Does port 53 need to be open with external DNS?

As the subject line says, does port 53 (TCP & UDP) really need to be open if I’m not using mailinabox’s built-in DNS server functionality? My DNS is hosted at Cloudflare.

Thanks

Modern Linux distros use a local service to proxy local DNS lookups even if they’re not acting as a DNS server, so you might be able to block port 53 on the external address, but probably not on the local address. You can look and see what, if anything, has port 53 open by running these two commands:

sudo netstat -tlnp # shows the TCP addr:ports open for listening
and
sudo netstat -ulnp # shows the UDP addr:ports open for listening

Look through the lists and see if anything is listening on port 53 and what address they’re listening on.

Thanks. named is listening on the localhost address and nsd is listening on the box’s public IP. I was kind of expecting this, since the box has the capability by design to be a DNS server. But since I’m not using the box for DNS, I think I can probably close port 53 on the external firewall without impacting functionality, since named is listening only on localhost.