[SOLVED] CentOS 7

mangya · 01-27-2016, 10:28 AM

Hello All

Host: Fedora 23
Guest1: CentOS 7.2 (cdns.example.con)
Guest2: Debian 8.2 (ddns.example.con)

I'm learning bind server in centos 7.2 and debian 8.2 side-by-side. Both distros are installed in Qemu kvm. The problem I am facing is - not able to open port for bind server in CentOS.

This is the result I'm getting (of cdns.example.con) when queried from other hosts:

Code:

root@ddns:~# ping -c2 cdns.example.con
PING cdns.example.con (192.168.124.101) 56(84) bytes of data.
64 bytes from cdns.example.con (192.168.124.101): icmp_seq=1 ttl=64 time=0.217 ms
64 bytes from cdns.example.con (192.168.124.101): icmp_seq=2 ttl=64 time=0.301 ms

--- cdns.example.con ping statistics ---
2 packets transmitted, 2 received, 0 packet loss, time 999ms
rtt min/avg/max/mdev = 0.217/0.259/0.301/0.042 ms

root@ddns:~# nmap cdns.example.con

Starting Nmap 6.47 ( http://nmap.org ) at 2016-01-27 21:28 IST
Nmap scan report for cdns.example.con (192.168.124.101)
Host is up (0.00020s latency).
Not shown: 998 filtered ports
PORT   STATE  SERVICE
22/tcp open   ssh
53/tcp closed domain
MAC Address: 52:54:00:26:76:F4 (QEMU Virtual NIC)

Nmap done: 1 IP address (1 host up) scanned in 4.56 seconds

root@ddns:~# telnet cdns.example.con 53
Trying 192.168.124.101...
telnet: Unable to connect to remote host: Connection refused

This is what I have done.

Code:

[root@cdns ~]# yum install bind bind-utils
[root@cdns ~]# systemctl start named && systemctl enable named
[root@cdns ~]# firewall-cmd --permanent --add-service=dns
[root@cdns ~]# firewall-cmd --reload

This is query:

Code:

[root@cdns ~]# systemctl status named
 named.service - Berkeley Internet Name Domain (DNS)
   Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor preset: disabled)
   Active: active (running) since Wed 2016-01-27 20:48:56 IST; 54min ago
  Process: 1209 ExecStart=/usr/sbin/named -u named $OPTIONS (code=exited, status=0/SUCCESS)
  Process: 1200 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z /etc/named.conf; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)
 Main PID: 1220 (named)
   CGroup: /system.slice/named.service
           1220 /usr/sbin/named -u named

Jan 27 20:48:56 cdns.example.con named[1220]: command channel listening on ::1#953
Jan 27 20:48:56 cdns.example.con named[1220]: managed-keys-zone: loaded serial 2
Jan 27 20:48:56 cdns.example.con named[1220]: zone 0.in-addr.arpa/IN: loaded serial 0
Jan 27 20:48:56 cdns.example.con named[1220]: zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
Jan 27 20:48:56 cdns.example.con named[1220]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
Jan 27 20:48:56 cdns.example.con named[1220]: zone localhost.localdomain/IN: loaded serial 0
Jan 27 20:48:56 cdns.example.con named[1220]: zone localhost/IN: loaded serial 0
Jan 27 20:48:56 cdns.example.con named[1220]: all zones loaded
Jan 27 20:48:56 cdns.example.con systemd[1]: Started Berkeley Internet Name Domain (DNS).
Jan 27 20:48:56 cdns.example.con named[1220]: running

[root@cdns ~]# firewall-cmd --query-service=dns
yes

[root@cdns ~]# netstat -ltunp | grep ':53'
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      1220/named          
tcp6       0      0 ::1:53                  :::*                    LISTEN      1220/named          
udp        0      0 127.0.0.1:53            0.0.0.0:*                           1220/named          
udp6       0      0 ::1:53                  :::*                                1220/named

What steps am I missing that is making dns ports closed?

Thanks

AlucardZero · 01-27-2016, 12:34 PM

From your netstat output: named is only listening on localhost (127.0.0.1 and ::1). Change its config to also listen on other interfaces (192.168.124.101, at least).

mangya · 01-27-2016, 12:59 PM

Quote:

Originally Posted by AlucardZero

From your netstat output: named is only listening on localhost (127.0.0.1 and ::1). Change its config to also listen on other interfaces (192.168.124.101, at least).

Changed to listen-on port 53 { 127.0.0.1; 192.168.124.101; }; in named.conf. Now port is open. Many thanks.