Contact for queries :
 

SELinux and Firewall Rules for DNS Server

For your clients to be able to query the DNS server, you need to open a single port on the firewall, but for both protocols. The DNS clients can use both TCP and UDP port 53.

Step 1. Use the iptables command to create your firewall rules:

# iptables -I INPUT 5 -p udp -m udp –dport 53 -j ACCEPT
# iptables -I INPUT 5 -p tcp -m tcp –dport 53 -j ACCEPT

Step 2. Save the rules you just created:

# service iptables save
Saving firewall rules to /etc/sysconfig/iptables: [ OK ]

Step 3. Restart the firewall service for the changes to take effect:

# service iptables restart
iptables: Flushing firewall rules: [ OK ]
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Unloading modules: [ OK ]
iptables: Applying firewall rules: [ OK ]

For the DNS server, there is only a single SELinux Boolean value that you can change.

named_write_master_zones Allows master zone files to be written

If you would like to have a dynamic DNS server or allow zone file transfers, you
need to disable this value; otherwise, you can leave the default protection as is.

For additional security, you can set SELinux to allow only the named system user to be able to read the /etc/named.conf file. This ensures additional security should you need it. To allow only the named user to be able to read the /etc/named.conf file, use the following command:

# chcon -t named_conf_t /etc/named.conf

Verify with this command:

# ls -Z /etc | grep named.conf

November 16, 2015

1 responses on "SELinux and Firewall Rules for DNS Server"

Leave a Message

Your email address will not be published. Required fields are marked *

About iGURKUL

IGURKUL I.T. Training Hub offering various Career Certification courses in Computer Networking, Unix, Linux, Cloud Computing and DevOps Technologies. With its rich experience in IT training service sector, iGURKUL has been able to set Industry best practices in IT Training for the past five years.

In Past five years, more than 5000 professionals have been trained by iGURKUL for System administration, Cloud Computing and DevOps Skill set through our Online Training portal www.unixadminschool.com. And , each day , more than 10000 working professionals from all over the globe visiting our knowledge base www.unixadminschool.com/blog for the best practices and Knowledge learning.

Popular Tags

Who’s Online

There are no users currently online
top
Template Design © igurkul I.T. solutions. All rights reserved.
X