How to open DNS port 53 using ufw on Ubuntu/Debian Linux

last updated in Categories , ,

How do I allow incoming DNS tcp/udp port 53 connections from a specific IP address or subnet on a Ubuntu or Debian Linux server using ufw? How can I open DNS port 53 using ufw firewall?

Introduction: UFW is an acronym for uncomplicated firewall. It is used for managing a Linux firewall and aims to provide an easy to use interface for the user. In this tutorial, you will learn how to use UFW a frontend to iptables for opening incoming SSH connection on Ubuntu Linux 16.04/18.04 LTS or Debian Linux server.

What is DNS (Domain Name Service)?

DNS stands for “Domain Name System.” The DNS is a naming system for computers, servers and other network devices over the Internet. It used for resolving hostnames to IP addresses or vice versa. For e.g. hostname server1.cyberciti.biz has IPv4 address 104.20.187.5 and has IPv6 address 2400:cb00:2048:1::6814:bb05. In other words, DNS used for associating a domain name (such as cyberciti.biz) to an IP address (such as 104.20.187.5 ). It just works like the “phone book” for the Internet by easily remember computer or server names into IP addresses. DNS uses TCP and UDP port number 53.

open DNS port 53 using ufw for all

The syntax is:
sudo ufw allow dns
OR
sudo ufw allow 53/tcp
sudo ufw allow 53/udp

OR add the comment:
sudo ufw allow 53/tcp comment 'Open port DNS tcp port 53'
sudo ufw allow 53/udp comment 'Open port DNS udp port 53'

If you are running DNS on TCP/UDP port # 5353, enter:
sudo ufw allow 5353/tcp
sudo ufw allow 5353/udp

How to allow incoming DNS queries from specific IP address using ufw

Type the following command:
sudo ufw allow from {IP_ADDRESS_HERE} to any port 53
sudo ufw allow from 192.168.2.254 to any port 53

How to allow incoming DNS queries from specific subnets using ufw

Enter the following command:
sudo ufw allow from {IP_SUB/net} to any port 53
sudo ufw allow from 192.168.2.0/24 to any port 53
sudo ufw allow from 192.168.2.0/24 to 192.168.2.18 port 53

How to check the status of open DNS ports

Use the ss command or netstat command as follows:
ss -tulpn
ss -tulpn | grep :53
netstat -tulpn
netstat -tulpn | grep :53

Find out if tcp udp ports are open or not on Linux

How to check the status of ufw for DNS port 53

Simply run the following command:
sudo ufw status
sudo ufw status numbered

Verify and open DNS port 53 using ufw on Debian or Ubuntu Linux
You can also use the iptables command as follows to list all iptables rules and port opened by iptables:
sudo iptables -L -n -v | grep :53
sudp iptable -t filter -L INPUT -n -v | more

Conclusion

And there you have it, and you just learned how to open DNS port 53 using UFW running on a Debian or Ubuntu Linux based system. For more info see the UFW man page by typing the following man command or help page here:
man ufw

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin, DevOps engineer, and a trainer for the Linux operating system/Unix shell scripting. Get the latest tutorials on SysAdmin, Linux/Unix and open source topics via RSS/XML feed or weekly email newsletter.