Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2530
Views
0
Helpful
3
Replies

Do we need to open DNS port for internal DNS servers?

bauti1428
Level 1
Level 1

‎04-16-2008 08:05 AM - edited ‎03-11-2019 05:32 AM

We recently replace our checkpoint to cisco ASA. In our old firewall every tcp/udp ports outbound are blocked, ofcourse except for port 443 and 80. With the ASA we just started blocking all the ports outbound and I noticed that our DNS servers keeps on reaching different outside IP's on port 53 and not sure if I supposed to allow this or block it. If I block it, we might have problems with our DNS. Should I allow all our internal DNS server to any udp/tcp ports outbound? Thank you in advance.

Labels:
0 Helpful
3 Replies 3

acomiskey
Level 10
Level 10

‎04-16-2008 08:39 AM

You will need to allow your internal dns server to make dns requests outbound. udp 53

0 Helpful

bauti1428
Level 1
Level 1
In response to acomiskey

‎04-16-2008 08:50 AM

I tried just the udn 53 but still getting a lot of blocks from port 53. I opened UDP/TCP dns and it stop the logs. What about port 137 outbound?

0 Helpful

Nasser Heidari
Level 1
Level 1
In response to bauti1428

‎04-20-2008 10:18 PM

for DNS server you need to open both tcp and udp 53 for your server .

port 137 is for netbios , and it is local .

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card