31 Oct
2020
31 Oct
'20
8:41 p.m.
On Oct 31, 2020, at 1:22 PM, Strahil Nikolov via CentOS centos@centos.org wrote:
Are you sure you have opened 53/udp ?
Good call, but you left out the “how”:
$ sudo firewall-cmd --add-service dns $ sudo firewall-cmd --add-service dns --permanent
Without the second command, it affects the runtime firewall only, and without the first, it doesn’t take effect until the next reboot.
To the OP: DNS needs both TCP *and* UDP service on port 53. Your telnet test is incomplete, and in fact covers only some of the lesser-used code paths in DNS servers. (Zone transfers, etc.) Most DNS service needs UDP only, and expects that to work; there is no fallback to TCP if UDP fails.