How Your Firewall Settings Can Interfere With Your DNS Server

Most DNS server connectivity issues that are experienced are as a result of firewall settings. DNS servers work through queries (See different server software here).

This means that if you block your machine from being queried by means of a firewall, then you’ll definitely not experience any networking. However, many people never realize that they have a firewall problem at first. Here are some of the symptoms to check if you want to know whether your DNS server is being disrupted by your firewall;

  • Your machine taking long to establish a connection
  • Prevention of establishing connections by using DNS names instead of IP addresses

When you encounter these, always know that your firewall settings need to be reconfigured.

Configuring Your Firewall

Navigate To The Configuration Interface Of Your Firewall

Every machine/ router has a way in which you can be able to change its firewall settings. Therefore, it’s hard to detail exactly how you can get to this configuration. A good place to check would be to refer to your server/ machine OS documentation to find out how to get to this part. However, we’ve sneaked in a guide for windows users who would like to change their firewall settings.

  • Go to the control panel of your windows operating system (10/8/7).
  • Click on System and Security then select Windows Firewall.

Change Settings To Point To Port 53

You need to allow traffic by change the TCP and UDP protocol settings in port 53 of your machine. Depending on the firewall of your machine, you may need to set separate rules for each protocol or a single one that encompasses both of them.

For windows users you can access this by;

  • Click on Advanced Settings on the left hand pane from the Windows Firewall window.
  • This will lead you to a window with a list of rules on the left side. From the list select Inbound Rules.
  • Select New Rule from the right pane. This will open a new inbound rule wizard.
  • From it, select port as the new rule type then click next.
  • You can then choose either TCP or UDP protocol settings and then specify the specific port that you want to open (in our case port 53); then click next.
  • Select allow the connection.
  • Choose what network the rule applies then click next.
  • Give the rule a name and add a description if you want to, then click the finish button to complete the wizard.

Change Settings In All Machines

The last thing that you need to do is to ensure that all other machines connected on your network also allow traffic through port 53. Ensure that you also enable traffic through port 53 on the server computer in your business or home.


It’s also important that you ensure that users can’t be able to change the local DNS IP server to something other than the specific IP address for your DNS Server. If other users on your network are able to change the DNS IP address, they will be able to bypass your DNS server and any restrictions that you might have put on your network connections. In order to ensure that this does not work, you should setup a firewall on your network to ensure that other DNS services can’t access the internet.

The good thing about setting up all connections to use port 53 is that all users on the network will be forced to use the DNS settings defined on the server computer (or router). Another nifty solution also involves having all requests that are directed to DNS server different the set one to be forwarded to your preferred DNS Server (still through port 53). This will ensure that even if the DNS server address is changed on other machines. They will still access the network’s DNS server.

All of these can be made possible by the use of your machine’s firewall.

The Working Principles Of DNS Servers

Before you get to understand the working principles of DNS Servers, it’s important that you understand domain names first. Domain names are usually formed from several parts which are normally separated by dots. The basic form of a domain involves at least two parts. Domain names are usually labelled from right to left. The extreme right part is known the top level domain i.e. .com, .org etc. Each subsequent level located on the left of the domain name is known as the sub domains.

Domain Levels

Generally, a domain name can be divided into 127 levels with each part containing not more than 63 characters. For example let’s say that you have a domain and you have two locations of your business south and north. Therefore, the domain for the south will be and for the north will be Let’s further assume that you are located in the north and you have your own subdomain therefore it will be These levels can continue being added until you reach the maximum of 127 levels.

However, while adding each level you also have to consider a 254 character limit for your domain name.

DNS Servers And Working Principles

Each domain and subdomain supports multiple DNS Servers. This DNS Servers usually contain all the information about that particular domain. The main working principle of DNS Servers goes like this. A user enters a domain name in the web browser e.g. However, in order for them to receive corresponding data for that domain name, it’s necessary that the domain name is converted into a machine readable state known as an IP address. This means that the IP-address of the server will be requested from the data center before you can be able to access your site.

Note: If you are interested in finding out the IP address of each site, then you can use the ping command. To access it, you need to run the command window in Windows. Search for cmd (In Windows 10/8/7) then click on it. In the resulting window, type ping followed by the site name e.g. ping then press enter. Afterwards a window will appear displaying a group of numbers (e.g., which are the site’s IP address.

Host Names And IP Addresses

It’s important to note that domain names don’t necessarily equal to one IP address. Many domain names can have a specific IP address whereas one name can be related with a number of different IP addresses.

DNS Servers Back up

You might be wondering where all the information on the internet is stored and how it can be retrieved in case websites go down. Well, there are 13 servers around the world which contain the same information. These 13 servers are known as the root servers because they are the ones that hold the entire internet.

Forward And Reverse DNS

DNS Servers not only convert domain names to IP addresses, but they can also convert IP addresses to domain names. The former is known as forward lookup whereas the latter is known as reverse lookup.

1. DNS Records

There are generally six categories in DNS records. These include;

2. A Record (Address Record)

This record is the one that normally links up domain names to a specific IP address.


Known in full as Canonical Name, it’s a tool which is used to divert requests to an alternative name

4. MX (Mail Exchanger)

This refers to the tool that is responsible for the mail exchanges for that particular domain.

5. PTR (Pointer Record)

This record is used for connecting the domain name to the established CNAME.

6. Ns (Name Servers)

Name server is an alternate name for a DNS Server. It generally points the domain name to the DNS Server.

7. SOA (State Of Authority Record)

The SOA refers to a server which has all the standard information for that particular domain.


You are probably confused by now of what DNS server software to use. The good thing is that many machines come with pre-installed server software that you can make use of unless you feel the need of changing it.

Here is guide on how to configure DNS server software on your Windows machine.

Compare The Different DNS Servers: Which One Is Right For You?

DNS (Domain Name Server) is one of the most integral components of the internet. Not so many people know about it yet it is one of the crucial pillars that hold the entire internet together. Just to know how integral DNS is, when you were accessing this site, there are many background processes that were queried without your realization. It also renders domain names usable. If DNS was not working properly, you would have had to type in the IP address of this site in order for you to access the content.

There are very many different DNS server software today. Each DNS server has its own set of characteristics that differentiate it from the rest. Here’s a comparison of the different DNS servers out there.


BIND was written in the 1980’s. It has been in existence for over 30 years during which it has been able receive constant upgrades. It is still regarded as one of the best DNS server software.

Bind can be able to serve as an authoritative name server or a recurs or. It also has some of most advanced DNS features which include IPv6, DNSSEC and TIG transfers. It also has an intuitive web interface that makes it easy to manage the server. You can also manage it through the command line interface.

During its earlier years, BIND was mostly used in UNIX platforms. However, given the number of upgrades that it has had over the years, BIND can be used across all platforms nowadays.


Unbound is a more recent server software having been developed in 2006. It was later rewritten from its original Java form to C language. What makes Unbound a great DNS server software is the fact that it was made with modern features in mind and using the latest technologies that are a requirement for modern day server technology. Unlike BIND which can be used as both an authoritative and recursive name server, Unbound can only be used as a recursive name server. However, it has modules which support the DNSSEC feature.

Just like BIND, Unbound was created for use on Unix-like operating systems. However, recent developments have allowed it to be used on Windows machines.


PowerDNS was written in C+++ in the late 1990s. It has been able to rise to become of the top DNS server software rivalling veterans like BIND. Part of this rise was contributed to the fact that it had a huge developer community who were always contributing to it. As of now, PowerDNS is a fully robust DNS server software that has all features similar to those of BIND and other powerful DNS servers.

However, unlike BIND and Unbound, PowerDNS does not have an interface. For you to manage it, you’ll have to be conversant with the command line interface.


Just as the name suggests, Erl-DNS was written in the Erlang language. It can be used as an authoritative name server and also provides fast query responses.

It features a number of storage techniques for zone data can be extended through the module system present in Erlang.


Dnsmasq is a free software that was first released in 2001. It one of the lightest DNS servers and can be easily configured. It also works as a DHCP server and a DNS forwarder. Just like PowerDNS, Dnsmasq can only be managed through the command line interface. It’s generally recommended for small networks.

Given that it is under the GPL licence, Dnsmasq has become a part of Linux distributions nowadays.

Microsoft DNS

Just as the name suggests, this is the server software for Windows machines. It can be able to serve as an authoritative name server as well as a recursive one. It features a standard DNS zone file, supports CLI management, DNSSEC, Dynamic DNS and NSEC3 support among others. It can be generally used on many enterprise networks.

Page 2 of 212