Securing DNS Servers with a Firewall

The Domain Name System, or DNS, speaks over TCP port 53 and UDP port 53.

If you are hosting a DNS server, you will need to configure your firewall to allow traffic through these ports.

With HeatShield, you can quickly create a custom ruleset to open the DNS ports and apply that ruleset to your DNS servers.

Opening Your Firewall for DNS

First, connect your server to HeatShield and upgrade it to use custom rulesets.

Then, open your Rulesets page and click Create Ruleset.

Next, name your ruleset and click Create Ruleset.

Now, create a new firewall rule by selecting the policy, the destination, and the source.

Set the Policy to Allow and the Source to Any.

Select Custom from the Destination dropdown and enter TCP 53 as the DNS port. Click Add.

Repeat this step for UDP 53.

Your final ruleset will look similar to this example:

If you are hosting a private DNS server, you can set the Source to Custom and enter an IP address that can access the DNS server. You will need to create a TCP and a UDP rule for each IP address you want to allow.

Applying the DNS Ruleset

To apply your new ruleset to your DNS server, open the server in HeatShield.

Select your DNS ruleset from the drop-down list and click Apply Ruleset.

Your new ruleset will be applied.

You can restrict access to your DNS server even further by removing the HTTP/HTTPS ruleset from it.

Last updated: September 23, 2016

Still Have Questions?

Don't hesitate to contact us if you can't find the answers to your questions.