nslookup fails on a RH 7.1 box

[Tinu Patel]

Hello all….   I have a RH 7.1 DNS server.� The server is working fine and resolving names without any problems from external requests. �I am also using IP chains to shut all ports except 22 and 53.� My problem is that when I try to do a nslookup from that box, it gives me the following error:   $ nslookup yahoo.com   Note:� nslookup is deprecated and may be removed from future releases. Consider using the `dig' or `host' programs instead.� Run nslookup with the `-sil[ent]' option to prevent this message from appearing.   ;; connection timed out; no servers could be reached     My Ipchains are as follows:   Chain input (policy DENY): target���� prot opt���� source��������������� destination���������� ports ACCEPT���� tcp� ------� anywhere������������ dns�� ����������any ->�� ssh ACCEPT���� udp� ------� anywhere������������ dns���� �������any ->�� domain ACCEPT���� tcp� ------� anywhere������������ dns ������������any ->�� domain Chain forward (policy DENY): Chain output (policy DENY): target���� prot opt���� source�� �������������destination���������� ports ACCEPT���� tcp� ------� dns� ������������anywhere������������� ssh ->�� any ACCEPT���� udp� ------� dns�� ����������anywhere������������� domain ->�� any ACCEPT���� tcp� ------� dns��� ����������anywhere������������� domain ->�� any     but it is able to respond to external requests (meaning when I set my machine to use this DNS server, it does name resolutions without any problems).   I know it is something to do with IP chains coz when I flush all my rules and set the default to accept all then the nslookup runs fine.   Do I need to open another port to be able to do internal queries within the box?� I’m confused…….