Bind9 DNS Issue
Can someone please help me with a really simple Bind issue. I am using Bind9 and I am hosting ibxsecurity.com ... If I ask 192.168.10.12 (Local Private IP) about ibxsecurity.com it will respond with my WAN IP (Which it should do) now if I ask my Wan IP about ibxsecurity.com it gives me DNS requested timed out. I do have the ports forwarded and it does not fail until I ask about the domain. PLEASE HELP!
|
Quote:
From my end, I do not get an answer from your DNS server. Another possibility is your ISP could be blocking inbound DNS requests. Based on a lookup of your domain, the IP address referenced appears to be dynamic. ie. DHCP assigned. |
If I do nslookup ibxsecurity.com
nslookup > server 192.168.10.12 > ibxsecurity.com > replies with my public IP nslookup > server 64.233.245.124 > ibxsecurity.com > DNS request timed out My ISP does not block dns request and I have a static IP. Sorry when you tried Bind needed restarted. |
Well, also dnsreport gives timeout with your dns. So if your isp does not block port 53 tcp/udp, then perhaps your dns does not listen on the external interface (64.233.245.124) of ypu have a firewall that blocks that ports.
|
How do I make bind listen on the external interface?
|
By default named listens to all interfaces on port 53, unless you've changed the "listen-on" option in your named.conf or you have an acl to block external requests. So if you are sure it's not a firewall or your isp that blocks port 53 problem, take a look at named.conf for the "listen-on" and "acl" directives.
|
Thanks for all the help, but I do not have "listen-on" or "acl" in named.conf
options { pid-file "/var/run/bind/run/named.pid"; directory "/etc/bind"; auth-nxdomain no; /* * If there is a firewall between you and nameservers you want * to talk to, you might need to uncomment the query-source * directive below. Previous versions of BIND always asked * questions using port 53, but BIND 8.1 uses an unprivileged * port by default. */ query-source address * port 53; }; // // a caching only nameserver config // zone "." { type hint; file "db.root"; }; zone "0.0.127.in-addr.arpa" { type master; file "db.local"; }; zone "245.233.64.in-addr.arpa" { type master; file "pri.245.233.64.in-addr.arpa"; }; zone "ibxsecurity.com" { type master; file "pri.ibxsecurity.com"; }; //// MAKE MANUAL ENTRIES BELOW THIS LINE! //// |
Check if you have a firewall running that blocks incoming requests on port 53:
Code:
iptables -L Code:
ifconfig -a |
iptables -L
Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination I use a router and have 53 tcp/udp routed to this computer. ifconfig -a eth0 Link encap:Ethernet HWaddr 00:E0:18:D2:B1:3C inet addr:192.168.10.12 Bcast:192.168.10.255 Mask:255.255.255.0 inet6 addr: fe80::2e0:18ff:fed2:b13c/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:107270 errors:0 dropped:0 overruns:0 frame:0 TX packets:204597 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:25480329 (24.2 MiB) TX bytes:40084259 (38.2 MiB) Interrupt:177 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:162 errors:0 dropped:0 overruns:0 frame:0 TX packets:162 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:15542 (15.1 KiB) TX bytes:15542 (15.1 KiB) sit0 Link encap:IPv6-in-IPv4 NOARP MTU:1480 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 3719/mysqld tcp 0 0 0.0.0.0:81 0.0.0.0:* LISTEN 4041/ispconfig_http tcp 0 0 192.168.10.12:53 0.0.0.0:* LISTEN 13885/named tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 13885/named tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 4291/proftpd: (acce tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 13885/named tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 4234/master tcp6 0 0 :::993 :::* LISTEN 3593/couriertcpd tcp6 0 0 :::995 :::* LISTEN 3628/couriertcpd tcp6 0 0 :::110 :::* LISTEN 3608/couriertcpd tcp6 0 0 :::143 :::* LISTEN 3568/couriertcpd tcp6 0 0 :::80 :::* LISTEN 4142/apache2 tcp6 0 0 :::22 :::* LISTEN 3882/sshd tcp6 0 0 ::1:953 :::* LISTEN 13885/named tcp6 0 0 :::25 :::* LISTEN 4234/master tcp6 0 0 :::443 :::* LISTEN 4142/apache2 tcp6 0 432 ::ffff:192.168.10.12:22 ::ffff:192.168.10.243:48343 ESTABLISHED14259/0 udp 0 0 0.0.0.0:53 0.0.0.0:* 13885/named udp 0 0 192.168.10.12:53 0.0.0.0:* 13885/named udp 0 0 127.0.0.1:53 0.0.0.0:* 13885/named udp6 0 0 :::32787 :::* 13885/named I also rechecked with ISPs NOC and they state the port is not blocked. |
Then it's your router that is not forwarding requests cause I've ran nmap against your public IP and it founds all ports closed.
|
Accepted Traffice by the firewall
Jul 15 16:24:02 WAN 65.24.7.3:32776 192.168.10.12:53 UDP If the computer is not accepting the traffic wouldn't it come up as being closed. So I think that is what is happening. |
All times are GMT -5. The time now is 08:56 AM. |