Name Server Question

Barry Margolin barmar at
Mon Jan 1 06:15:21 UTC 2007

In article <en9s7l$24kp$1 at>, seekuel <seekuel at> 
> On 12/30/06, Barry Margolin <barmar at> wrote:
> > My guess is that your firewall is only allowing DNS out to your ISP's
> > server.  When you use your own server, it tries to send DNS to the root
> > servers, and this is being blocked by the firewall.

> Is there any way to determine this issue? UDP port 53 is open but TCP is 
> closed.

You should open both, although most of the time it should only need UDP.  
You're talking about OUTBOUND, right?  The source port of these outbound 
queries is a high-numbered port.  Your firewall should allow "from 
1024-65535 to 53" outbound.  Can you check the firewall's log to see if 
it's blocking anything to or from the nameserver?

P.S. Please don't top-post, it gets the conversation out of order.

Barry Margolin, barmar at
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***

More information about the bind-users mailing list