On Oct 31, 2020, at 1:22 PM, Strahil Nikolov via CentOS <centos@centos.org>
wrote:
>
> Are you sure you have opened 53/udp ?
Good call, but you left out the “how”:
$ sudo firewall-cmd --add-service dns
$ sudo firewall-cmd --add-service dns --permanent
Without the second command, it affects the runtime firewall only, and without
the first, it doesn’t take effect until the next reboot.
To the OP: DNS needs both TCP *and* UDP service on port 53. Your telnet test
is incomplete, and in fact covers only some of the lesser-used code paths in
DNS servers. (Zone transfers, etc.) Most DNS service needs UDP only, and
expects that to work; there is no fallback to TCP if UDP fails.
_______________________________________________
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
