CompTIA Linux+ (XK0-005) — Question 168

A Linux administrator has set up a new DNS forwarder and is configuring all internal servers to use the new forwarder to look up external DNS requests. The administrator needs to modify the firewall on the server for the DNS forwarder to allow the internal servers to communicate to it and make the changes persistent between server reboots. Which of the following commands should be run on the DNS forwarder server to accomplish this task?

Answer options

• A. ufw allow out dns
• B. systemctl reload firewalld
• C. iptables -A OUTPUT -p udp -m udp -dport 53 -j ACCEPT
• D. firewall-cmd --zone=public --add-port=53/udp --permanent

Correct answer: D

Explanation

The correct answer is D because it uses the firewall-cmd command to add a rule that opens UDP port 53 permanently, allowing DNS traffic. Option A is incorrect as it is not specific to incoming connections for DNS queries. Option B only reloads the firewalld configuration without adding a new rule. Option C is incorrect because it applies to outgoing traffic, and the DNS forwarder needs to allow incoming requests.