DNS Updates - Required ports ?

Fr0dders · 11 Oct 2007 at 21:10

we've got a customer who has a BT N3 VPN connecting 2 of there sites. Now they came to us because they were having problems using our software. But the reason our software isnt working is that the main site are all on an Active Directory based domain, and the branch site are on a workgroup ...

and they're using local u/n and passwords that dont exist on the domain, so unsupprisingly file sharing isnt working as they're getting permissions errors

we've told them to speak to the company that has supplied the VPN, and told them to open up the ports as currently we cant add their computers onto the main site domain. We cant VNC onto their PCs or anything, the whole shebang appears to be blocked

anyway, they've come back to us, and said they will gladly arrange to have the ports unblocked for us so we can add the terminals onto the domain.

only question is, what port does DNS updates do ? as the reverse lookup on the DNS server has no entrys for the subnet that this branch is on

oddjob62 · 11 Oct 2007 at 21:32

You need more than just DNS to get the PCs running properly in AD, but DNS is mainly UDP Port 53, but sometimes TCP Port 53 particularly for Zone transfers.

FYI here's a good article if you want to know what ports a Domain Controller is using
http://support.microsoft.com/kb/555381

Fr0dders · 11 Oct 2007 at 22:48

brilliant

ill just e-mail the service provider the article and let them sort it out.

sidethink · 12 Oct 2007 at 12:34

If this is a private VPN between two internally owned and operated sites, is there any reason to blovk any ports other than dangerous ones?

I realise there can be issues with services hogging bandwidth etc but if the VPN is outside your control, it might be easier to suggest they set it up in an open way and then configure the hosts and endpoints more carefully.

We use a VPN running across BT's IP Clear product and it is totally transparent to the end user. There are no ports blocked in the private IP space hosted on the VPN.

We do however block services and ports on the host side using a combination of approaches including a policy controlled client firewall product.

Fr0dders · 12 Oct 2007 at 14:33

haha

ive suggested it and got told no. They're nhs properties so even though its a private VPN are very twitchy with regards having ports open

i totally agree with you. but the VPN wasnt supplied by us so theres not a lot we can do.

sidethink · 14 Oct 2007 at 11:14

No worries, I'm quite aware of the wierdness that accompanies NHS IT. In Northern Ireland, you must deal with the DIS guys who maintain the wide area network - they are very protective and mysterious.