Which ports to allow for DNS server on inside of MT Router ?
Posted: Sat Jan 15, 2011 10:40 am
Hi guys, I have configured a public DNS server which is on a routed network on the inside of my mikrotik, now I feel a bit stupid asking this question but will anyway....
I have allowed the usual TCP/53 and UDP/53 through the forward chain to the DNS server which is fine, but, any replies from other DNS servers which mine has queried come back to higher ports and random ports, this is a feature of the DNS server I am using, but I thought if I allowed related and established connections through to the DNS server it would work, but it doesn't, they just get blocked by my drop rule.
Am I missing something stupid here or do I just have to allow all UDP ports > 1024 through to the DNS server to allow for the replies ?
Thanks
Paul
I have allowed the usual TCP/53 and UDP/53 through the forward chain to the DNS server which is fine, but, any replies from other DNS servers which mine has queried come back to higher ports and random ports, this is a feature of the DNS server I am using, but I thought if I allowed related and established connections through to the DNS server it would work, but it doesn't, they just get blocked by my drop rule.
Am I missing something stupid here or do I just have to allow all UDP ports > 1024 through to the DNS server to allow for the replies ?
Thanks
Paul