|
|||||||||
|
|||||||||
| |||||||||
|
|
|
| |||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Rate Thread | Display Modes |
Dev Shed Forums Sponsor:
|
 AT&T devCentral & BlackBerry(r) Webcast Series: BlackBerry and GPS -Build Location Awareness into your BlackBerry Applications, July 10th-1:00PM EST. Register Today!
|
|
#1
July 27th, 2003, 11:20 AM
|
|||
|
|||
|
Home dns server not 'dig'-able from Internet
Hi all,
I'm a beginner networking enthusiast and I've got a linux box functioning as a nat router, firewall, and nameserver (bind 9.2) for my 3 pc lan (on the 192.168.1.0 network) on a adsl connection (dynamic ip). Within my private lan, the nameserver works perfectly (i.e. i've set my windows box to use it as nameserver, my 3rd linux box is able to 'dig' it and i am using it to host some bogus domains which i am using for developmental purposes). However, when I try the 'dig' tool from a remote host (e.g. my school's servers) to my nameserver box, (e.g. dig @210.24.202.244 test.com), I get the connection timeout, no servers reached error. I had opened up port 53 on the firewall, tried to telnet 210.24.202.244 53 and there is response so the nameserver is reachable from the internet. For my named.conf, I've only got this critical (I think) line: options { directory "/var/named"; }; . . ...zone files data , as I've read that named defaults to accepting dns queries from anywhere. Can anyone advise what I have I have overlooked? Thank you very much!
|
|
#2
July 27th, 2003, 12:17 PM
|
||||
|
||||
|
Perhaps you were mistaken. I am not able to get DNS responses via UDP or TCP from 210.24.202.244. It smells like a firewall misconfiguration since I'm not even getting connection refused. Just timeouts.
"...which i am using for developmental purposes" Now that sounds interesting. I also host a dns server with various records for developmental purposes. If you'd like to use my server for testing feel free to query this server: server: ns1.dollardns.org (Win32 BIND 9.2.3) protocol: TCP or UDP zone: example.com (AXFR allowed) Quick-Link: http://www.dollardns.org/cgi-bin/DN...=axfr&submit=DS
__________________
Send me a private message if you would like me to setup your DNS for you for a price of your choosing. This is the preferred method if your DNS needs to be fixed/setup fast and you don't have the time to bounce messages back and forth on a forum. Also, check out these links: Whois Direct | DNS Crawler | NS Trace | Compare Free DNS Hosts Last edited by SilentRage : January 2nd, 2004 at 02:14 PM.
|
|
#3
July 28th, 2003, 01:13 AM
|
|||
|
|||
|
Thanks Silentrage for your reply.
Btw, the ip i stated in my first post is an arbitrary dynamic IP. I had shutdown my connection so you wasn't able to get any response at all from that address. I managed to get my linux box answer dns query from your web based dns crawler tool, and eventually I found out that my linux box is accepting both udp/tcp based queries from my private lan, while it is only accepting only tcp based dns queries from the internet itself. I have already opened port 53 to allow both tcp/udp packets and also shut down my iptables firewalls but the problem still persists. Any other possibilities? Meanwhile I shall study my iptables .... A portion of my iptables --list Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere state RELATED,ESTAB ACCEPT all -- anywhere anywhere state RELATED,ESTAB REJECT tcp -- anywhere anywhere tcp option=!2 rejec ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ACCEPT udp -- anywhere anywhere udp dpt:ssh ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ACCEPT udp -- anywhere anywhere udp dpt:ssh ACCEPT tcp -- anywhere anywhere tcp dpt:domain ACCEPT udp -- anywhere anywhere udp dpt:domain ACCEPT tcp -- anywhere anywhere tcp dpt:bootps ACCEPT udp -- anywhere anywhere udp dpt:bootps ACCEPT tcp -- anywhere anywhere tcp dpt:http ACCEPT udp -- anywhere anywhere udp dpt:http DROP all -- openlans.com anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere .. .. Last edited by njo : July 28th, 2003 at 01:38 AM.
|
|
#4
July 28th, 2003, 04:58 AM
|
|||
|
|||
|
After more rounds of testing with udp sockets, I found that my linux box itself is not accepting any udp packets to privileged ports < 1024. TCP packets can get through, since my webserver is working as well as tcp based dns query. I've shut down the firewall entirelly and this is still the case. Is there other system settings other than iptables I have missed out that is blocking these ports?
|
|
#5
July 28th, 2003, 08:03 AM
|
||||
|
||||
|
heh heh, there's a reason why I'm not in the linux forum helping people - I'm not good at that sort of thing. However, here's some suggestions from somebody I know. In case you'd like to get ahold of him for further help, this is where you can find him (if he's non-idle and present)
user: energy irc server: irc.asylum-net.org channel: #geeks <energy> on his server he can run iptables -L -v > temp.txt then do an external query to see which rule is blocking his udp 53 query <energy> also on his ACCEPT udp -- anywhere anywhere udp dpt:domain make it... <energy> ACCEPT udp -- anywhere anywhere udp dpt:domain state NEW <energy> nothing else should be blocking udp
|
|
| Viewing: Dev Shed Forums > System Administration > DNS > Home dns server not 'dig'-able from Internet |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
 |
|
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
