DNS Server (bind9) works on the private network but not in the public one!
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Quick answer, I have only one ethernet card on that machine and before you ask me why I haven't put another one I have to say that is not that easy, complicated waranty politics invovled. Can you help me out with tcdump to check if the responde is going back ok?
Well, I can telnet dnsBox on port 53 from outside the network. Is that enough to say udp port is open (I know telcel is a conection-oriented application, i.e.m it work over tcp), my point is, how do I know if udp is open? (remeber I cannot see the router)
I realize it was some time ago that this thread was posted however I neither seen a resolution to it nor can find any answers elsewhere so thought I would throw this at the wall and see if it sticks.
I am having the same issue as described above. I have created a new BIND9 DNS service on a Mandriva Server in a VM environment.
I also have freeradius running (and working) on this same VM.
I can query the server till the cows come home from the inside of the network however I can not from the outside. Now... unlike the posts above... I can not get a response on port 53 from the outside other than a time out.
The VM, as are all my internet servers, is sitting behind an IPCOP firewall. I have an old separate BIND4 server running on an independent box behind another IPCOP firewall (not the same one) and it has been running without incident for years. Only servers are behind the firewall. There are no internal (private) boxes attached. I do this for added security on the server boxes because I have been hacked so many times over the years on boxes with live IP addresses.
Here's what I have done...
Using tcpdump I have confirmed that requests ARE making it through the firewall from the outside AND are being seen at the BIND9 box. The requests are just not being answered by named. It has no problem answering all the requests you give from within the network on the green side of the firewall.
What is interesting however is that if I look at the query.log file for named it has ongoing listings of queries for domains hosted only on that server. There are no entries in query.log for any non-hosted domains unless those requests are generated on the same "internal" subnet.
I have spent two days straight trying to overcome this issue and I'm pretty certain it is staring me right in the face but I can't see it for the streaming characters flashing across my screen from log file dumps.
I have tried to find reference to it on the internet but have had no luck. Is there a 'switch' in BIND9 that says work with local address requests only or work with 'any' requests?
I have these software switches set in the named.conf file which I thought would cover it all... but... nope:
listen-on port 53 { any; };
allow-query { any; };
allow-recursion { any; };
blackhole { bogon; };
forwarders {
192.168.70.2;
};
There are no errors in the named default.log file and here are a couple entries from the query.log file:
20-Jan-2009 15:42:26.716 client 192.168.70.14#3448: query: 1.0.0.127.in-addr.arpa IN PTR +
20-Jan-2009 15:42:27.429 client 189.138.196.205#56663: query: robertsimaging.com IN MX +
20-Jan-2009 15:42:37.882 client 69.30.226.50#44835: query: ns2.slingshottech.net IN AAAA -E
20-Jan-2009 15:42:38.530 client 206.13.29.42#10710: query: robertsimaging.com IN A -E
20-Jan-2009 15:43:09.288 client 192.168.70.14#3502: query: 1.0.0.127.in-addr.arpa IN PTR +
20-Jan-2009 15:43:48.750 client 68.87.72.133#37195: query: blog.robertsimaging.com IN A -
20-Jan-2009 15:43:51.948 client 192.168.70.14#3567: query: 1.0.0.127.in-addr.arpa IN PTR +
20-Jan-2009 15:44:16.663 client 206.141.193.34#26154: query: robertsimaging.com IN A -E
Now if my hunch is correct... outside clients ARE being seen by named as showing above but it just simply doesn't respond to them. It does respond to the internal requests however.
The install of bind9 automatically installs two references in the named.conf file to external acl files. These files are supposedly suppose to contain known IP subnets that are test nets, etc. Apparently they are not all test nets any longer.
I disabled both these include references and everything is working properly now.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.