It sounds obvious now.

BUT , before I added the UDP dns firewall rules. I could successfully do :

lookups using the host command ,
lookups with the example snippet in the Net:NS man page
all DNS & RBL tests with my older SA installation ( 3.0.4 )

.... So I didn't think that I needed that UDP firewall rule.

maybe the newert SA versions forces Net:NS to use UDP where old
versions didn't ...

Oh well.


Kris Deugau wrote:
> Daniel Bourque wrote:
>> After some playing around, turns out that Net:NS performs certain
>> test with via UDP port 53, therefore, I had to accept UDP packets
>> from my nameserver's udp:53

> ... uhhhh... *yes*, you have to accept UDP packets on port 53.... O_o
> *Most* DNS traffic is UDP. If you're blocking port 53/UDP, you're
> blocking most of your DNS lookups - this isn't special to Net:NS.
> -kgd