iptables allow server to be an Internet DNS Server for our domains 1

[EchoAlertcom]

Hello,

We are setting up a name server to be the authoritative name server for our domains. Will the following two rules allow basic queries from the Internet to pass through?

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 53 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 53 -j ACCEPT

I would also like help with how to allow zone transfers to and from a specific ip address please. Could someone show me how to write that line please?

Warmest Regards,
Steve

 

[lgarner]

Those should do it. The zone transfer restrictions would be made in named.conf. Check the "allow-transfer" statement.

 

[EchoAlertcom]

Hello,

Thank you for your response.

Even though i need to make changes in the named.conf too to allow the zone transfers, I would still need to make sure that i have the port open here too right?

Regards,
Steve

 

[lgarner]

Correct. DNS uses port 53. You could control which hosts could communicate with for DNS purposes, but controlling what DNS services are used, like what addresses are served to whom or who can notify or transfer, is all done through the DNS configuration.