DNS request and IPtables config

Allow incoming DNS request at port 53

Use following rules only if you are protecting dedicated DNS server.

SERVER_IP is IP address where BIND(named) is listing on port 53 for incoming DNS queries.

Please note that here I’m not allowing TCP protocol as I don’t have secondary DNS server to do zone transfer.

SERVER_IP=”123.108.230.184″

iptables -A INPUT -p udp -s 0/0 –sport 1024:65535 -d $SERVER_IP –dport 53 -m state –state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p udp -s $SERVER_IP –sport 53 -d 0/0 –dport 1024:65535 -m state –state ESTABLISHED -j ACCEPT
iptables -A INPUT -p udp -s 0/0 –sport 53 -d $SERVER_IP –dport 53 -m state –state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p udp -s $SERVER_IP –sport 53 -d 0/0 –dport 53 -m state –state ESTABLISHED -j ACCEPT

Hope it is easy to write iptables rule for a dns server

Tags: dns, iptables