When would I open Port 53 for DNS?
Locking down an application server. The server hosts a web app that is served via http. There are a few other ports open as well.
Port 53 is open for DNS. Why would I need this?
Extra: (Do not need to answer this but...) Would this command open that port using iptables in Linux
# iptables -A INPUT -m tcp -p tcp --dport 53 -j ACCEPT
Solution 1:
Port 53 is open for DNS. Why would I need this?
You need to have UDP 53 allowed for responses to DNS queries that your server sends, as UDP is a stateless protocol. Don't block it if you want any kind of outbound connectivity, software updates, etc.
Note that for name resolution software in most modern operating systems that's been patched with DNS source port randomization, the source port of the queries (and thus, the destination port of the response) won't necessarily be 53; in those cases, it's probably safe (but unnecessary, unless you have a rogue DNS resolver listening) to block UDP port 53.
Would this command secure that port using iptables in Linux
You don't need to allow TCP 53 inbound unless your server is actually a DNS server. Your second command has -m udp -p tcp
, which doesn't make a lot of sense.. typo?
Solution 2:
If only use your local network, use a local nameserver and have no connection to random sites on the Internet then you do not need to leave port 53 open. But if you do want to use the Internet then you need to be able to translate hostnames to IP addresses. For that you need DNS.
Solution 3:
When would you open port 53? I would assume when you are hosting DNS zones. Are you running DNS internally or subbing it out? If you run than you better have 53 open if you want anyone to get the records. As you said you have your DNS hosted elsewhere there is no reason to keep these ports open even with Vhosts and whatnot.
As far as the IPtables rule I'm not sure what you mean by secure, but that will open the port for you.
Solution 4:
DNS uses UDP port 53
Why would I need this?
If you want to use your server as a DNS server (for example you're hosting your own domains)