That is exactly why it is not working because you have filtering
enabled on UDP and it is blocking return traffic to your computer
from your ISP DNS server. The only time you would want to enable UDP
filtering for port 53 would be if you were running a DNS server.
Here is a brief example why it is not working. Your computer sends a
DNS request to your ISP DNS server and the destination port would be
UDP 53 and the source port would be a randomly assigned port above
1024 on your computer and we will say it is 1055. The DNS server
receives your request and notes that the request came from your IP
address and port 1055 on your computer. The DNS server replies with
the name resolution request and sends it to your IP address port
1055 UDP. When it reaches your network adapter it is dropped because
your network adapter only allows traffic to port 53 UDP on your
computer. Now TCP traffic is stateful and tcp/ip filtering will
allow response traffic [established session] to your computer that
was initiated by your computer but UDP is not. Unfortunately since
there is no way to predict what random port a computer is going to
use you would have to manually populate the UDP allowed list with up
to thousands of IP addresses since you can not specify a range.
Luckily with XP you have the built in Windows Firewall that you can
use which is stateful for UDP traffic. --- Steve
Thanks for reply.
Yes, I mean the TCP/IP filterimg of the network adapter. I set up
the TCP/IP filter propertities to only permits TCP port 80 and port
53 and UDP ports 80 and port 53.
After reboot the machine, I can only access the Internet by IP
number but not by name.
Just wonder what the problem here?
Thanks,
Steven L Umbach wrote:
What do you mean by tcp/ip filter? Also keep in mind that a client
computer
uses port 53 UDP/TCP outbound with a random above number 1024 as
the source
port for DNS name resolution traffic. Only DNS servers will use
port 53 TCP/UDP as the source port. If you mean tcp/ip filtering
that you configure
in the properties of the network adapter that will only filter
inbound traffic and a DNS client would be receiving responses from
the DNS server on
the DNS client's source port. --- Steve
I have permit both TCP and UDP port 53 in the TCP/IP Filter. But
it is still blocked the DSN lookup.
Just wonder how to fix this? Thanks for advices!