Win98 vs XP DNS query structure.

Hi guys,

I've been stuck on this project for a while now, I wonder if
someone could shed some light for me:

My employer has asked me to review some code for a sort of DNS
query forwarder, part of a internet censor utility. While it works
flawlessly with queries coming from Win XP, 2k, NT machines, it fails
at times with Win 95, 98 machines.

The problem occurs when a page that uses redirection is loaded.
For example, home.microsoft.com, which forwards to www.msn.com:

-On an XP box, the DNS query is sent (from port 3025) for
home.microsoft.com, the program forwards it to the DNS server, and
responds, no problem. Then the next query, for www.msn.com, comes in,
also from 3025, and gets forwarded and returned, no problem.

-If the queries originate from a 9x box, however, the first query for
home.microsoft.com comes in fine, on port 1027. It is returned, and
the next query for www.msn.com comes on port 1030. At this point a
number of things happen. At times, the forwarder ignores the second
request completely. At other times, it forwards it OK, but then I get
an ICMP Port Unreachable packet when it tries to send it back to the
9x box. If i wait until all this traffic fails (eventually it looks
like win 9x tries on port 137, netbios?) and hit refresh, the
home.microsoft.com entry is cached, so only the www.msn.com query is
sent, and it responds fine.

Now some of that is dependant on the forwarder's code, however
what is different about the structure of the queries in the first
place? Why does win9x switch ports for each query, and win XP does
not. Why, also, does XP do it's querying on such a high port, I
thought all DNS stuff was on >1024 or something.

Thanks in advance, I could really use a hand!

I would suspect that your difference in ports has something to do with the
binding order of various protocols. It looks like to me that your initial
outbound queries are on NetBIOS over IP on the 98 box and Kerberos on the XP
box.

I would suspect that when completely configured correctly, that the query
will be on port 53 and the response will be somewhere in the non-reservered
port range (>1023).

"Andrew M" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) m...
> Hi guys,
>
> I've been stuck on this project for a while now, I wonder if
> someone could shed some light for me:
>
> My employer has asked me to review some code for a sort of DNS
> query forwarder, part of a internet censor utility. While it works
> flawlessly with queries coming from Win XP, 2k, NT machines, it fails
> at times with Win 95, 98 machines.
>
> The problem occurs when a page that uses redirection is loaded.
> For example, home.microsoft.com, which forwards to www.msn.com:
>
> -On an XP box, the DNS query is sent (from port 3025) for
> home.microsoft.com, the program forwards it to the DNS server, and
> responds, no problem. Then the next query, for www.msn.com, comes in,
> also from 3025, and gets forwarded and returned, no problem.
>
> -If the queries originate from a 9x box, however, the first query for
> home.microsoft.com comes in fine, on port 1027. It is returned, and
> the next query for www.msn.com comes on port 1030. At this point a
> number of things happen. At times, the forwarder ignores the second
> request completely. At other times, it forwards it OK, but then I get
> an ICMP Port Unreachable packet when it tries to send it back to the
> 9x box. If i wait until all this traffic fails (eventually it looks
> like win 9x tries on port 137, netbios?) and hit refresh, the
> home.microsoft.com entry is cached, so only the www.msn.com query is
> sent, and it responds fine.
>
> Now some of that is dependant on the forwarder's code, however
> what is different about the structure of the queries in the first
> place? Why does win9x switch ports for each query, and win XP does
> not. Why, also, does XP do it's querying on such a high port, I
> thought all DNS stuff was on >1024 or something.
>
> Thanks in advance, I could really use a hand!