Ask Your Question

Revision history [back]

As stated in the first comment, firewall-cmd can be used to add rules to configuration.

firewallctl command can be used as well. Run following commands as root (prefix them with sudo)

$ firewallctl info zones -a

This will show you active zones with services enabled in them. You want to enable dns service in your active zone. My output is this:

FedoraWorkstation (active)
  target: default
  icmp-block-inversion: no
  interfaces: ens3
  sources: 
  services: ssh dhcpv6-client samba-client dns
  ports: 1025-65535/udp 1025-65535/tcp
  protocols: 
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules:

Now you know name of your default zone. It should be one of FedoraWorkstation or FedoraServer by default. My zone is FedoraWorkstation, so add dns service.

$ firewallctl zone FedoraWorkstation add service dns

Now try to query your server from the outside. It should give you REFUSED answers from dig

$ dig @yourip localhost. A

If it does work, let's save the firewall configuration to permanent storage

$ firewallctl runtime-to-permanent

Now it should be started again with that service enabled all the time