You might find
this table useful:
Code:
Prot Src Dst Use
udp 53 53 Queries between servers (eg, recursive queries)
Replies to above
tcp 53 53 Queries with long replies between servers, zone
transfers Replies to above
udp >1023 53 Client queries (sendmail, nslookup, etc ...)
udp 53 >1023 Replies to above
tcp >1023 53 Client queries with long replies
tcp 53 >1023 Replies to above
Note: >1023 is for non-priv ports on Un*x clients. On other client
types, the limit may be more or less.
So for an IPTABLES firewall, you would need:
Code:
# DNS
-A INPUT -p tcp -m tcp --dport 53 --syn -j ACCEPT
-A INPUT -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -p udp -m udp -s 192.168.1.0/24 --sport 53 -d 0/0 -j ACCEPT
-A INPUT -p tcp -m tcp -s 192.168.1.0/24 --sport 53 -d 0/0 --syn -j ACCEPT
I used the 192.168.1.0 subnet from your earlier sample above. Replace with any authorized subnets.