View All Products
Compute
Storage
Networking
Databases
Services
Developer Tools
Industries
Pricing
Community
Engage With Us
Community Questions My firewall blocks DNS
Log in to Ask a Question

My firewall blocks DNS

New Linode user here. I've set up Debian 11 on a Linode and configured a firewall to block most traffic but allow DNS inbound and outbound. This is using the default settings for accept-inbound-DNS and accept-outbound-DNS on the firewall configuration page and which specifies port 53. /etc/resolv.conf looks like 

hbarta@hankbarta:~$ cat /etc/resolv.conf 
# Generated by Linode Network Helper
# Mon Dec 20 22:07:09 2021 UTC
#
# This file is automatically generated on each boot with your Linode's
# current network configuration. If you need to modify this file, please
# first disable the 'Auto-configure Networking' setting within your Linode's
# configuration profile:
#  - https://cloud.linode.com/linodes/33005916/advanced
#
# For more information on Network Helper:
#  - https://www.linode.com/docs/platform/network-helper
#
# A backup of the previous config is at /etc/.resolv.conf.linode-last
# A backup of the original config is at /etc/.resolv.conf.linode-orig
#
domain members.linode.com
search members.linode.com
nameserver 66.175.211.5
nameserver 207.192.69.5
nameserver 50.116.62.5
options rotate
hbarta@hankbarta:~$ cat /etc/.resolv.conf.linode-orig
search members.linode.com
nameserver 1.1.1.1
nameserver 1.0.0.1

If I temporarily disable the firewall, DNS works so I'm pretty sure it is the firewall. What do I need to do differently to get this to work?

Thanks!

2 Replies

You need to modify your firewall configuration to not block DNS -- allow port 53, in or out, tcp and udp.

Since you're using Debian, you'll have to modify your ipfilter rule set. You'll have to figure out how to do that on your own.

-- sw

Yes, thanks.
I have my firewall rules set at https://cloud.linode.com/firewalls/37660.
I have not configured any rules for my host.
The firewall rules (in order)
Inbound:

  • accept SSH, Port 22, All IPv4, All IPv6
  • accept ICMP, All IPv4, All IPv6
  • Accept DNS Port 53, All IPv4, All IPv6
    Default Drop

Outbound

  • accept SSH, Port 22, All IPv4, All IPv6
  • accept HTTP, Port 80, All IPv4, All IPv6
  • accept HTTPS, Port 443, All IPv4, All IPv6
  • Accept DNS Port 53, All IPv4, All IPv6
  • Accept ICMP All IPv4, All IPv6
    Default Drop

I haven't configured a firewall on my host since I'm using the one listed above. If I disable that, DNS works. If I leave it enabled and change the outbound rules to Default Accept, DNS works.

I suppose I don't need to block outbound traffic.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct