A standard DNS query is made by Client from any port, to UDP/53
DNS Server port.
Then, DNS Server answer from UDP/53
to any client port :
Client:Any ---query--> DNSServer:UDP/53 --
|
Client:Any <--answer-- DNSServer:UDP/53 -<
As a sample, iptables
rules for Client would look like this :
iptables -A OUTPUT -d DNSServer -p udp -dport 53 -j ACCEPT
iptables -A INPUT -s DNSServer -p udp -sport 53 -j ACCEPT
Basically, DNS queries uses UDP
unless queries/answer are less or equal than 512 bytes.
If a DNS query/response exceeds 512 bytes then protocol will switch to TCP/53
.
You will need TCP
only in cases when DNS Servers have to speak together, for zone transfert (axfr
) as a sample.