What ports need to be open for DNS to operate?

DNS uses both the TCP and UDP protocols. Lookups performed by clients primarily (but not exclusively) use UDP – when the response data exceeds 512 bytes, the UDP query will fail and the resolver will retry using TCP. Other DNS functions such as zone transfers use TCP exclusively. DNS servers need to be reachable on  port 53 (“domain”) for both TCP and UDP from their clients (often, the whole internet); the standards do not prescribe a specific source port for DNS requests, so the source port is arbitrary.

Additonally, on systems that are running BIND9 as part of a zone that (as recommended) has multiple name servers, the servers need to be able to connect to each other on TCP port 953 (“rndc”) so they can push changes out to their peers rather than wait for them to refresh their cached information.

Additional Resources

The common port/protocol information can be found in the /etc/services file.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: