In CentOS 5, I directly edit iptables file.
I'm using the following DNS rules for iptables (as suggested by
RH/CentOS), and I have no problems with DNS servers:
-A RH-Firewall-1-INPUT -m state --state NEW -p udp --dport 53 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -p tcp --dport 53 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -p udp --sport 53 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -p tcp --sport 53 -j ACCEPT
Also, you didn't mention if you are using IPv6. If so, in
/etc/sysconfig/ip6tables you should specify:
-A RH-Firewall-1-INPUT -p udp --dport 53 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp --dport 53 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --sport 53 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp --sport 53 -j ACCEPT
...because ip6tables stateful filtering is broken in Centos 5 (it's
documented, but I have found it the hard way).
The above rules are on the DNS Server box.
Note that if you are using ipv6, it will have a higher priority over
ipv4; so, if ipv6 is available it will be used and, if not configured
properly, you'll have problems.
Good luck,
Nick
On 25/2/2011 8:46 πμ, Liong Kok Foo wrote:
Hi,
I have double checked and I did configured the firewall port 53
tcp/udp. Could it possible there are other port that need to be opened.?
_______________________________________________
Pdns-users mailing list
[email protected]
http://mailman.powerdns.com/mailman/listinfo/pdns-users
