How Your Firewall Settings Can Interfere With Your DNS Server
Most DNS server connectivity issues that are experienced are as a result of firewall settings. DNS servers work through queries (See different server software here).
This means that if you block your machine from being queried by means of a firewall, then you’ll definitely not experience any networking. However, many people never realize that they have a firewall problem at first. Here are some of the symptoms to check if you want to know whether your DNS server is being disrupted by your firewall;
- Your machine taking long to establish a connection
- Prevention of establishing connections by using DNS names instead of IP addresses
When you encounter these, always know that your firewall settings need to be reconfigured.
Configuring Your Firewall
Navigate To The Configuration Interface Of Your Firewall
Every machine/ router has a way in which you can be able to change its firewall settings. Therefore, it’s hard to detail exactly how you can get to this configuration. A good place to check would be to refer to your server/ machine OS documentation to find out how to get to this part. However, we’ve sneaked in a guide for windows users who would like to change their firewall settings.
- Go to the control panel of your windows operating system (10/8/7).
- Click on System and Security then select Windows Firewall.
Change Settings To Point To Port 53
You need to allow traffic by change the TCP and UDP protocol settings in port 53 of your machine. Depending on the firewall of your machine, you may need to set separate rules for each protocol or a single one that encompasses both of them.
For windows users you can access this by;
- Click on Advanced Settings on the left hand pane from the Windows Firewall window.
- This will lead you to a window with a list of rules on the left side. From the list select Inbound Rules.
- Select New Rule from the right pane. This will open a new inbound rule wizard.
- From it, select port as the new rule type then click next.
- You can then choose either TCP or UDP protocol settings and then specify the specific port that you want to open (in our case port 53); then click next.
- Select allow the connection.
- Choose what network the rule applies then click next.
- Give the rule a name and add a description if you want to, then click the finish button to complete the wizard.
Change Settings In All Machines
The last thing that you need to do is to ensure that all other machines connected on your network also allow traffic through port 53. Ensure that you also enable traffic through port 53 on the server computer in your business or home.
It’s also important that you ensure that users can’t be able to change the local DNS IP server to something other than the specific IP address for your DNS Server. If other users on your network are able to change the DNS IP address, they will be able to bypass your DNS server and any restrictions that you might have put on your network connections. In order to ensure that this does not work, you should setup a firewall on your network to ensure that other DNS services can’t access the internet.
The good thing about setting up all connections to use port 53 is that all users on the network will be forced to use the DNS settings defined on the server computer (or router). Another nifty solution also involves having all requests that are directed to DNS server different the set one to be forwarded to your preferred DNS Server (still through port 53). This will ensure that even if the DNS server address is changed on other machines. They will still access the network’s DNS server.
All of these can be made possible by the use of your machine’s firewall.