configuring DNS on firewall

Answered Question
Feb 27th, 2009

is it necessary to allow both UDP and TCP port 53 for accessing DNS servers through a firewall access-list?

I have this problem too.
0 votes
Correct Answer by vikram_anumukonda about 7 years 9 months ago

tcp/53 is used for zone-transfers. if you are doing just normal queries udp/53 will suffice.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
vikram_anumukonda Fri, 02/27/2009 - 19:49

tcp/53 is used for zone-transfers. if you are doing just normal queries udp/53 will suffice.

vikram_anumukonda Fri, 02/27/2009 - 20:03

Here is another reason why tcp/53 is used "A client can use TCP whenever it wants, and has to use TCP when the response it gets via UDP is truncated because it is too long"

Actions

This Discussion