Something other than port 53 is blocking the LAN based BIND9 Servers
Michael Richardson
mcr at sandelman.ca
Thu Mar 9 11:10:05 UTC 2023
Mike Lieberman <mike at netwright.net> wrote:
> The newer router blocks my local BIND servers (ONLY not clients using
> downstream servers) from receiving anything from the Internet. OUR BIND
> servers still have the local networks, but nothing else.
Your explanation is rather obtuse, but I think you mean that your BIND
servers can not do recursive lookups. Rather than receive/answer
authoritative queries.
Do your queries originate from port-53? That is not the default anymore, AFAIK.
> The question I need resolved by the proper group/forum is: What port or
> technology is doing the blocking? The ISP has no idea.
No, the ISP probably has no idea. Might even be their FTTH ONT system.
> I have tried three of the new routers but all blocked my servers. I
> tried a replacement EoL router and that works. Without changing
> anything on the network, other than the physical router, it was like
> flipping a switch.
I assume it's a GPON, and therefore you can't easily tcpdump on the outside
like you can with a plan PPPoE with VDSL.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 487 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20230309/fac42e38/attachment.sig>
More information about the bind-users
mailing list