DNS not working with ACL

[transcom]

Have a simple config on a Cisco 1601 using config maker ver 2.6. Access list works on all ports permitted except DNS, both UDP and TCP port 53 are permitted, and sh acc shows plenty of permitted packets, but outside users cant nslookup or resolve sites on our network.
Help appreciated

 

[FANCYpete]

It depends where you have the ACL applied...is it on the IN or OUT of your Serial connection ? Does it look something like this?

access-list 101 permit tcp any any eq 53
access-list 101 permit udp any any eq 53



I'm the Fanciest of the Fancy...INDEED

 

[transcom]

Thanks fancypete, the access lists are as you say, however, on the interfaces I only have in and not out, is this the reason ?

Rgds

bill

 

[FANCYpete]

yes, indeed this is the reason, you will need to permit it OUTbound as well as INbound on your interface..hope this helps

I'm the Fanciest of the Fancy...INDEED

 

[ChrisAC]

You will need to permit TCP/UDP 53 INBOUND on your internal interface (the LAN) or OUTBOUND on the external interface. You will not need to permit port 53 into your network unless you are running your own DNS server that is authorative for your domain.

Chris.


**********************
Chris Andrew, CCNA, CCSA
chris@iproute.co.uk
**********************

 

[FANCYpete]

good point Chris, I concur. I was assuming he was running his own DNS server.

I'm the Fanciest of the Fancy...INDEED