On 16 Apr 2003, Joel Newkirk wrote: > > iptables -A INPUT -p tcp --dport domain -j ACCEPT > > DNS usually runs on udp 53, not tcp. Also, you probably shoud have udp > 53 open in OUTPUT as well as INPUT. .. is is not fully correct. Short dns request are usually sent via udp, but if you are expecting to get bigger chunks of dns data (like zone transfer requests for the correlation of secondary dns servers!) the tcp port is used. Basically all dns servers listen to the udp AND tcp port. Regards, Achim Dreyer -- A. Dreyer, Senior SysAdmin (UNIX&Network) / Internet Security Consultant
