Diagnostic help part 2
John Anderson
johna at ccbill.com
Tue Sep 30 23:10:48 UTC 2014
>If named is running and doesn't respond on the external interface, it's
>possible that your listen-on {}; directive is set to only localhost.
>TCP connections to 205.238.182.102 come back "Connection refused", so
>it's possible that BIND just isn't listening on the interface or perhaps
>you're filtering the inbound queries. Do you see the queries come in to
>the box, either via packet dump or query logs?
Is your BIND server behind a firewall? Is it only listening on localhost, or on an internal interface? If '~]$ netstat -nlp | grep named' tells you that named is only listening on 127.0.0.1:53, then you need to adjust listen-on in named.conf. If you are running iptables, you need to allow at least UDP/53 in, if this is a master transferring to slaves, it might be a good idea to allow TCP/53 in as well. If you are behind a firewall, you need to open up UDP/53 or port forward UDP/53 to your bind server.
Here's what I see when looking at the IP you provided:
~]$ sudo nmap -sT -sU -p 53 205.238.182.102
Starting Nmap 5.51 ( http://nmap.org ) at 2014-09-30 16:02 MST
Nmap scan report for www3.greenbuilder.com (205.238.182.102)
Host is up (1.1s latency).
PORT STATE SERVICE
53/tcp closed domain
53/udp closed domain
Here is what I should see, using Google's DNS server as an example:
~]$ sudo nmap -sT -sU -p 53 8.8.8.8
Starting Nmap 5.51 ( http://nmap.org ) at 2014-09-30 16:03 MST
Nmap scan report for google-public-dns-a.google.com (8.8.8.8)
Host is up (0.062s latency).
PORT STATE SERVICE
53/tcp open domain
53/udp open|filtered domain
John A.
More information about the bind-users
mailing list