DNS and iptables
Configure a cache-only DNS server on 198.4.195.45.
I have the default /etc/named.conf file, with 2 modifications: … listen-on port 53 { 127.0.0.1; 198.4.195.45; }; allow-query { localhost; 192.168.122.0/24; }; … /etc/sysconfig/iptables: *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [110:14686] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -i eth+ -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 5900:5904 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 53 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -p icmp -j ACCEPT -A FORWARD -i lo -j ACCEPT -A FORWARD -i eth+ -j ACCEPT -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT Iptables is enabled on 198.4.195.45. From server 192.168.122.5, entering # dig@198.4.195.45 cnn.com ; <<>> DiG 9.7.0-P2-RedHat-9.7.0-5.P2.el6 <<>> @198.4.195.45 cnn.com ; (1 server found) ;; global options: +cmd ;; connection timed out; no servers could be reached There is no DNS related query activity is record on 198.4.195.45’s messages file. If I stop iptables on 198.4.195.45, dig command resolves cnn.com. Iptables –L shows … ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:domain … Port 53 is opened. Is there any other port need to be open? What do I miss? Thanks. |
Quote:
Quote:
Quote:
|
All times are GMT -5. The time now is 04:33 PM. |