Google DNS

Wonderful   0 votes - 0 %
Evil   1 vote - 12 %
Neither   3 votes - 37 %
What is this Google DNS of which you speak?   3 votes - 37 %
Why is FlightTest running a unix firewall when he obviously doesn't understand what he's doing?   3 votes - 37 %
At least BSD doesn't have that hippy smell   2 votes - 25 %
But MicroSoft is STEALING all the BSD code!!!   2 votes - 25 %
But Apple is STEALING all the BSD code!!!   3 votes - 37 %
8 Total Votes
My guess... by chuckles (4.00 / 1) #1 Mon Jan 04, 2010 at 02:24:51 AM EST

You need to add a firewall rule allowing Google's DNS servers to send traffic to you from port 53/UDP to >1023/UDP.

Or see if you can query Google's DNS servers on port 53/TCP.

My guess is that you were querying OpenDNS on port 53/TCP, and your firewall happily allowed OpenDNS' responses back to you. You are now querying Google on port 53/UDP. UDP is connectionless and has more potential for mischief. Your firewall might be configured to block all incoming UDP traffic (a reasonable precaution).

"The one absolutely certain way of bringing this nation to ruin [...] would be to permit it to become a tangle of squabbling nationalities"
Hrmmmm by FlightTest (2.00 / 0) #4 Mon Jan 04, 2010 at 12:06:41 PM EST
But all I did was change the IPs from OpenDNS's servers to Google's servers.  Why would named suddenly decide to change the protocol it was using to query the upstream DNS?

[ Parent ]
These are responses by thunderbee (4.00 / 2) #2 Mon Jan 04, 2010 at 02:40:02 AM EST
from port 53 to the query port.
Query source port is randomized by your DNS to avoid cache poisoning.

Okay.... by FlightTest (2.00 / 0) #3 Mon Jan 04, 2010 at 12:01:05 PM EST
So why wasn't I getting these responses with OpenDNS?  I presume some difference in the way OpenDNS runs their DNS severs vs. the way Google does?

[ Parent ]
I don't use either by thunderbee (2.00 / 0) #5 Thu Jan 07, 2010 at 02:27:08 AM EST
What I noticed though is that this behavior goes with the update about the cache poisoning.
DNSes that used to work (that is master DNS, not caching) without rules for these high random ports failed after the upgrade.
Maybe openDNS is still working the old-fashioned way and google is not? I'm not using either so I can't really say.

I'm no DNS expert, I just make them work; the subtleties escape me :)

[ Parent ]