Ricardo Fraile
Thu Nov 29 16:59:49 CET 2012

I think that the unbound open an arbitrary udp port, how can I fix for use always the same port?

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
udp        0      0    *                           1152/unbound    
udp        0      0 *                           1152/unbound 


   I try to put iptables in the same server that unbound but I can't do a local resolv:

dig @

; <<>> DiG 9.7.3 <<>> @
;; global options: +cmd
;; connection timed out; no servers could be reached

whit this iptables rules:

:OUTPUT ACCEPT [2271:2106405]
-A INPUT -s -p tcp -j ACCEPT 
-A INPUT -s -p udp -j ACCEPT 
-A INPUT -s -p icmp -j ACCEPT 
-A INPUT -s -p udp -j ACCEPT 
-A INPUT -s -p tcp -j ACCEPT 
-A INPUT -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 53 -j ACCEPT 

-A INPUT -p udp -m udp --dport 53 -j ACCEPT 

If I clean the firewall, all works, but why? Which ports use unbound for the queries?

