From 4588fedfb2a19f8499e32316ab5a79d5ad46d3f4 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Mon, 16 Jan 2017 16:41:44 +0000
Subject: [PATCH] also allow tcp dns for builders

---
 roles/base/templates/iptables/iptables.kojibuilder | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/roles/base/templates/iptables/iptables.kojibuilder b/roles/base/templates/iptables/iptables.kojibuilder
index c69c3ec822..433f911a6e 100644
--- a/roles/base/templates/iptables/iptables.kojibuilder
+++ b/roles/base/templates/iptables/iptables.kojibuilder
@@ -58,6 +58,8 @@
 # DNS
 -A OUTPUT -p udp -m udp -d 10.5.126.21 --dport 53 -j ACCEPT
 -A OUTPUT -p udp -m udp -d 10.5.126.22 --dport 53 -j ACCEPT
+-A OUTPUT -p tcp -m tcp -d 10.5.126.21 --dport 53 -j ACCEPT
+-A OUTPUT -p tcp -m tcp -d 10.5.126.22 --dport 53 -j ACCEPT
 
 # bastion smtp
 -A OUTPUT -p tcp -m tcp -d 10.5.126.12 --dport 25 -j ACCEPT