On Oct 31, 2020, at 1:22 PM, Strahil Nikolov via CentOS <centos at centos.org> wrote: > > Are you sure you have opened 53/udp ? Good call, but you left out the “how”: $ sudo firewall-cmd --add-service dns $ sudo firewall-cmd --add-service dns --permanent Without the second command, it affects the runtime firewall only, and without the first, it doesn’t take effect until the next reboot. To the OP: DNS needs both TCP *and* UDP service on port 53. Your telnet test is incomplete, and in fact covers only some of the lesser-used code paths in DNS servers. (Zone transfers, etc.) Most DNS service needs UDP only, and expects that to work; there is no fallback to TCP if UDP fails.