Do we need to open DNS port for internal DNS servers?

Unanswered Question
Apr 16th, 2008

We recently replace our checkpoint to cisco ASA. In our old firewall every tcp/udp ports outbound are blocked, ofcourse except for port 443 and 80. With the ASA we just started blocking all the ports outbound and I noticed that our DNS servers keeps on reaching different outside IP's on port 53 and not sure if I supposed to allow this or block it. If I block it, we might have problems with our DNS. Should I allow all our internal DNS server to any udp/tcp ports outbound? Thank you in advance.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
acomiskey Wed, 04/16/2008 - 08:39

You will need to allow your internal dns server to make dns requests outbound. udp 53

bauti1428 Wed, 04/16/2008 - 08:50

I tried just the udn 53 but still getting a lot of blocks from port 53. I opened UDP/TCP dns and it stop the logs. What about port 137 outbound?

nasser.heidari Sun, 04/20/2008 - 22:18

for DNS server you need to open both tcp and udp 53 for your server .

port 137 is for netbios , and it is local .

Actions

This Discussion