Suppose the default INPUT DROP and a DNS server is installed, now I will give an example of IPTables rules so that clients can access the DNS server.
To open the DNS port in IPTables, let’s execute the rule:
sudo iptables -A INPUT -i eth0 -p udp --dport 53 -j ACCEPT
sudo iptables -A INPUT -i eth0 -p tcp --dport 53 -j ACCEPT
To open the DNS port for a specific network only, we’ll follow the rule
sudo iptables -A INPUT -i eth0 -s 192.168.1.0/24 -p udp --dport 53 -j ACCEPT
sudo iptables -A INPUT -i eth0 -s 192.168.1.0/24 -p tcp --dport 53 -j ACCEPT
To remove the rules, specify the same commands, replacing -A with -D, for example:
sudo iptables -D INPUT -i eth0 -p udp --dport 53 -j ACCEPT
sudo iptables -D INPUT -i eth0 -p tcp --dport 53 -j ACCEPT
You can view the list of rules with the command:
sudo iptables -nvL
On the access server, you can redirect all DNS requests to your server (that is, if the client manually specifies its own DNS, then requests will still go to the rule specified in the iptables rule):
iptables -t nat -A PREROUTING -s 192.168.1.0/24 -p udp -m udp --dport 53 -j DNAT --to-destination 192.168.2.5
To access statistics (port 8053 TCP):
sudo iptables -A INPUT -s 192.168.5.5 -p tcp --dport 8053 -j ACCEPT
See also my articles:
Configure IPTables
Installing and Configuring DNS Server BIND9