[CentOS] dnsmasq centos 7

Sat Oct 31 19:41:08 UTC 2020
Warren Young <warren at etr-usa.com>

On Oct 31, 2020, at 1:22 PM, Strahil Nikolov via CentOS <centos at centos.org> wrote:
> Are you sure you have opened 53/udp ?

Good call, but you left out the “how”:

    $ sudo firewall-cmd --add-service dns
    $ sudo firewall-cmd --add-service dns --permanent

Without the second command, it affects the runtime firewall only, and without the first, it doesn’t take effect until the next reboot.

To the OP: DNS needs both TCP *and* UDP service on port 53.  Your telnet test is incomplete, and in fact covers only some of the lesser-used code paths in DNS servers. (Zone transfers, etc.)  Most DNS service needs UDP only, and expects that to work; there is no fallback to TCP if UDP fails.