> I upgraded my kernel to 2.4.5 yesterday and decided to switch from using a > very loose ip chains script that was really only for masquarading to a > fairly tight ip tables setup. As it stand all my services are working but > DNS, but DNS works when I query localhost or the internal 192 ip (since > these are both basically wide open on there respective interfaces). Here is > what I currently have in my tcp_packets table for port 53. > --- > $IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 53 -j allowed > --- > and for UDP > --- > $IPTABLES -A udpincoming_packets -p UDP -s 0/0 --source-port 53 -j ACCEPT > --- > if any one has a clue please do lend it to me :)
Bind8 changed to query other servers, from a non-privileged port. So you may well need either to invoke the 'use privileged port option' in /etc/named.conf, or (better) to allow outgoing packets with a destination port of 53. The TCP/IP connection is used for things like zone transfers, so you may be better to restrict that to other known name servers. I think using a seperate port for server queries from requests, mean they don't all get queued up on port 53, offering more robust performance on heavily used DNS servers. Rob
