Allow DNS lookups through ipchains?
I have a firewall on a DNS machine, using ipchains on RH7.3
Now, what I would like to do, is open up the IN ports that query the dns server for zone records (you know, the whole point of a dns machine being the authority of a zone file). Whats the port? I dug through /etc/services to see if any looked like the right one, or gave some clue ... but that didnt yiled any help. Thanks for any insights. |
that port is 53
|
Thank you. It was the UDP port of 53 that appeared to be the cause of grief.
Thanks for pointing me in the right direction. |
it's odd that wasn't in your /etc/services file.......maybe ya just missed it? either way.......your welcome
|
Well, ya see, it WAS...
But ipchains already had entries for the domain port... so I thought it wasnt that port that queries were being done against. Turns out ipchains had some odd setting for the domain port, so I just simply added two calls of: ipchains -I input 4 -p tcp --dport domain -j ACCEPT -y ipchains -I input 5 -p udp --dport domain -j ACCEPT And now it works. Before it was doing a --sport domain with --dport of a range of port numbers. |
All times are GMT -5. The time now is 08:26 AM. |