LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 06-09-2005, 06:34 PM   #16
Sharaz
Member
 
Registered: Jun 2005
Location: Dallas, TX
Distribution: Fedora 11,12, RedHat4,6, CentOS4,5, FreeBSD7,8
Posts: 70

Rep: Reputation: 16

did you forward port 53 tcp or udp?

tcp is for zone transfers and updates to other servers, and udp is for queries.
 
Old 06-09-2005, 06:34 PM   #17
wjleon
Member
 
Registered: Apr 2005
Posts: 36

Original Poster
Rep: Reputation: 15
Quick answer, I have only one ethernet card on that machine and before you ask me why I haven't put another one I have to say that is not that easy, complicated waranty politics invovled. Can you help me out with tcdump to check if the responde is going back ok?
 
Old 06-09-2005, 06:39 PM   #18
Sharaz
Member
 
Registered: Jun 2005
Location: Dallas, TX
Distribution: Fedora 11,12, RedHat4,6, CentOS4,5, FreeBSD7,8
Posts: 70

Rep: Reputation: 16
i dont think tcpdump is what you need. post us the output from

route -n

if you have only 1 ethernet card, your likely having routing issues.

*edit* wait, did you say you can ssh to the internet ip address? if yes, then i revert back to my previous question, do you have udp 53 open?

Last edited by Sharaz; 06-09-2005 at 06:43 PM.
 
Old 06-09-2005, 06:49 PM   #19
wjleon
Member
 
Registered: Apr 2005
Posts: 36

Original Poster
Rep: Reputation: 15
Here is the output> route -n

Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.0.32 0.0.0.0 255.255.255.224 U 0 0 0 eth0
1.2.3.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
0.0.0.0 1.2.3.4 0.0.0.0 UG 0 0 0 eth0
 
Old 06-09-2005, 06:53 PM   #20
Sharaz
Member
 
Registered: Jun 2005
Location: Dallas, TX
Distribution: Fedora 11,12, RedHat4,6, CentOS4,5, FreeBSD7,8
Posts: 70

Rep: Reputation: 16
ok, so external gateway looks like what you are using for internet access and traffic. again, my guess is that port 53 udp is not open.
 
Old 06-09-2005, 06:56 PM   #21
wjleon
Member
 
Registered: Apr 2005
Posts: 36

Original Poster
Rep: Reputation: 15
Well, I can telnet dnsBox on port 53 from outside the network. Is that enough to say udp port is open (I know telcel is a conection-oriented application, i.e.m it work over tcp), my point is, how do I know if udp is open? (remeber I cannot see the router)
 
Old 06-09-2005, 07:01 PM   #22
Sharaz
Member
 
Registered: Jun 2005
Location: Dallas, TX
Distribution: Fedora 11,12, RedHat4,6, CentOS4,5, FreeBSD7,8
Posts: 70

Rep: Reputation: 16
nope, because telnet is tcp. without udp53, dns will not work
 
Old 06-09-2005, 07:11 PM   #23
wjleon
Member
 
Registered: Apr 2005
Posts: 36

Original Poster
Rep: Reputation: 15
Ok, udp is OPEN:
Code:
>netstat -an | grep udp

udp        0      0 1.2.3.4:53       0.0.0.0:*
udp        0      0 192.168.0.47:53         0.0.0.0:*
udp        0      0 127.0.0.1:53            0.0.0.0:*
udp        0      0 0.0.0.0:33124           0.0.0.0:*
udp        0      0 0.0.0.0:997             0.0.0.0:*
udp        0      0 0.0.0.0:1000            0.0.0.0:*
udp        0      0 0.0.0.0:111             0.0.0.0:*
udp6       0      0 :::33126                :::*
 
Old 06-09-2005, 07:15 PM   #24
Sharaz
Member
 
Registered: Jun 2005
Location: Dallas, TX
Distribution: Fedora 11,12, RedHat4,6, CentOS4,5, FreeBSD7,8
Posts: 70

Rep: Reputation: 16
did you just now open it, or was it already open?

if you just now did it, retest and let us know what happened.
 
Old 06-09-2005, 09:44 PM   #25
wjleon
Member
 
Registered: Apr 2005
Posts: 36

Original Poster
Rep: Reputation: 15
It was already open and it still doesn't work ... any other idea?
 
Old 01-20-2009, 04:26 PM   #26
hdokes
LQ Newbie
 
Registered: Jan 2005
Location: USA
Distribution: RedHat/Mandrake
Posts: 3

Rep: Reputation: 0
I have the exact same issue

Greetings,

I realize it was some time ago that this thread was posted however I neither seen a resolution to it nor can find any answers elsewhere so thought I would throw this at the wall and see if it sticks.

I am having the same issue as described above. I have created a new BIND9 DNS service on a Mandriva Server in a VM environment.

I also have freeradius running (and working) on this same VM.

I can query the server till the cows come home from the inside of the network however I can not from the outside. Now... unlike the posts above... I can not get a response on port 53 from the outside other than a time out.

The VM, as are all my internet servers, is sitting behind an IPCOP firewall. I have an old separate BIND4 server running on an independent box behind another IPCOP firewall (not the same one) and it has been running without incident for years. Only servers are behind the firewall. There are no internal (private) boxes attached. I do this for added security on the server boxes because I have been hacked so many times over the years on boxes with live IP addresses.

Here's what I have done...

Using tcpdump I have confirmed that requests ARE making it through the firewall from the outside AND are being seen at the BIND9 box. The requests are just not being answered by named. It has no problem answering all the requests you give from within the network on the green side of the firewall.

What is interesting however is that if I look at the query.log file for named it has ongoing listings of queries for domains hosted only on that server. There are no entries in query.log for any non-hosted domains unless those requests are generated on the same "internal" subnet.

I have spent two days straight trying to overcome this issue and I'm pretty certain it is staring me right in the face but I can't see it for the streaming characters flashing across my screen from log file dumps.

I have tried to find reference to it on the internet but have had no luck. Is there a 'switch' in BIND9 that says work with local address requests only or work with 'any' requests?

I have these software switches set in the named.conf file which I thought would cover it all... but... nope:

listen-on port 53 { any; };

allow-query { any; };
allow-recursion { any; };

blackhole { bogon; };
forwarders {
192.168.70.2;
};
There are no errors in the named default.log file and here are a couple entries from the query.log file:

20-Jan-2009 15:42:26.716 client 192.168.70.14#3448: query: 1.0.0.127.in-addr.arpa IN PTR +
20-Jan-2009 15:42:27.429 client 189.138.196.205#56663: query: robertsimaging.com IN MX +
20-Jan-2009 15:42:37.882 client 69.30.226.50#44835: query: ns2.slingshottech.net IN AAAA -E
20-Jan-2009 15:42:38.530 client 206.13.29.42#10710: query: robertsimaging.com IN A -E
20-Jan-2009 15:43:09.288 client 192.168.70.14#3502: query: 1.0.0.127.in-addr.arpa IN PTR +
20-Jan-2009 15:43:48.750 client 68.87.72.133#37195: query: blog.robertsimaging.com IN A -
20-Jan-2009 15:43:51.948 client 192.168.70.14#3567: query: 1.0.0.127.in-addr.arpa IN PTR +
20-Jan-2009 15:44:16.663 client 206.141.193.34#26154: query: robertsimaging.com IN A -E

Now if my hunch is correct... outside clients ARE being seen by named as showing above but it just simply doesn't respond to them. It does respond to the internal requests however.

Any assistance here would be much appreciated.

Thanks
 
Old 01-24-2009, 08:14 PM   #27
hdokes
LQ Newbie
 
Registered: Jan 2005
Location: USA
Distribution: RedHat/Mandrake
Posts: 3

Rep: Reputation: 0
Solution! Yeah!

Ok... figured it out.

The install of bind9 automatically installs two references in the named.conf file to external acl files. These files are supposedly suppose to contain known IP subnets that are test nets, etc. Apparently they are not all test nets any longer.

I disabled both these include references and everything is working properly now.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
public, private, protected...?(C++) name_in_use450 Programming 6 10-07-2008 11:43 PM
Suse Linux 9.1 Pro BIND9/DNS server vbat Linux - Newbie 0 10-01-2004 07:20 PM
public vs private ip emailssent Linux - Networking 2 09-28-2004 02:11 AM
Linking Public IP to a Private IP Saints Linux - Networking 0 05-04-2004 04:33 AM
Public DNS Server - Zone Transfer - granitecanyon.com j33px0r Linux - Networking 2 04-14-2004 09:26 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 05:43 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration