> options { > directory "/var/named"; > dump-file "/var/named/data/cache_dump.db"; > statistics-file "/var/named/data/named_stats.txt"; > memstatistics-file "/var/named/data/named_mem_stats.txt"; > listen-on port 53 { 127.0.0.1; 172.25.50.10; }; > version "DNS Server v2.0"; > dnssec-enable no; > query-source port 53; > forwarders { 208.67.220.220; 208.67.222.222; }; > }; > As you can see, I need to use "query-source port" param too with forwarders to > resolv names (and this is really really ugly). Explicit query-source port breaks port randomisation and is highly insecure. Your problem may be an incorrectly configured firewall that only accepts outgoing queries originating from source port 53 - it needs to accept all outgoing queries for destination port 53.