allow dns through Access-list

I have the access list below and need to allow dns traffic through the block on 172.16.2.30.

10 deny ip any 10.1.89.0 0.0.0.255
    20 deny ip any 10.1.92.0 0.0.0.255      
    30 deny ip any 172.16.2.0 0.0.0.255
    40 deny ip any 172.16.4.0 0.0.0.255 (8372 matches)
    50 deny ip any 10.10.89.0 0.0.0.255
    60 deny ip any 10.10.92.0 0.0.0.255
    70 deny ip any 10.10.133.0 0.0.0.255
    80 deny ip any 10.1.133.0 0.0.0.255
    90 deny ip any 10.20.89.0 0.0.0.255
    100 deny ip any 10.20.92.0 0.0.0.255
    110 deny ip any 10.20.133.0 0.0.0.255
    120 permit ip any any (54386 matches)
cj_cbAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

gurutcCommented:
Hi,

Is 172.16.2.30 a client you want to permit to access DNS or is it a DNS Server?

- gurutc
0
cj_cbAuthor Commented:
gurutc

172.16.2.30 is the dns server.
0
Steven CarnahanNetwork ManagerCommented:
permit tcp host any host 172.16.4.0 0.0.0.255 eq 53
0
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

cj_cbAuthor Commented:
doesn't like the "any"

this is a 3750 switch release 12.2
0
Steven CarnahanNetwork ManagerCommented:
Try this

permit udp any host 172.16.4.30 eq 53
0
pergrCommented:
For DNS, you need both UDP and TCP allowed, on port 53.
0
Steven CarnahanNetwork ManagerCommented:
Basically you should need the following:

! Allow incoming dns traffic to name servers only:
!
permit tcp any host 172.16.4.20 eq domain log
permit udp any host 172.16.4.20 eq domain
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Switches / Hubs

From novice to tech pro — start learning today.