Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 977
  • Last Modified:

Fedora Core 3 & BIND

I've configured 2 Fedora Core 3 machines with BIND, and I've enabled ports 22 and 53 for SSH and DNS.  I've verified that the zone files are transferring between the master server to the slave server and are replicating correctly.

I am not able to telnet to port 53 to verify that the DNS servers are listening and port 53 is open - I've also ran nmap to verify what ports are open and this is the output, as you can see, no port 53 is open:

Starting Nmap 4.03 ( http://www.insecure.org/nmap/ ) at 2006-11-14 02:33 PST
Interesting ports on dns1 (127.0.0.1):
(The 1667 ports scanned but not shown below are in state: closed)
PORT      STATE SERVICE
22/tcp    open  ssh
25/tcp    open  smtp
111/tcp   open  rpcbind
631/tcp   open  ipp
953/tcp   open  rndc
50000/tcp open  iiimsf
50002/tcp open  iiimsf
Device type: general purpose
Running: Linux 2.4.X|2.5.X|2.6.X
OS details: Linux 2.4.0 - 2.5.20, Linux 2.5.25 - 2.6.8 or Gentoo 1.2 Linux 2.4.19 rc1-rc7, Linux 2.6.3 - 2.6.10

__________________

I've also run nmap on our existing dns server which is in fact answering on port 53, and I'm seeing hte same output.  There is no mention of port 53.  I've also verified that iptables is not running.  What else can be preventing these servers from answering on port 53??  Is there possibly another firewall in place that I don't know about?

I've NAT'd one of these machines through our PIX and have verified that port 53 has been opened up, and our secondary DNS server (dns2) has been NAT'd through our F5 load balancer and port 53 has been properly opened as well.  

How would I verify that the gateway is correct on these machines?  I've heard that it could be the gateway setting preventing port 53 from listening?  What file is my GATEWAY=x.x.x.x setting located in?
0
JWeb Admin
Asked:
JWeb Admin
  • 8
  • 5
1 Solution
 
ravenplCommented:
CAn You bring here output of: iptables -L INPUT -nx
0
 
JWeb AdminAuthor Commented:
[root@dns1 ~]# iptables -L INPUT -nx
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
0
 
ravenplCommented:
> I am not able to telnet to port 53 to verify that the DNS servers are listening and port 53 is open
Not the best way to check. Rather
host -a somename.domain.tld ip.of.server

To check gateway setting:
route -n
ip route
cat /etc/sysconfig/network # the config

Also verifym that port53 is binded with: netstat -ltunp
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
JWeb AdminAuthor Commented:
Here's my routing table:

[root@dns1 ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.9.2.0        0.0.0.0         255.255.255.0   U     0      0        0 eth0
10.9.3.0        0.0.0.0         255.255.255.0   U     0      0        0 eth1
169.254.0.0     0.0.0.0         255.255.0.0     U     0      0        0 eth1
0.0.0.0         10.9.2.254      0.0.0.0         UG    0      0        0 eth0

The other DNS server is on our 10.9.2.x network, and these machines also have a 10.9.3.x address as well which our router to the outside world lives on.  The router (gateway) is 10.9.3.254.  Our router on the 10.9.2.x network is 10.9.2.254.  In which file would I set the gateway?  Could this be a reason why I cannot communicate properly with my DNS servers?
0
 
JWeb AdminAuthor Commented:
Here's the output from ip route:

[root@dns1 ~]# ip route
10.9.2.0/24 dev eth0  proto kernel  scope link  src 10.9.2.230
10.9.3.0/24 dev eth1  proto kernel  scope link  src 10.9.3.230
169.254.0.0/16 dev eth1  scope link
default via 10.9.2.254 dev eth0
0
 
JWeb AdminAuthor Commented:
One more, here's the output from the cat /etc/sysconfig/network eth0 command:

[root@dns1 ~]# cat /etc/sysconfig/network eth0
NETWORKING=yes
HOSTNAME=dns
GATEWAY=10.9.2.254
cat: eth0: No such file or directory
0
 
JWeb AdminAuthor Commented:
I also wanted to include the output from the netstat -ltunp command:

[root@dns1 network-scripts]# netstat -ltunp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name
tcp        0      0 0.0.0.0:46283               0.0.0.0:*                   LISTEN      1550/rpc.statd  
tcp        0      0 0.0.0.0:111                 0.0.0.0:*                   LISTEN      1531/portmap    
tcp        0      0 127.0.0.1:50000             0.0.0.0:*                   LISTEN      1780/hpiod      
tcp        0      0 127.0.0.1:50002             0.0.0.0:*                   LISTEN      1785/python      
tcp        0      0 10.9.2.230:53               0.0.0.0:*                   LISTEN      10409/named      
 
....more
0
 
ravenplCommented:
Well, I'm rather curious about the 'netstat -ltunp'. The info about routes was for You - You were asking for it.
About 10.9.2 and 10.9.3 - if they can ping each other and can ping outside internet - it's fine.
0
 
JWeb AdminAuthor Commented:
I can dig at both machines, only from one of the machines though.  If I dig from an outside machine, I get a "No servers can be reached" message.
0
 
ravenplCommented:
> ....more
about port 53? maybe: netstat -ltunp | grep ":53"
You will find IP's on which the named listens. But seems that 10.9.2.230:53 is open. Best way to verify it's ok is to run the following command from the gateway box (or another machine in the net)
host -a some.name.it.should.answer 10.9.2.230
0
 
ravenplCommented:
> I can dig at both machines, only from one of the machines though.  If I dig from an outside machine, I get a "No servers can be reached" message.
What You mean from outside machine? From internet? If so, then You need dd forwarding rules on Your firewall (propably the gateway box)
You need to set up DNAT(desination nat). Is the gateway/firewall(the one that has both: public & private IP) linux box or some other brand?
0
 
JWeb AdminAuthor Commented:
[root@dns1 /]# netstat -ltunp | grep ":53"
tcp        0      0 10.9.2.230:53               0.0.0.0:*                   LISTEN      10409/named
udp        0      0 10.9.2.230:53               0.0.0.0:*                               10409/named
udp        0      0 0.0.0.0:5353                0.0.0.0:*                               1951/avahi-daemon:

As for the host -a command:

It answers on dns1.101m3.com but not dns2.  Interesting.  dns1 seems to work fine.
0
 
JWeb AdminAuthor Commented:
I have already set up a NAT on our firewall.....thanks for your help so far its seemed to have helped already.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 8
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now