Do we need to open DNS port for internal DNS servers?

Unanswered Question
Apr 16th, 2008
User Badges:

We recently replace our checkpoint to cisco ASA. In our old firewall every tcp/udp ports outbound are blocked, ofcourse except for port 443 and 80. With the ASA we just started blocking all the ports outbound and I noticed that our DNS servers keeps on reaching different outside IP's on port 53 and not sure if I supposed to allow this or block it. If I block it, we might have problems with our DNS. Should I allow all our internal DNS server to any udp/tcp ports outbound? Thank you in advance.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
acomiskey Wed, 04/16/2008 - 08:39
User Badges:
  • Green, 3000 points or more

You will need to allow your internal dns server to make dns requests outbound. udp 53

bauti1428 Wed, 04/16/2008 - 08:50
User Badges:

I tried just the udn 53 but still getting a lot of blocks from port 53. I opened UDP/TCP dns and it stop the logs. What about port 137 outbound?

Nasser Heidari Sun, 04/20/2008 - 22:18
User Badges:

for DNS server you need to open both tcp and udp 53 for your server .

port 137 is for netbios , and it is local .


This Discussion