1. DSR Software Upgrade Guide
  2. Advanced Health Check Procedure

A.16 Advanced Health Check Procedure

This procedure verifies the UDP/TCP port 53 is open between NOAM and each DR-NOAM site, NOAM, and each SOAM site, and between MPs and each name server of the file /etc/resolv.conf.

A.16 Verify if the UDP/TCP Port 53 is Open Between NOAM and Each DR-NOAM Site

  1. From the command prompt of the server with the alarm, issue the sudo nmap -sTU -p 53 <DR-NOAM hostname> command.
  2. Verify that the customer firewall is configured to allow DNS traffic on UDP/TCP port 53:

    [admusr@Icepick-NO-A ~]$ sudo nmap -sTU -p 53 Icepick-DRNOAM-A

    Starting Nmap 5.51 ( http://nmap.org ) at 2018-03-02 17:57 EST

    Nmap scan report for Icepick-DRNOAM-A (10.75.202.173)

    Host is up (0.00025s latency).

    rDNS record for 10.75.202.173: Icepick-DRNOAM-A.platform.cgbu.us.oracle.com

    PORT STATE SERVICE

    53/tcp open domain

    53/udp open domain

    MAC Address: 02:05:39:E0:60:8A (Unknown)

    Nmap done: 1 IP address (1 host up) scanned in 5.60 seconds

    [admusr@Icepick-NO-A ~]$

    If port is reported as any state other than “Open”, then inform the customer before accepting the upgrade.

    Note:

    If the ports are reported as “Closed” it may be because no services are running on the far end. Check with the customer if the firewall has been configured to allow DNS traffic on port 53.

    If the port is reported as “Filtered” then the port is likely blocked by a Firewall and the upgrade must not be accepted until the customer confirms that their network will allow DNS traffic on port 53.

A.16 Verify if the UDP/TCP Port 53 is Open Between NOAM and Each SOAM Site

  1. From the command prompt of the server with the alarm, issue the sudo nmap -sTU -p 53 <SOAM hostname> command.
  2. Verify that the customer firewall is configured to allow DNS traffic on UDP/TCP port 53:

    [admusr@Icepick-NO-A ~]$ sudo nmap -sTU -p 53 Icepick-SO-A

    Starting Nmap 5.51 ( http://nmap.org ) at 2018-03-02 17:57 EST

    Nmap scan report for Icepick-SO-A (10.75.202.173)

    Host is up (0.00025s latency).

    rDNS record for 10.75.202.173: Icepick-SO-A.platform.cgbu.us.oracle.com

    PORT STATE SERVICE

    53/tcp open domain

    53/udp open domain

    MAC Address: 02:05:39:E0:60:8A (Unknown)

    Nmap done: 1 IP address (1 host up) scanned in 5.60 seconds

    If port is reported as any state other than “Open”, then inform the customer before accepting the upgrade.

    Note:

    If the ports are reported as “Closed” it may be because no services are running on the far end. Check with the customer if the firewall has been configured to allow DNS traffic on port 53.

    If the port is reported as “Filtered” then the port is likely blocked by a Firewall and the upgrade must not be accepted until the customer confirms that their network will allow DNS traffic on port 53.

A.16 Verify if the UDP/TCP Port 53 is Open Between MP and Each Name Server of the /etc/resolv.conf file

  1. List the contents of the file /etc/resolv.conf via the “sudo cat etc/resolv.conf” command.
  2. Verify that the Customer Firewall is configured to allow DNS traffic on UDP/TCP port 53 to the addressed from the file /etc/resolv.conf:

    [admusr@Icepick-DAMP-1 ~]$ sudo cat /etc/resolv.conf (lookups)

    domain platform.cgbu.us.oracle.com

    nameserver 10.240.50.134

    nameserver 10.240.50.133

    search platform.cgbu.us.oracle.com 500lab.com labs.tekelec.com labs.nc.tekelec.com

    [admusr@Icepick-DAMP-1 ~]$

    [admusr@Icepick-DAMP-1 ~]$ sudo nmap -sTU -p 53 10.240.50.134 10.240.50.133

    Starting Nmap 5.51 ( http://nmap.org ) at 2018-03-02 17:46 EST

    Nmap scan report for Icepick-SO-B-imi.platform.cgbu.us.oracle.com (10.240.50.134)

    Host is up (0.00022s latency).

    PORT STATE SERVICE

    53/tcp open domain

    53/udp open domain

    MAC Address: 02:17:B4:4F:DA:B6 (Unknown)

    Nmap scan report for Icepick-SO-A-imi.platform.cgbu.us.oracle.com (10.240.50.133)

    Host is up (0.00025s latency).

    PORT STATE SERVICE

    53/tcp open domain

    53/udp open domain

    MAC Address: 02:EE:13:E2:2C:EF (Unknown)

    Nmap done: 2 IP addresses (2 hosts up) scanned in 5.66 seconds

    [admusr@Icepick-DAMP-1 ~]$

    If port is reported as any state other than “Open” then inform the Customer before accepting the upgrade.

    Note:

    If the ports are reported as “Closed” it may be because no services are running on the far end. Verify with the Customer that the firewall has been configured to allow DNS traffic on port 53.

    If the port is reported as “Filtered” then the port is likely to be blocked by a Firewall and the upgrade must not be accepted until the Customer confirms that their network will allow DNS traffic on port 53.