12-19-2008 08:31 AM - edited 03-04-2019 12:46 AM
Hi,
I am running a 2821 Router running 12.4(23) and I am having some odd experiences with nat.
Basically i want the clients on one subnet to be natted for everything except DNS traffic.
The natting works correctly if im just testing basic nat. however when I add an access list it is inconsistent. I added an access list which has basically a deny statements matching any udp/tcp traffic on port 53 and a permit statement for all IP.
When i clear the nat translations and do an NSLookup on a client on the subnet the first few queries are not natted.However they then randomly start to be natted, and the translations shows udp translations on port 53
Anyone have any ideas.
regards
Miron
12-21-2008 04:32 AM
Hello Miron,
clients DNS queries are done on UDP port 53 only.
TCP port 53 is used for zone transfers between DNS servers.
Are you using an internal DNS server or your clients point directly to an ISP DNS ?
Hope to help
Giuseppe
12-22-2008 12:02 AM
Hey Giuseppe,
We are using an internal DNS Server. However the issue is not with DNS it is with the nating not being consistent.
Regards
Miron
12-22-2008 11:30 AM
can u share the ACL's u used and the relevant nat configs on the interfaces?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide