This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

needing to allow UDP packets in on port 53

Hi,

I am seeing dropped packets at firewall for several IP's of an third party secondary DNS service. How can i allow these through. On My Linux DNS server these are the logs i am seeing

> May 28 11:21:01.086 notify: debug 1: zone
> 0.168.192.in-addr.arpa\032/IN: notify to 220.233.6.187#53 failed:
> timed out
> May 28 11:21:01.087 notify: debug 1: zone
> 0.168.192.in-addr.arpa\032/IN: notify to 220.233.6.187#53: retries
> exceeded

The "notify failed" and "retries exceeded" messages suggest that your
firewall is blocking UDP port 53 from the master server to the slave.

Any ideas here

Andrew

This thread was automatically locked due to age.

Parents

0 Brent_Gay over 21 years ago

If this traffic is for zone transfers, then it would be TCP/53...queries are on UDP/53. You would just create a DNAT rule on the ASL and then allow the traffic through the packet filter.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Brent_Gay over 21 years ago

If this traffic is for zone transfers, then it would be TCP/53...queries are on UDP/53. You would just create a DNAT rule on the ASL and then allow the traffic through the packet filter.
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 akennedy over 21 years ago in reply to Brent_Gay

Thats exactly right. It is for zone tranfers. I see my internal machine now being able to send zone out through ASL but when these external IPs come back to via UDP they are rejected.

Where do i find option to allow these queries through to my DNS server??

Regards

Andrew
Cancel
Vote Up 0 Vote Down

Cancel
0 Mha over 21 years ago in reply to akennedy

you prolly need to create a DNAT rule to your DNS server and then a packet filter rule to allow it
Cancel
Vote Up 0 Vote Down

Cancel