DNS BIND firewall settings
Allowing DNS traffic through the firewall is another important task to be completed when configuring your server.
Firewall current state
First of all use one of the following two CLI commands to see the current state of the firewall.
systemctl status firewalld
DNS BIND ports
You’ve probably noticed when working on the “named.conf” file on line number 13th (IPv4) and also on line number 14th (IPv6) that port 53 is mentioned there, that’s the DNS default port, you can also check that port via the firewall XML services file, located at the following path.
DNS BIND firewall exception
Both network and host firewalls must allow incoming TCP and UDP traffic over port 53. Standard DNS requests occur over UDP port 53. However, if the response size is over 512 bytes, as the case may be with DNSSEC, the request will need to be sent over TCP port 53.
firewall-cmd --permanent --zone=public --add-service=dns
Firewall must be reloaded for the changes to take place, use the following CLI command.
Verify DNS was added into the firewall exceptions
Use the following CLI to see all the services that are currently allowed through the firewall and look to find DNS between them.