Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Do we need to open DNS port for internal DNS servers?

We recently replace our checkpoint to cisco ASA. In our old firewall every tcp/udp ports outbound are blocked, ofcourse except for port 443 and 80. With the ASA we just started blocking all the ports outbound and I noticed that our DNS servers keeps on reaching different outside IP's on port 53 and not sure if I supposed to allow this or block it. If I block it, we might have problems with our DNS. Should I allow all our internal DNS server to any udp/tcp ports outbound? Thank you in advance.

3 REPLIES
Green

Re: Do we need to open DNS port for internal DNS servers?

You will need to allow your internal dns server to make dns requests outbound. udp 53

New Member

Re: Do we need to open DNS port for internal DNS servers?

I tried just the udn 53 but still getting a lot of blocks from port 53. I opened UDP/TCP dns and it stop the logs. What about port 137 outbound?

New Member

Re: Do we need to open DNS port for internal DNS servers?

for DNS server you need to open both tcp and udp 53 for your server .

port 137 is for netbios , and it is local .

961
Views
0
Helpful
3
Replies
CreatePlease to create content