which port the dns running on?

i found dns run under udp on certain port, seems other than 53, 42 as well.

while i fobbien all of the udp but only 53,42 left; however, ping
www.yahoo.com
echo :
unreachable host.

after my open all of the udp, it work again.
the clause is:
-A input -s 0/0 -d 0/0 53 -p udp -j ACCEPT
-A input -s 0/0 -d 0/0 42 -p udp -j ACCEPT
-A input -s 0/0 -d 0/0 -p udp -j REJECT

under above three it could not work;

comments the last one, it work.

my problem is : which port or other anything i must to approve before reject udp?

best regards,
frederick

for dns you need these three settings:
- ALLOW incoming requests TO port 53, UDP from any port
- ALLOW outgoing requests FROM port 53, TCP to port 53, TCP
- ALLOW incoming requests TO port 53, TCP, from port 53, TCP

the 42 is not used (i only know bind as dns server). i looked in /etc/services, 42 is "host nameserver". i never heard of this and i doubt you need it for dns unless you have some special software that offers more service than only dns.

furthermore: you don´t supply a interface in the lines you told. so you probably also shield 127.0.0.1 which you NEVER should! imho this is the actual problem.