LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 01-23-2012, 08:41 AM   #16
vonedaddy
Member
 
Registered: Aug 2004
Location: Philadelphia,PA
Posts: 177

Original Poster
Rep: Reputation: 17

tcp 0 0 x.x.x.x:53 0.0.0.0:* LISTEN 20235/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 20235/named
udp 0 0 x.x.x.x:53 0.0.0.0:* 20235/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 20235/named


@bathory
Your right, its not listening on UDP 53, why is it listening on TCP not UDP? What do I need to do to get it to listen on UDP?

Or is it just not saying LISTEN because it's UDP?

Last edited by vonedaddy; 01-23-2012 at 08:51 AM.
 
Old 01-23-2012, 09:17 AM   #17
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,910

Rep: Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326
Quote:
udp 0 0 x.x.x.x:53 0.0.0.0:* 20235/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 20235/named
It listens fine.
Try using debugging, or perhaps tcpdump and see what you get
 
Old 01-23-2012, 09:44 AM   #18
vonedaddy
Member
 
Registered: Aug 2004
Location: Philadelphia,PA
Posts: 177

Original Poster
Rep: Reputation: 17
tcp 0 0 x.x.x.x:53 0.0.0.0:* LISTEN 9675/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 9675/named
udp 0 0 x.x.x.x:53 0.0.0.0:* 9675/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 9675/named
udp 0 0 x.x.x.x:64211 192.31.80.30:53 ESTABLISHED 9675/named
udp 0 0 x.x.x.x:43861 192.33.14.30:53 ESTABLISHED 9675/named


I ran rndc trace 3, then tailed named.run:

# tail -f named.run
clientmgr @0x7f5c842de2b5: clientmgr_destroy
exiting
zone 0.in-addr.arpa/IN: loaded serial 0
zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
zone localhost.localdomain/IN: loaded serial 0
zone localhost/IN: loaded serial 0
managed-keys-zone ./IN: loading from master file dynamic/managed-keys.bind failed: file not found
managed-keys-zone ./IN: loaded serial 0
running



It does not even show the query, like its not getting here. iptables allows 53 and its listening...
 
Old 01-23-2012, 09:49 AM   #19
vonedaddy
Member
 
Registered: Aug 2004
Location: Philadelphia,PA
Posts: 177

Original Poster
Rep: Reputation: 17
I tried tcpdump, and did some queries from another machine. Although I am not sure what any of this means, here is a snippet.

0:44:23.244073 IP m.gtld-servers.net.domain > ns1.mydomain.local.39411: Flags [R.], seq 0, ack 514012226, win 5840, length 0
10:44:23.244313 IP ns1.mydomain.local.as-debug > g.gtld-servers.net.domain: 28348 [1au] AAAA? news.yahoo.com. (43)
10:44:23.272603 IP m.gtld-servers.net.domain > ns1.mydomain.local.re101: 191-| 0/5/1 (405)
10:44:23.272813 IP ns1.mydomain.local.35484 > m.gtld-servers.net.domain: Flags [S], seq 520941895, win 5840, options [mss 1460,sackOK,TS val 8366897 ecr 0,nop,wscale 7], length 0
10:44:23.273068 IP m.gtld-servers.net.domain > ns1.mydomain.local.35484: Flags [R.], seq 0, ack 520941896, win 5840, length 0
10:44:23.273226 IP ns1.mydomain.local.45619 > f.gtld-servers.net.domain: 28369 [1au] A? msgme.com. (38)
10:44:23.278559 IP b.gtld-servers.net.domain > ns1.mydomain.local.63066: 26089-| 0/5/1 (405)
10:44:23.278736 IP ns1.mydomain.local.48926 > b.gtld-servers.net.domain: Flags [S], seq 521353269, win 5840, options [mss 1460,sackOK,TS val 8366903 ecr 0,nop,wscale 7], length 0
10:44:23.278895 IP b.gtld-servers.net.domain > ns1.mydomain.local.48926: Flags [R.], seq 0, ack 521353270, win 5840, length 0
10:44:23.279011 IP ns1.mydomain.local.domain > INTERNALDNS1.mydomain.local.56886: 54874 ServFail 0/0/1 (38)
10:44:23.279026 IP ns1.mydomain.local.domain > INTERNALDNS1.mydomain.local.22905: 49563 ServFail 0/0/1 (38)
10:44:23.326185 IP g.gtld-servers.net.domain > ns1.mydomain.local.as-debug: 28348-| 0/8/1 (455)
10:44:23.326408 IP ns1.mydomain.local.46613 > g.gtld-servers.net.domain: Flags [S], seq 525309528, win 5840, options [mss 1460,sackOK,TS val 8366950 ecr 0,nop,wscale 7], length 0
10:44:23.326638 IP g.gtld-servers.net.domain > ns1.mydomain.local.46613: Flags [R.], seq 0, ack 525309529, win 5840, length 0
10:44:23.326849 IP ns1.mydomain.local.56387 > k.gtld-servers.net.domain: 59576 [1au] AAAA? news.yahoo.com. (43)
10:44:23.347168 IP f.gtld-servers.net.domain > ns1.mydomain.local.45619: 28369-| 0/5/1 (405)
10:44:23.347410 IP ns1.mydomain.local.34171 > f.gtld-servers.net.domain: Flags [S], seq 514907537, win 5840, options [mss 1460,sackOK,TS val 8366971 ecr 0,nop,wscale 7], length 0
10:44:23.347570 IP f.gtld-servers.net.domain > ns1.mydomain.local.34171: Flags [R.], seq 0, ack 514907538, win 5840, length 0
10:44:23.347772 IP ns1.mydomain.local.18885 > l.gtld-servers.net.domain: 34233 [1au] A? msgme.com. (38)
10:44:23.354989 IP l.gtld-servers.net.domain > ns1.mydomain.local.18885: 34233-| 0/5/1 (405)
10:44:23.355216 IP ns1.mydomain.local.56209 > l.gtld-servers.net.domain: Flags [S], seq 523240441, win 5840, options [mss 1460,sackOK,TS val 8366979 ecr 0,nop,wscale 7], length 0
10:44:23.355448 IP l.gtld-servers.net.domain > ns1.mydomain.local.56209: Flags [R.], seq 0, ack 523240442, win 5840, length 0
10:44:23.355558 IP ns1.mydomain.local.51536 > c.gtld-servers.net.domain: 9409 [1au] A? msgme.com. (38)
10:44:23.366626 IP c.gtld-servers.net.domain > ns1.mydomain.local.51536: 9409-| 0/5/1 (405)
10:44:23.366926 IP ns1.mydomain.local.57378 > c.gtld-servers.net.domain: Flags [S], seq 516788939, win 5840, options [mss 1460,sackOK,TS val 8366991 ecr 0,nop,wscale 7], length 0
10:44:23.367146 IP c.gtld-servers.net.domain > ns1.mydomain.local.57378: Flags [R.], seq 0, ack 516788940, win 5840, length 0
10:44:23.367331 IP ns1.mydomain.local.18778 > e.gtld-servers.net.domain: 11771 [1au] A? msgme.com. (38)
10:44:23.426059 IP k.gtld-servers.net.domain > ns1.mydomain.local.56387: 59576-| 0/8/1 (455)
10:44:23.426287 IP ns1.mydomain.local.47250 > k.gtld-servers.net.domain: Flags [S], seq 526316605, win 5840, options [mss 1460,sackOK,TS val 8367050 ecr 0,nop,wscale 7], length 0
10:44:23.426515 IP k.gtld-servers.net.domain > ns1.mydomain.local.47250: Flags [R.], seq 0, ack 526316606, win 5840, length 0
10:44:23.426619 IP ns1.mydomain.local.49865 > b.gtld-servers.net.domain: 23943 [1au] AAAA? news.yahoo.com. (43)
10:44:23.457960 IP e.gtld-servers.net.domain > ns1.mydomain.local.18778: 11771-| 0/5/1 (405)
10:44:23.458280 IP ns1.mydomain.local.57933 > e.gtld-servers.net.domain: Flags [S], seq 526319483, win 5840, options [mss 1460,sackOK,TS val 8367082 ecr 0,nop,wscale 7], length 0
 
Old 01-23-2012, 09:51 AM   #20
vonedaddy
Member
 
Registered: Aug 2004
Location: Philadelphia,PA
Posts: 177

Original Poster
Rep: Reputation: 17
Here is some more debugging info from trace 2:

client 192.168.16.6#22732: query failed (SERVFAIL) for reporting.eu-survey.com/IN/A at query.c:4648
client 192.168.16.6#56810: query failed (SERVFAIL) for reporting.eu-survey.com/IN/A at query.c:4648
fetch completed at resolver.c:3087 for reporting.eu-survey.com/A in 11.494339: SERVFAIL/success [domain:com,referral:1,restart:11,qrysent:208,timeout:0,lame:0,neterr:0,badresp:0,adberr:0,findfail:0 ,valfail:0]
createfetch: www.hollywood.com A
client 192.168.16.6#63336: query failed (SERVFAIL) for www.wikihow.com/IN/A at query.c:4648
fetch completed at resolver.c:3087 for www.wikihow.com/A in 11.948703: SERVFAIL/success [domain:com,referral:0,restart:11,qrysent:220,timeout:0,lame:0,neterr:0,badresp:0,adberr:2,findfail:0 ,valfail:0]
client 192.168.16.6#50127: query failed (SERVFAIL) for www.wikihow.com/IN/A at query.c:4648
client 192.168.16.6#15294: query failed (SERVFAIL) for www.hollywood.com/IN/A at query.c:4648
fetch completed at resolver.c:3087 for www.hollywood.com/A in 11.704249: SERVFAIL/success [domain:com,referral:0,restart:11,qrysent:220,timeout:0,lame:0,neterr:0,badresp:0,adberr:7,findfail:0 ,valfail:0]
client 192.168.16.6#47813: query failed (SERVFAIL) for www.hollywood.com/IN/A at query.c:4648
createfetch: www.thestatecolumn.com A

Last edited by vonedaddy; 01-23-2012 at 09:57 AM.
 
Old 01-23-2012, 10:42 AM   #21
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,910

Rep: Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326
What's in /etc/resolv.conf?
Check if running queries like:
Code:
dig @127.0.0.1 google.com
works?
 
Old 01-23-2012, 10:47 AM   #22
vonedaddy
Member
 
Registered: Aug 2004
Location: Philadelphia,PA
Posts: 177

Original Poster
Rep: Reputation: 17
First off I need to say thanks for your continued help on this.

No it still doesnt work.

in /etc/resolv.conf is another DNS server we have running RHEL4.

[root@ns1 data]# dig @127.0.0.1 google.com

; <<>> DiG 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.2 <<>> @127.0.0.1 google.com
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached



But if I add +trace it works...

[root@ns1 data]# dig @127.0.0.1 google.com +trace

; <<>> DiG 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.2 <<>> @127.0.0.1 google.com +trace
; (1 server found)
;; global options: +cmd
. 517244 IN NS k.root-servers.net.
. 517244 IN NS l.root-servers.net.
. 517244 IN NS a.root-servers.net.
. 517244 IN NS b.root-servers.net.
. 517244 IN NS e.root-servers.net.
. 517244 IN NS c.root-servers.net.
. 517244 IN NS m.root-servers.net.
. 517244 IN NS f.root-servers.net.
. 517244 IN NS d.root-servers.net.
. 517244 IN NS j.root-servers.net.
. 517244 IN NS h.root-servers.net.
. 517244 IN NS g.root-servers.net.
. 517244 IN NS i.root-servers.net.
;; Received 340 bytes from 127.0.0.1#53(127.0.0.1) in 0 ms

com. 172800 IN NS j.gtld-servers.net.
com. 172800 IN NS e.gtld-servers.net.
com. 172800 IN NS a.gtld-servers.net.
com. 172800 IN NS m.gtld-servers.net.
com. 172800 IN NS d.gtld-servers.net.
com. 172800 IN NS k.gtld-servers.net.
com. 172800 IN NS b.gtld-servers.net.
com. 172800 IN NS l.gtld-servers.net.
com. 172800 IN NS i.gtld-servers.net.
com. 172800 IN NS h.gtld-servers.net.
com. 172800 IN NS c.gtld-servers.net.
com. 172800 IN NS f.gtld-servers.net.
com. 172800 IN NS g.gtld-servers.net.
;; Received 488 bytes from 192.228.79.201#53(b.root-servers.net) in 88 ms

google.com. 172800 IN NS ns2.google.com.
google.com. 172800 IN NS ns1.google.com.
google.com. 172800 IN NS ns3.google.com.
google.com. 172800 IN NS ns4.google.com.
;; Received 164 bytes from 192.26.92.30#53(c.gtld-servers.net) in 10 ms

google.com. 300 IN A 74.125.115.147
google.com. 300 IN A 74.125.115.105
google.com. 300 IN A 74.125.115.103
google.com. 300 IN A 74.125.115.106
google.com. 300 IN A 74.125.115.104
google.com. 300 IN A 74.125.115.99
;; Received 124 bytes from 216.239.32.10#53(ns1.google.com) in 31 ms
 
Old 01-23-2012, 11:19 AM   #23
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,910

Rep: Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326
Well I'm really out of ideas.
bind behaves like there is a firewall (even for localhost) preventing access to port 53. Try to stop iptables and see what happens
 
Old 01-23-2012, 11:27 AM   #24
vonedaddy
Member
 
Registered: Aug 2004
Location: Philadelphia,PA
Posts: 177

Original Poster
Rep: Reputation: 17
Quote:
Originally Posted by bathory View Post
Well I'm really out of ideas.
bind behaves like there is a firewall (even for localhost) preventing access to port 53. Try to stop iptables and see what happens
I tried it with no iptables rules. (iptables -F) still nothing.

I even re-installed the OS from scratch, same thing. There has to be something I am missing.
 
Old 01-23-2012, 11:40 AM   #25
Nomad-71
LQ Newbie
 
Registered: Jan 2012
Location: Russia
Distribution: Fedora
Posts: 15

Rep: Reputation: 0
what about SELinux policy's?
 
Old 01-23-2012, 11:48 AM   #26
vonedaddy
Member
 
Registered: Aug 2004
Location: Philadelphia,PA
Posts: 177

Original Poster
Rep: Reputation: 17
Quote:
Originally Posted by Nomad-71 View Post
what about SELinux policy's?
Nothing is showing up in /var/log/audit/audit.log

I even tried setenforce 0
 
Old 01-23-2012, 11:55 AM   #27
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,910

Rep: Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326
Quote:
There has to be something I am missing.
No your config is ok. I've tested on my slackware bind installation and it works as expected.
Could be SELinux, even though I doubt.
Try setup a forwarder and see what you get. Add in the options part of named.conf
Code:
forward only;
forwarders { x.x.x.x; };
where x.x.x.x is the nameserver that is present in /etc/resolv.conf
 
Old 01-23-2012, 12:03 PM   #28
vonedaddy
Member
 
Registered: Aug 2004
Location: Philadelphia,PA
Posts: 177

Original Poster
Rep: Reputation: 17
It works with the forwarders. But that defeats the point. We have 2 external name servers, ns1 and ns2. Right now I am just forwarding all the queries from ns1 to ns2.

Thanks for you help, if you have any more ideas I would love to hear them.
 
Old 01-23-2012, 12:15 PM   #29
Nomad-71
LQ Newbie
 
Registered: Jan 2012
Location: Russia
Distribution: Fedora
Posts: 15

Rep: Reputation: 0
Small question: are you using bind-chroot to run it in a chroot environment?
 
Old 01-23-2012, 12:38 PM   #30
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,910

Rep: Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326
Quote:
It works with the forwarders. But that defeats the point
It shouldn't work as you still access port 53 to query your dns. That is the strange thing.
It answers on port 53 when it's forwarding queries or doing a trace, but does not answer when used as a caching dns!!!!
Looking at named.conf for rhel/centos, I notice there is a
Code:
include "/etc/named.rfc1912.zones";
that you're not using. Maybe you need to include that file too in named.conf
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
BIND - reverse dns queries only working locally, forward dns works fine. SloS13 Linux - Networking 3 08-25-2011 12:46 PM
Bind allow-recursion seems to be ignored helpmhost Linux - Server 1 06-04-2009 01:11 PM
bind dns recursion, is this supposed to do that? sir-lancealot Linux - Server 1 08-30-2007 07:26 PM
BIND 9.3.3 split dns recursion disallow twantrd Linux - Software 2 12-15-2006 06:12 PM
Problems with BIND-9.2.3 - No Recursion ScooterB Linux - Server 4 11-25-2006 11:10 AM


All times are GMT -5. The time now is 11:40 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration