How do I configure iptables to allow DNS lookups?

To: debian-user@lists.debian.org
Subject: How do I configure iptables to allow DNS lookups?
From: Malcolm Ferguson <Malcolm_Ferguson@yahoo.com>
Date: Wed, 06 Aug 2003 23:02:42 -0400
Message-id: <[🔎] 3F31C152.3090706@yahoo.com>

I'm trying to configure iptables as strictly as possible, however, I'mhaving problems with DNS. If I understand correctly how DNS works, theclient sends a UDP packet from a high number port to port 53 on the nameserver. The name server responds with a UDP packet back to that highnumber port. Is this correct?

I have /etc/resolv.conf containing a nameserver entry. I also have somename servers listed in the forwarders section of /etc/bind/named.conf.Is there a way to configure both bind and the normal name resolver (howdoes it work???) to always use the same port? Or, do I have to add arule to the INPUT chain that ACCEPTS anything UDP from the name server?Obviously the name server isn't on the local LAN.


TIA
Malc

Reply to:

Follow-Ups:
- Re: How do I configure iptables to allow DNS lookups?
  - From: Jeremy Gaddis <jeremy@gaddis.org>
- Re: How do I configure iptables to allow DNS lookups?
  - From: HdV@DTO.TUDelft.NL
- Re: How do I configure iptables to allow DNS lookups?
  - From: "J.A. de Vries" <J.A.deVries@dto.tudelft.nl>
- Re: How do I configure iptables to allow DNS lookups?
  - From: Paul Johnson <baloo@ursine.ca>

Prev by Date: Re: Challenge-response mail filters considered harmful
Next by Date: Re: Lilo Problems OT
Previous by thread: Re: How to configure the realplayer so that it can see the .rm files?
Next by thread: Re: How do I configure iptables to allow DNS lookups?
Index(es):
- Date
- Thread