How can I get my server to listen to port 53 on an IP?

[dpicella]

My server does not seem to be listening to port 53 correctly.

I want my server to listen to port 53 on this IP: 65.60.101.156

I turned off iptables and disabled SELinux

Here is the output of # netstat -tapnl

Code:

# netstat -tapnl | grep named
tcp        0      0 10.1.1.191:53               0.0.0.0:*                   LISTEN      9627/named          
tcp        0      0 10.1.1.190:53               0.0.0.0:*                   LISTEN      9627/named          
tcp        0      0 127.0.0.1:53                0.0.0.0:*                   LISTEN      9627/named          
tcp        0      0 127.0.0.1:953               0.0.0.0:*                   LISTEN      9627/named          
tcp        0      0 ::1:53                      :::*                        LISTEN      9627/named          
tcp        0      0 ::1:953                     :::*                        LISTEN      9627/named

How can I get my server to listen to this IP on port 53?

Thanks! I am a bit of a noob to DNS!

[falko]

What are the outputs of

Code:

netstat -uap

and

Code:

ifconfig

?

[dpicella]

Quote:

Originally Posted by falko

What are the outputs of

Code:

netstat -uap

and

Code:

ifconfig

?

Code:

# netstat -uap
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name   
udp        0      0 *:34212                     *:*                                     5399/avahi-daemon:  
udp        0      0 10.1.1.191:domain           *:*                                     9627/named          
udp        0      0 10.1.1.190:domain           *:*                                     9627/named          
udp        0      0 localhost.locald:domain     *:*                                     9627/named          
udp        0      0 *:845                       *:*                                     4061/rpc.statd      
udp        0      0 *:gdoi                      *:*                                     4061/rpc.statd      
udp        0      0 *:mdns                      *:*                                     5399/avahi-daemon:  
udp        0      0 *:sunrpc                    *:*                                     3984/portmap        
udp        0      0 *:ipp                       *:*                                     4438/cupsd          
udp        0      0 10.1.1.191:ntp              *:*                                     4464/ntpd           
udp        0      0 10.1.1.190:ntp              *:*                                     4464/ntpd           
udp        0      0 localhost.localdomain:ntp   *:*                                     4464/ntpd           
udp        0      0 *:ntp                       *:*                                     4464/ntpd           
udp        0      0 localhost6.local:domain     *:*                                     9627/named          
udp        0      0 *:47561                     *:*                                     5399/avahi-daemon:  
udp        0      0 *:mdns                      *:*                                     5399/avahi-daemon:  
udp        0      0 fe80::7ae7:d1ff:fee:ntp     *:*                                     4464/ntpd           
udp        0      0 localhost6.localdomain6:ntp *:*                                     4464/ntpd           
udp        0      0 *:ntp                       *:*                                     4464/ntpd

Code:

# ifconfig
eth0      Link encap:Ethernet  HWaddr 78:E7:D1:EB:9A:82  
          inet addr:10.1.1.190  Bcast:10.1.1.255  Mask:255.255.255.0
          inet6 addr: fe80::7ae7:d1ff:feeb:9a82/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:349194 errors:0 dropped:0 overruns:0 frame:0
          TX packets:124015 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:289543271 (276.1 MiB)  TX bytes:10519146 (10.0 MiB)
          Interrupt:169 Memory:f4000000-f4012800 

eth0:0    Link encap:Ethernet  HWaddr 78:E7:D1:EB:9A:82  
          inet addr:10.1.1.191  Bcast:10.1.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:169 Memory:f4000000-f4012800 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:20956 errors:0 dropped:0 overruns:0 frame:0
          TX packets:20956 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:3980227 (3.7 MiB)  TX bytes:3980227 (3.7 MiB)

[dpicella]

I modified /etc/named/chroot/etc/named.conf as follows (the original option directives I changed are commented out):

Code:

//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
        // listen-on port 53 { 127.0.0.1; };
        // listen-on-v6 port 53 { ::1; };
        listen-on { any; };
        listen-on-v6 { any; };
        listen-on-v6 { ipv-6-address; };
        directory       "/var/named/chroot/var/named";
        dump-file       "/var/named/chroot/var/named/data/cache_dump.db";
        statistics-file "/var/named/chroot/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/chroot/var/named/data/named_mem_stats.txt";
        query-source address * port 53;
        allow-query     { any; };
        // allow-query     { localhost; };
        recursion yes;
};
logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};
zone "." IN {
        type hint;
        file "named.root";
};
include "/var/named/chroot/etc/named.conf.local";

I restarted the named service and even rebooted and I am still not listening to port 53 as far as I can tell.

my dns works for:

dig @localhost domain.com
... but not ...
dig domain.com

[dpicella]

Stumped ...

Server IP on the LAN
dig @10.1.1.190 jabsock.com
works!

Localhost
dig @localhost jabsock.com
works!

WAN IP (where the nameservers point)
dig @65.60.101.156 jabsock.com
Does not work!

I've checked in named.conf. Not sure what to do now. Remember, I do have both UDP and TCP forwarding port 53. Thanks!

Finally, I am not familiar with this but there are forwarders and there is a forwarding option in bind - does that have something to do with this? Thanks!

[falko]

Please double-check your router configuration. You might also want to ask your ISP whether they block port 53.

[dpicella]

I got it working. I moved the to a colocation facility where it is now bound to an IP that is not behind a router.

I believe that port 53 was blocked by the ISP because I know for sure that port 53 was forwarded both TCP and UDP.

Thanks for confirming what I thought might be the problem! You saved me a bunch of time. Cheers!