dns works on server, refuses client connections

mfleonhardt · 01-20-2008, 02:48 PM

Hi, I just set up DNS services on my main home network server. Everything works fine from the server (dig, nslookup, etc.)

When I try to point my client there, my connection is refused:

Code:

[ matt@client:~ ] dig @192.168.0.100 yahoo.com. soa +vc
;; Connection to 192.168.0.100#53(192.168.0.100) for yahoo.com. failed: connection refused.

Firewall is turned off, and I'm pretty sure I've got my named.conf set up to allow queries from the local network...

Code:

[root@server:~]# service iptables status
iptables: Firewall is not running.
[root@server ~]# nmap localhost

Starting Nmap 4.20 ( http://insecure.org ) at 2008-01-20 10:45 HST
Interesting ports on localhost.localdomain (127.0.0.1):
Not shown: 1680 closed ports
PORT      STATE SERVICE
21/tcp    open  ftp
22/tcp    open  ssh
25/tcp    open  smtp
53/tcp    open  domain
80/tcp    open  http
81/tcp    open  hosts2-ns
110/tcp   open  pop3
111/tcp   open  rpcbind
143/tcp   open  imap
389/tcp   open  ldap
631/tcp   open  ipp
953/tcp   open  rndc
993/tcp   open  imaps
995/tcp   open  pop3s
3306/tcp  open  mysql
8443/tcp  open  https-alt
10000/tcp open  snet-sensor-mgmt

Nmap finished: 1 IP address (1 host up) scanned in 0.227 seconds
[root@server ~]# cat /etc/named.conf 
acl leonhardt-lan {
        192.168.0.0/24;
        127.0/8;
        };
options {
        directory "/var/named";
        allow-query { "leonhardt-lan"; };
        allow-transfer { "leonhardt-lan"; };
        listen-on port 53 { 127.0.0.1; };
        listen-on-v6 port 53 { ::1; };
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        recursion yes;
        forwarders { 192.168.0.1; }; #router is given dns server list through dhcp
        forward only; #rely completely on our upstream nameservers
        query-source address * port 53;
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};

# Forward Zone for leonhardt.lan domain
zone "leonhardt.lan" IN {
        type master;
        file "leonhardt.lan.zone";
};

# Reverse Zone for leonhardt.lan domain
zone "0.168.192.in-addr.arpa" IN {
        type master;
        file "192.168.0.zone";            
};

include "/etc/named.rfc1912.zones";

Thanks in advance,
Matt

scowles · 01-20-2008, 05:33 PM

Take a look at your "listen-on" statement in the options section. I don't see 192.168.0.100

For reference, this is my listen-on statement

// Listen ONLY on the following interfaces
listen-on { 127.0.0.1 ; 192.168.8.180; };

mfleonhardt · 01-20-2008, 07:19 PM

Thanks, scowles...that did the trick!