How to use DNS server behind NAT router
Solution 1
In general, DNS queries are sent from a high-numbered source port (above 1023) to destination port 53, and responses are sent from source port 53 to a high-numbered destination port.
Open UDP port 53 to and from the server in your NAT configuration.
Solution 2
You will also need to forward TCP port 53 for some functions of DNS to work properly, including using sub-domain zone files delegated from a main domain and for using master/slave configurations. The zone file changes are transferred via TCP port 53.
Related videos on Youtube
Allen
Software engineer by trade Theoretical computer scientist by schooling Programmer by birth
Updated on September 18, 2022Comments
-
Allen over 1 year
I have a local DNS server that I want to use, but it's behind a NAT router. For all other servers that are behind that router, I simply have an appropriate forwarding rule enabled in the router. From what I've read regarding DNS, however, it seems that there is no particular port that I can forward to make this work (and I'd rather not just forward all ports >49152). Is it possible to use a DNS server from behind a NAT router?
If it matters, I'm running the bundled DNS role in Windows Server 2008 Standard.
-
user1984103 almost 11 yearsDNS operates on port 53.
-
-
Frank Thomas almost 11 yearsyou may also have to allow 53/udp in both directions in your firewall. Note that DNS Forwarding uses 53/UDP -> 53/UDP, so if you are forwarding, or using an old dns server, don't specify a source/dest prt > 1023 in your firewall.
-
Allen about 6 yearsSo, I asked this question years ago, and I know a little bit more about networking now. The thing that was tripping me up way back then (IIRC) was the idea of ephemeral ports. These, I know now, are on the src side of the connection and not relevant to port forwarding. UDP 53 is correct.