#1  
Old 13th October 2014, 22:17
extr3mal extr3mal is offline
Junior Member
 
Join Date: Oct 2012
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default DNS Resolver problem

Okay i understand that i am one from may users that writing here about that but it doesn't work even when i read all the threads . So here is my situation:
Server standalone behind router i opened port 53 to server so dns queries can go thru :
cat named.conf
Code:
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local

include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
cat named.conf.options
Code:
cat named.conf.options
options {
        directory "/var/cache/bind";

        // If there is a firewall between you and nameservers you want
        // to talk to, you may need to fix the firewall to allow multiple
        // ports to talk.  See http://www.kb.cert.org/vuls/id/800113

        // If your ISP provided one or more IP addresses for stable
        // nameservers, you probably want to use them as forwarders.
        // Uncomment the following block, and insert the addresses replacing
        // the all-0's placeholder.

        // forwarders {
        //      0.0.0.0;
        // };

        //========================================================================
        // If BIND logs error messages about the root key being expired,
        // you will need to update your keys.  See https://www.isc.org/bind-keys
        //========================================================================
        dnssec-validation auto;

        auth-nxdomain no;    # conform to RFC1035
        listen-on-v6 { any; };
        forwarders { 8.8.8.8; 8.8.4.4; };
        allow-query { any; };
        allow-recursion { 127.0.0.1; };
        allow-query-cache { any; };
        listen-on { any; };

};
iptables -L
Code:
 iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
fail2ban-postfix-sasl  tcp  --  anywhere             anywhere             multiport dports smtp
fail2ban-dovecot-pop3imap  tcp  --  anywhere             anywhere             multiport dports pop3,pop3s,imap2,imaps
fail2ban-pureftpd  tcp  --  anywhere             anywhere             multiport dports ftp
fail2ban-ssh  tcp  --  anywhere             anywhere             multiport dports ssh

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain fail2ban-dovecot-pop3imap (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere

Chain fail2ban-postfix-sasl (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere

Chain fail2ban-pureftpd (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere

Chain fail2ban-ssh (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere
dig myhost.com
Code:
; <<>> DiG 9.9.5-3-Ubuntu <<>> myhost.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 64473
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;myhost.com.                 IN      A

;; Query time: 1 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Mon Oct 13 22:14:21 EEST 2014
;; MSG SIZE  rcvd: 42
netstat -tap | grep named
Code:
tcp        0      0 192.168.1.101:domain    *:*                     LISTEN      3933/named
tcp        0      0 localhost:domain        *:*                     LISTEN      3933/named
tcp        0      0 localhost:953           *:*                     LISTEN      3933/named
tcp6       0      0 [::]:domain             [::]:*                  LISTEN      3933/named
tcp6       0      0 localhost:953           [::]:*                  LISTEN      3933/named
grep named /var/log/syslog
Code:
Oct 12 18:52:11 myhost named[28696]: client 66.249.66.121#62131 (myhost.com): query (cache) 'myhost.com/A/IN' denied
Oct 12 18:52:12 myhost named[28696]: client 74.125.46.18#59853 (www.myhost.com): query (cache) 'www.myhost.com/A/IN' denied
Oct 12 18:52:12 myhost named[28696]: client 74.125.74.144#45484 (www.myhost.com): query (cache) 'www.myhost.com/A/IN' denied
Oct 12 18:52:12 myhost named[28696]: client 74.125.46.84#39630 (www.myhost.com): query (cache) 'www.myhost.com/A/IN' denied
Oct 12 18:52:12 myhost named[28696]: client 111.175.223.222#48446 (cdftnbmgmjp.www.17175.com): query (cache) 'cdftnbmgmjp.www.17175.com/A/IN' denied
Oct 12 18:52:12 myhost named[28696]: client 11.27.118.222#35604 (czykawgatzj.www.17175.com): query (cache) 'czykawgatzj.www.17175.com/A/IN' denied
Oct 12 18:52:15 myhost named[28696]: client 93.183.205.110#25700 (ns2.myhost.com): query (cache) 'ns2.myhost.com/AAAA/IN' denied
Oct 12 18:52:15 myhost named[28696]: client 93.183.205.110#24021 (ns2.myhost.com): query (cache) 'ns2.myhost.com/AAAA/IN' denied
Oct 12 18:52:16 myhost named[28696]: client 74.125.46.83#59038 (www.myhost.com): query (cache) 'www.myhost.com/A/IN' denied
Oct 12 18:52:16 myhost named[28696]: client 74.125.74.148#53230 (www.myhost.com): query (cache) 'www.myhost.com/A/IN' denied
Oct 12 18:52:16 myhost named[28696]: client 74.125.46.84#58975 (www.myhost.com): query (cache) 'www.myhost.com/A/IN' denied
Oct 12 18:52:16 myhost named[28696]: client 173.194.98.148#47421 (www.myhost.com): query (cache) 'www.myhost.com/A/IN' denied
Oct 12 18:52:16 myhost named[28696]: client 173.194.98.144#57333 (www.myhost.com): query (cache) 'www.myhost.com/A/IN' denied
Oct 12 18:52:16 myhost named[28696]: client 74.125.46.18#46128 (www.myhost.com): query (cache) 'www.myhost.com/A/IN' denied
Oct 12 18:52:16 myhost named[28696]: client 74.125.46.82#34046 (www.myhost.com): query (cache) 'www.myhost.com/A/IN' denied
Oct 12 18:52:16 myhost named[28696]: client 74.125.74.147#39999 (www.myhost.com): query (cache) 'www.myhost.com/A/IN' denied
Oct 12 18:52:16 myhost named[28696]: client 74.125.74.146#53566 (www.myhost.com): query (cache) 'www.myhost.com/A/IN' denied
Oct 12 18:52:17 myhost named[28696]: client 93.183.205.110#41689 (ns1.myhost.com): query (cache) 'ns1.myhost.com/AAAA/IN' denied
Oct 12 18:52:17 myhost named[28696]: client 93.183.205.110#2369 (ns1.myhost.com): query (cache) 'ns1.myhost.com/AAAA/IN' denied
Oct 12 18:52:17 myhost named[28696]: client 88.93.228.117#37681 (gvtjmkaaqil.www.17175.com): query (cache) 'gvtjmkaaqil.www.17175.com/A/IN' denied
Oct 12 18:52:17 myhost named[28696]: client 126.65.53.183#12347 (epuwtgaethr.www.17175.com): query (cache) 'epuwtgaethr.www.17175.com/A/IN' denied
Oct 12 18:52:18 myhost named[28696]: client 56.217.205.159#15699 (yqmtzumvxsz.wap.liuxinsangcen.com): query (cache) 'yqmtzumvxsz.wap.liuxinsangcen.com/A/IN' denied
Oct 12 18:52:18 myhost named[28696]: client 111.62.165.196#33346 (qontennxdqv.wap.liuxinsangcen.com): query (cache) 'qontennxdqv.wap.liuxinsangcen.com/A/IN' denied
Oct 12 18:52:18 myhost named[28696]: client 123.210.26.90#4096 (kcpsbjaylsv.www.17175.com): query (cache) 'kcpsbjaylsv.www.17175.com/A/IN' denied
Oct 12 18:52:18 myhost named[28696]: client 74.107.8.130#39768 (nocdefghiwxlz.hk.apple.nextmedia.com): query (cache) 'nocdefghiwxlz.hk.apple.nextmedia.com/A/IN' denied
Oct 12 18:52:18 myhost named[28696]: client 15.16.151.122#45978 (bnvjdqkvaoe.www.17175.com): query (cache) 'bnvjdqkvaoe.www.17175.com/A/IN' denied
Oct 12 18:52:19 myhost named[28696]: client 107.91.87.109#11301 (upwywqfrzmd.www.17175.com): query (cache) 'upwywqfrzmd.www.17175.com/A/IN' denied
Oct 12 18:52:21 myhost named[28696]: client 93.183.205.110#63728 (www.myhost.com): query (cache) 'www.myhost.com/A/IN' denied
Oct 12 18:52:21 myhost named[28696]: client 93.183.205.110#21926 (www.myhost.com): query (cache) 'www.myhost.com/A/IN' denied
Oct 12 18:52:22 myhost named[28696]: client 74.125.74.82#55828 (www.myhost.com): query (cache) 'www.myhost.com/A/IN' denied
Oct 12 18:52:22 myhost named[28696]: client 74.125.74.82#62151 (www.myhost.com): query (cache) 'www.myhost.com/A/IN' denied
Oct 12 18:52:22 myhost named[28696]: client 74.125.74.20#54126 (www.myhost.com): query (cache) 'www.myhost.com/A/IN' denied
Oct 12 18:52:24 myhost named[28696]: client 120.213.248.69#59377 (tpqllzssljz.www.17175.com): query (cache) 'tpqllzssljz.www.17175.com/A/IN' denied
Oct 12 18:52:24 myhost named[28696]: client 93.183.205.110#51904 (ns2.myhost.com): query (cache) 'ns2.myhost.com/AAAA/IN' denied
The question is: What's wrong in there ?
Reply With Quote
Sponsored Links
  #2  
Old 14th October 2014, 09:53
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 36,794
Thanks: 840
Thanked 5,612 Times in 4,423 Posts
 
Default

The line:

allow-recursion { 127.0.0.1; };

in named.conf.options configures your server to allow recursive queries only from localhost, not from outside.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Major recovery Toucan Installation/Configuration 18 9th August 2011 12:45
Sending email issue lezelf Installation/Configuration 15 9th August 2011 12:20
Squid Proxy Caching on Linux obzerver Installation/Configuration 4 13th August 2008 20:51
Slave dns problem blackmask Installation/Configuration 1 3rd October 2007 14:51
DNS problem wrender Server Operation 2 25th November 2006 17:57


All times are GMT +2. The time now is 16:44.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.