On Fri, Jan 12, 2024 at 03:52:46PM +0000, Tom Furie wrote: > Where is the DNS server the dmz host is resolving against? In your dmz, > your internal network, on the firewall machine, outside? You may have > other input/output rules that are interfering, but since you've abridged > your ruleset we have no way of knowing.
I've tried this with the public Gooogle DNS 2001:4860:4860::8888. The behaviour seems consistent: If I try to resolve names over UDP with the first ruleset I posted, it fails. If I try DNS over TCP (by using nslookup with the "-vc" option, it works. Thanks, Ralph
