Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place! |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
07-01-2012, 12:45 PM
|
#1
|
Senior Member
Registered: Feb 2011
Distribution: Ubuntu, Centos
Posts: 1,247
Rep: 
|
port 53 blocked?
Hello,
I'm experimenting with a DNS server at home which I can seem to make use of remotely and I am not sure if port 53 is actually blocked by my ISP. My DNS server works on localhost, I've created a zone and everything, but when I try to ping the zone from the outside, it doesn't respond. Obviously, I've added the DNS ip on my windows client computer. So what I'm trying to find out, as I've said before, is to understand if the port is really blocked. I've checked the ports the computer is listening to and it was there attached to my public address.
Any suggestions?
Thanks
|
|
|
07-01-2012, 03:12 PM
|
#2
|
Member
Registered: Oct 2003
Location: UnitedKingdom
Distribution: Debian Bullseye
Posts: 357
Rep:
|
do you have an outside IP where you can login to ? so that you can try out
a) Enable debug mode in bind and check if the requests are reaching your server
b) Do a tcpdump on udp port 53 to check if the packets are reaching.
Even before these, have you setup your domain host server NS records correctly to the IP which is being queried ?
|
|
|
07-01-2012, 04:27 PM
|
#3
|
Senior Member
Registered: Feb 2011
Distribution: Ubuntu, Centos
Posts: 1,247
Original Poster
Rep: 
|
R:
Yes, I have a routable IP. Actually I'm connecting through ssh from a remote location (from a windows client on which I changed my dns settings with the server's ip)
I've only started bind with #named -g command and no, as far I as could see, there was no response to any queries that I've tried.
This is how the zone file looks. It's really rudimentary:
$ORIGIN zonamea.ro.
$TTL 3600
@ SOA ns.zonamea.com. vinci.zonamea.com. (
2012070107;
1d;
2h;
4w;
1h;
)
zonamea.com. NS ns
zonamea.com. MX 10 mail.zonamea.com.
zonamea.com. A 95.164.52.197
ns A 95.164.52.197
www CNAME zonamea.com.
mail A 95.164.52.197
As you can see from "ns A 95...", the association is made... correctly, I suppose.
I've run a tcpdump, but there's no output to my ping zonamea.com from my windows computer.
|
|
|
07-05-2012, 11:46 AM
|
#4
|
Member
Registered: Dec 2011
Posts: 32
Rep:
|
Well the zone is delegated to some older BIND servers, that don't have the zone. (They are referring back to root, doesn't follow current standards.)
However I would suspect there may be a problem with the remote site you are coming from blocking connections to port 53. On the remote box try
Code:
nslookup -debug www.google.com. 8.8.8.8
from the windows box to see if the remote network is blocking outbound DNS requests.
If you want this to resolve on the internet you will need to have the GTLD servers add the GLUE records delegating to your server ns.zonamea.com and providing the A record for the NS server as well. If you purchased the domain you would do this with whoever you bought the domain from. Hope this points you in the right direction.
I shorted this up a bit but here is some of the output I got from "dig +trace zonamea.com."
Code:
com. 172800 IN NS a.gtld-servers.net.
com. 172800 IN NS b.gtld-servers.net.
com. 172800 IN NS c.gtld-servers.net.
;; Received 489 bytes from 199.7.83.42#53(199.7.83.42) in 287 ms
zonamea.com. 172800 IN NS ns10.hostzilla.ro.
zonamea.com. 172800 IN NS ns11.hostzilla.ro.
zonamea.com. 172800 IN NS ns12.hostzilla.ro.
;; Received 98 bytes from 192.42.93.30#53(192.42.93.30) in 132 ms
. 518400 IN NS A.ROOT-SERVERS.NET.
. 518400 IN NS B.ROOT-SERVERS.NET.
. 518400 IN NS C.ROOT-SERVERS.NET.
;; BAD REFERRAL
;; Received 240 bytes from 92.55.144.207#53(92.55.144.207) in 241 ms
|
|
|
07-06-2012, 09:54 AM
|
#5
|
Senior Member
Registered: Feb 2011
Distribution: Ubuntu, Centos
Posts: 1,247
Original Poster
Rep: 
|
re
I don't think you understand. I didn't byy any domain. I'm just experimenting with a dns server. You'd have to know my public ip (the one I wrote isn't the real one) etc, etc.
I don't know how I can make it easier: I created a dns server on linux and I'm trying to use it (to use the domain on which it's authoritative) by changing my windows dns settings using the server's ip. That is all. And I simply want to it respond to the respective domain. And the problem is that it doesn't. I'm not sure ifport 53 is blocked. I'll try to phone up my ISP and get to the bottom of this.
Anyway, I hope you understand from what I'm saying here that what you've done, looking for zonamea.com makes no sense in this context, because the domain is not public. It was just a connection referring to two computers - the linux server and the windows server. That is all.
Quote:
Originally Posted by RobertEachus
Well the zone is delegated to some older BIND servers, that don't have the zone. (They are referring back to root, doesn't follow current standards.)
However I would suspect there may be a problem with the remote site you are coming from blocking connections to port 53. On the remote box try
Code:
nslookup -debug www.google.com. 8.8.8.8
from the windows box to see if the remote network is blocking outbound DNS requests.
If you want this to resolve on the internet you will need to have the GTLD servers add the GLUE records delegating to your server ns.zonamea.com and providing the A record for the NS server as well. If you purchased the domain you would do this with whoever you bought the domain from. Hope this points you in the right direction.
I shorted this up a bit but here is some of the output I got from "dig +trace zonamea.com."
Code:
com. 172800 IN NS a.gtld-servers.net.
com. 172800 IN NS b.gtld-servers.net.
com. 172800 IN NS c.gtld-servers.net.
;; Received 489 bytes from 199.7.83.42#53(199.7.83.42) in 287 ms
zonamea.com. 172800 IN NS ns10.hostzilla.ro.
zonamea.com. 172800 IN NS ns11.hostzilla.ro.
zonamea.com. 172800 IN NS ns12.hostzilla.ro.
;; Received 98 bytes from 192.42.93.30#53(192.42.93.30) in 132 ms
. 518400 IN NS A.ROOT-SERVERS.NET.
. 518400 IN NS B.ROOT-SERVERS.NET.
. 518400 IN NS C.ROOT-SERVERS.NET.
;; BAD REFERRAL
;; Received 240 bytes from 92.55.144.207#53(92.55.144.207) in 241 ms
|
|
|
|
07-06-2012, 12:42 PM
|
#6
|
Member
Registered: Dec 2011
Posts: 32
Rep:
|
Sorry I'll try to turn off -verbose  I was just trying to give you as much information as possible, with the information you provided.
I doubt your ISP is blocking incoming requests requests on port 53. I know the common ports for blocking and the reasons behind them. As I mentioned before its more likely that the private network, your remote linux box is on, is blocking direct connections to DNS servers on the internet, as this is much more common than ISPs blocking your use of port 53. (Not saying they aren't just that it would be unusual.)
Sadly DSL reports may be a better source of a port blocking list for your ISP than the Tier 1 tech support. Tier 1 tends to fail badly when it comes to uncommon technical questions.
If you would like a tool for determining where/if port 53 is blocked you can do a TCP syn packet traceroute from linux with;
Code:
traceroute -T -p 53 [DNS SERVER IP]
To do the same from your windows box you will need something like tracetcp
Code:
tcping.exe [DNS SERVER IP] 53
Yes, DNS is normally UDP port 53 however it fails over to TCP as a back up, so if UDP port 53 is blocked then TCP would also be blocked.
You could also try to telnet from the windows box to the DNS server on port 53, it should connect then hang.
Code:
telnet [DNS SERVER IP] 53
Last edited by RobertEachus; 07-06-2012 at 12:54 PM.
Reason: Had client and server OSs backwards
|
|
|
07-17-2012, 01:49 PM
|
#7
|
Senior Member
Registered: Feb 2011
Distribution: Ubuntu, Centos
Posts: 1,247
Original Poster
Rep: 
|
I'll get back to you after I experiment again with my DNS server. I only want to say that there's no private network (except the one the windows client is on from which I try to reach the dns server), my Linux has a public IP. I only told you that the one I put down for you was not the real one, but it's still public 
|
|
|
07-17-2012, 03:11 PM
|
#8
|
Senior Member
Registered: Jan 2010
Location: SI : 45.9531, 15.4894
Distribution: CentOS, OpenNA/Trustix, testing desktop openSuse 12.1 /Cinnamon/KDE4.8
Posts: 1,144
|
Hi vincix
you can setup your server like " resolving caching name server" or you can have any of the DNS server types.
Which one did you set up ?
By what I understand your posts is that you want "resolving caching DNS" in which you can add an "authoritative" for your domain "example-domain.net".
good luck
|
|
|
All times are GMT -5. The time now is 03:17 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|