Document toolboxDocument toolbox

Specifying Port Settings for DNS

Owned by Aliaksei Shautsou (Deactivated)
Last updated: May 25, 2017 by Arkadi_Bourkov
4 min read

When requesting zone transfers from the primary server, some secondary DNS servers use the source port number (the primary server used to send the notify message) as the destination port number in the zone transfer request. If the primary server uses a random source port number when sending the notify message—that the secondary server then uses as the destination port number when requesting a zone transfer—zone transfers can fail if there is an intervening firewall blocking traffic to the destination port number.
Specifying a source port number for recursive queries ensures that a firewall allows the response. If you do not specify a source port number, the NIOS appliance sends these messages from a random port number. You can also specify a source for the DNS Traffic Control health check.
When performing recursive queries, the NIOS appliance uses a random source port number above 1024 by default. The queried server responds using the source port number in the query as the destination port number in its response. If there is an intervening firewall that does not perform stateful inspection and blocks incoming traffic to the destination port number, the recursive query fails.
You can specify a source port number for notify messages to ensure the firewall allows the zone transfer request from the secondary server to the primary server. If you do not specify a source port number, the NIOS appliance sends messages from a random port number above 1024.
You can limit If you have configured anycast and non-anycast IP addresses on the loopback interface, you must enable the appliance to provide DNS services on them. You can also configure the appliance to listen for DNS queries on a specific IP address that you configure on the loopback interface, by separating the source port for DNS queries from the port for notify messages and zone transfer requests. For information about the loopback interface and anycast addressing, see Using the Loopback Interface.
You can specify the source address settings for a Grid member and for DNS views assigned to a Grid member. Note that you can specify the source address settings for only specific DNS views that contain zones that are assigned to a Grid member. The static source port values for DNS views are inherited from the Member DNS properties.

Specifying Source Ports

To specify port numbers and settings for queries, notify messages and zone transfer requests for a Grid member or DNS view assigned to a Grid member:

  1. Member: From the Data Management tab, select the DNS tab and click the Members tab -> member check box -> Edit icon.
    DNS view: From the Data Management tab, select the DNS tab and click the Members tab -> member check box -> Edit icon.
  2. In the editor, click Toggle Advanced Mode.
  3. Member: When the additional tabs appear, click the Advanced subtab of the General tab. DNS View: When the additional tabs appear, click the Advanced subtab of the DNS Views tab.
  4. You can change the port settings as follows:
    • Listen on these additional IP addresses: Click the Add icon to add an anycast or non-anycast address you configure on the loopback or VLAN interface. You must add all IP addresses you configure on the loopback or VLAN interface so the appliance can provide DNS services on them. Adding source ports for listening supports both IPv4 and IPv6 interfaces. For information about adding IP addresses on the loopback interface, see Using the Loopback Interface.
    • Send queries from: If you want to improve the DNS service performance, you can separate the DNS queries from the notify messages and zone transfer requests. Select a value from the drop-down list to select an interface name: VIP, MGMT, LAN2, ANY, IP.
      • IP Address: This is displayed only when you select IP from the drop-down list. Specify the IP address of the source.
    • Send notify messages and zone transfer requests from : From the drop-down list, select the source port of the notify messages and zone transfer requests that the Grid member sends. Select a value from the drop-down list to select an interface name: VIP, MGMT, LAN2, ANY, IP. You can select IP addresses on the loopback or non-primary VLAN interface.
      • IP Address: This is displayed only when you select IP from the drop-down list. Specify the IP address of the source.
      Note: If you select IP addresses on the loopback or non-primary VLAN interface, then you must add these IP addresses in the Listen on these additional IP addresses table.
    • Notify Delay: Specify the number of seconds that the Grid secondary servers delays sending notification messages to the external secondaries. You can enter a value between 5 and 86400 seconds. The default is five seconds.
  5. Save the configuration and click Restart if it appears at the top of the screen.