Linux IPTables blocking DNS and open port 53

January 9, 2009 | By Fabio Milano In CentOS, Fedora, Firewall, IPTables, Linux, Tutorial |

Scenario / Question:

IPTables is blocking DNS and I can not get DNS from Internet.

Solution / Answer:

IPTables needs to be configured to allow INPUT of port 53 and the OUTPUT of port 53. DNS uses both tcp and udp protocols on port 53 for communicating. UDP is used for queries transferring less than 512 bytes of data and TCP is used for transferring larger queries.

Accept or Allow outgoing DNS requests:

In order to accept or allow outgoing DNS requests from a client system using iptables you can add the following iptable rules. These rules must be added above any deny all rules that may exist in your INPUT or OUTPUT iptable chains.

iptables -A INPUT -p tcp -m tcp --sport 53 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
iptables -A INPUT -p udp -m udp --sport 53 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --sport 1024:65535 --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p udp -m udp --sport 1024:65535 --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT
Share and Enjoy:
  • Print
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • Blogplay
Fabio Milano has written 70 articles for us. Fabio Milano is a certified RHCE, MCP, and CFOI. He runs an IT consulting and services company called RDS Support inc. Website:http://www.rdssupport.com

Other Related Posts:

  • Linux IPTables blocking yum
  • PULSEAUDIO: Unable to connect: Connection refused
  • How to VNCServer setup secure connections
  • Fedora 11 VNC Server and Gnome
  • How to find out what service is associated with what port

    • 1 Comment so far

    1. Domain Talk » Blog Archive » Linux IPTables blocking DNS and open port 53 on January 9th, 2009

      [...] The rest is here: Linux IPTables blocking DNS and open port 53 [...]

    Leave a reply