    Unhappy DNS securité problem (iptable)

    Hello to all,

    I have a small problem.
    I would like to reassure two DNS machines (a primary and a secondary) with iptables

    By default I block everything, but even with rules for the port 53, it blocks the queries needing to resolve via the primary, and the secondary does not manage to transfer the zones of the primary …

    DNS are on public ip, but to simplify, we are going to say that:

    The primary DNS is:
    The secondary DNS is:

    Here are iptables rules(sliders) which I have at present:
    iptables -F
    iptables -t nat -F
    iptables -t mangle -F
    iptables -X
    iptables -t nat -X
    iptables -t mangle -X

    iptables -P INPUT DROP
    iptables -P OUTPUT DROP
    iptables -P FORWARD DROP

    iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

    iptables -A INPUT -p tcp --dport 53 -j ACCEPT
    iptables -A INPUT -p udp --dport 53 -j ACCEPT

    iptables -A INPUT -i lo --source --destination -j ACCEPT
    Thus with these rules, I have quite a lot of problems (resolutions, transfersof zones)
    I found these rules on a forum, that seems to be interesting but as I do not know there not iptable, I ignore if it is what I miss or not.
    For information here is all the same what I found (not tested):

    #iptables -A INPUT -p tcp -s --sport 1024:65535 -d -dport 53 -m state state NEW,ESTABLISHED -j ACCEPT
    #iptables -A OUTPUT -p tcp -s --sport 53:65535 -d -dport 1024:65535 -m state state ESTABLISHED -j ACCEPT
    If somebody can help me

    Thank you

    PS: server are under Linux Mandrake

    maybe this should go in technical/security forums? I have no clue on this
    Quote Originally Posted by kohashi
    maybe this should go in technical/security forums?

    And moved.
