IPTables issue allowing queries to DNS server

Question

I've been given a task to create a DNS server for a subdomain with a delegated DNS zone. I did test the zone file and using the dig tool, I can confirm it is working when called for localhost and the IP of the server, however when using dig via a global server, it fails to resolve and timeouts. My supervisor told me the issue appears to be with the iptables rules added, but I cannot figure what it might be. The following screenshot presents the packet that comes in when being accessed (I've hidden the IPs for security reasons, sorry): https://prnt.sc/f6sJxmTDirsP

The script lines below are the iptables rules that I am currently running (note on port 53):

*filter

:INPUT ACCEPT [0:0]

:FORWARD ACCEPT [0:0]

:OUTPUT ACCEPT [121:27920]

-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT

-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT

-A INPUT -p udp --sport 53 -j ACCEPT

-A OUTPUT -p udp --dport 53 -j ACCEPT

-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

-A INPUT -p icmp -j ACCEPT

-A INPUT -i lo -j ACCEPT

-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT

-A INPUT -j REJECT --reject-with icmp-host-prohibited

-A FORWARD -j REJECT --reject-with icmp-host-prohibited

COMMIT

Answer 1

The line:

-A INPUT -p udp --sport 53 -j ACCEPT

should be:

-A INPUT -p udp --dport 53 -j ACCEPT

You are also missing rule to allow incoming TCP connections for your DNS server.

This rule:

-A OUTPUT -p udp --dport 53 -j ACCEPT

is unnecessary as it is covered by OUTPUT policy.