named behind a firewall

Kevin Darcy kcd at daimlerchrysler.com
Wed Jun 6 22:16:35 UTC 2001


Budec wrote:

> I setup named behind my firewall and forwarded UDP/TCP port -> 53 to it.  The
> DNS works for internal hosts, but external hosts get time out errors.  Any idea
> on what I am doing wrong.  I thought the only thing named (and DNS in general)
> was port 53...
>
> I can telnet (from external host) to firewall ip port 53 and this does forward
> me to the internal DNS server, but things like nslookup fail.

Incoming queries can come from unprivileged ports to port 53, and the responses to
those queries will go back from port 53 to the originating unprivileged port.

If your nameserver is resolving Internet names, it may send outbound queries from
an unprivileged port to port 53. Likewise, the responses to those queries will
come from port 53 to the originating unprivileged port.

Adjust the rules accordingly.


- Kevin




More information about the bind-users mailing list