[Pdns-users] pdns error sendto

[Nick Milas]

In CentOS 5, I directly edit iptables file.

I'm using the following DNS rules for iptables (as suggested by 
RH/CentOS), and I have no problems with DNS servers:

-A RH-Firewall-1-INPUT -m state --state NEW -p udp --dport 53 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -p tcp --dport 53 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -p udp --sport 53 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -p tcp --sport 53 -j ACCEPT

Also, you didn't mention if you are using IPv6. If so, in 
/etc/sysconfig/ip6tables you should specify:

-A RH-Firewall-1-INPUT -p udp --dport 53 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp --dport 53 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --sport 53 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp --sport 53 -j ACCEPT

...because ip6tables stateful filtering is broken in Centos 5 (it's 
documented, but I have found it the hard way).

The above rules are on the DNS Server box.

Note that if you are using ipv6, it will have a higher priority over 
ipv4; so, if ipv6 is available it will be used and, if not configured 
properly, you'll have problems.

Good luck,
Nick


On 25/2/2011 8:46 πΌ, Liong Kok Foo wrote:
> Hi,
>
> I have double checked and I did configured the firewall port 53
> tcp/udp. Could it possible there are other port that need to be opened.?
>
>