163186.png

Nothing in your configuration reveals why the router would use TCP for name resolution. If I where to guess I would say that your likely hitting some defect in IOS. Have you run this by TAC and if so what do they say?



Response Signature


Hi again.

Just for your information below are the tests I did.

At the 4321 I upgraded to 3 different IOS but no matter what the only DNS queries sent at UDP port 53 where those to the LAN (LAN Configuration/Interface Without VRF). DNS queries to the ITSP through the VRF continued to be sent only as TCP.

I created vrfs at a lab 4321 Router and the DNS queries where sent successfully to my DNS Server via UDP port 53.

Probably I will leave the configuration in the dial-peer with the "session server-group XXX" command as I don't know how can I troubleshoot it anymore.

Anyhow thanks for your help.

Thanks for the update. I think that it could be worth the effort to work on this with TAC to get their input on this. From the sound of what you shared it would seem like name resolution via a VRF would use TCP instead of UDP. Would be good to have that verified by TAC.



Response Signature


Not related to DNS name resolution, but you might want to change the session target dns command to this "session target dns:sbcs.itsp.aabb:5060" to have it not first do a SRV lockup and then the A-AAAA lookup.

image.png

Taken from this document. Cisco Unified Border Element Configuration Guide Through Cisco IOS XE 17.5 - Chapter: SIP RFC 2782 Compliance with DNS SRV Queries  



Response Signature


With the same exact configuration I sent you in the show run file (apart from the VRF components) I did the same test with a 4331 Router with different IOS than mine and the queries were sent in UDP and were also answered from the ITSP.

First the Router did a SRV query and got an answer and then a A record query and got an answer.

I will upgrade the IOS and I will inform you with the results.

Thank you.

 

 

Steven L
Spotlight
Spotlight

https://www.infoblox.com/dns-security-resource-center/dns-security-faq/is-dns-tcp-or-udp-port-53/

I believe the trend is to use TCP. Services like Cisco Umbrella require it