[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

Fedora Core 3 & BIND

Posted on 2006-11-14
13
Medium Priority
?
966 Views
Last Modified: 2012-06-27
I've configured 2 Fedora Core 3 machines with BIND, and I've enabled ports 22 and 53 for SSH and DNS.  I've verified that the zone files are transferring between the master server to the slave server and are replicating correctly.

I am not able to telnet to port 53 to verify that the DNS servers are listening and port 53 is open - I've also ran nmap to verify what ports are open and this is the output, as you can see, no port 53 is open:

Starting Nmap 4.03 ( http://www.insecure.org/nmap/ ) at 2006-11-14 02:33 PST
Interesting ports on dns1 (127.0.0.1):
(The 1667 ports scanned but not shown below are in state: closed)
PORT      STATE SERVICE
22/tcp    open  ssh
25/tcp    open  smtp
111/tcp   open  rpcbind
631/tcp   open  ipp
953/tcp   open  rndc
50000/tcp open  iiimsf
50002/tcp open  iiimsf
Device type: general purpose
Running: Linux 2.4.X|2.5.X|2.6.X
OS details: Linux 2.4.0 - 2.5.20, Linux 2.5.25 - 2.6.8 or Gentoo 1.2 Linux 2.4.19 rc1-rc7, Linux 2.6.3 - 2.6.10

__________________

I've also run nmap on our existing dns server which is in fact answering on port 53, and I'm seeing hte same output.  There is no mention of port 53.  I've also verified that iptables is not running.  What else can be preventing these servers from answering on port 53??  Is there possibly another firewall in place that I don't know about?

I've NAT'd one of these machines through our PIX and have verified that port 53 has been opened up, and our secondary DNS server (dns2) has been NAT'd through our F5 load balancer and port 53 has been properly opened as well.  

How would I verify that the gateway is correct on these machines?  I've heard that it could be the gateway setting preventing port 53 from listening?  What file is my GATEWAY=x.x.x.x setting located in?
0
Comment
Question by:JWeb Admin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 5
13 Comments
 
LVL 43

Expert Comment

by:ravenpl
ID: 17940462
CAn You bring here output of: iptables -L INPUT -nx
0
 

Author Comment

by:JWeb Admin
ID: 17940488
[root@dns1 ~]# iptables -L INPUT -nx
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
0
 
LVL 43

Accepted Solution

by:
ravenpl earned 2000 total points
ID: 17940665
> I am not able to telnet to port 53 to verify that the DNS servers are listening and port 53 is open
Not the best way to check. Rather
host -a somename.domain.tld ip.of.server

To check gateway setting:
route -n
ip route
cat /etc/sysconfig/network # the config

Also verifym that port53 is binded with: netstat -ltunp
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 

Author Comment

by:JWeb Admin
ID: 17941203
Here's my routing table:

[root@dns1 ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.9.2.0        0.0.0.0         255.255.255.0   U     0      0        0 eth0
10.9.3.0        0.0.0.0         255.255.255.0   U     0      0        0 eth1
169.254.0.0     0.0.0.0         255.255.0.0     U     0      0        0 eth1
0.0.0.0         10.9.2.254      0.0.0.0         UG    0      0        0 eth0

The other DNS server is on our 10.9.2.x network, and these machines also have a 10.9.3.x address as well which our router to the outside world lives on.  The router (gateway) is 10.9.3.254.  Our router on the 10.9.2.x network is 10.9.2.254.  In which file would I set the gateway?  Could this be a reason why I cannot communicate properly with my DNS servers?
0
 

Author Comment

by:JWeb Admin
ID: 17941208
Here's the output from ip route:

[root@dns1 ~]# ip route
10.9.2.0/24 dev eth0  proto kernel  scope link  src 10.9.2.230
10.9.3.0/24 dev eth1  proto kernel  scope link  src 10.9.3.230
169.254.0.0/16 dev eth1  scope link
default via 10.9.2.254 dev eth0
0
 

Author Comment

by:JWeb Admin
ID: 17941216
One more, here's the output from the cat /etc/sysconfig/network eth0 command:

[root@dns1 ~]# cat /etc/sysconfig/network eth0
NETWORKING=yes
HOSTNAME=dns
GATEWAY=10.9.2.254
cat: eth0: No such file or directory
0
 

Author Comment

by:JWeb Admin
ID: 17941290
I also wanted to include the output from the netstat -ltunp command:

[root@dns1 network-scripts]# netstat -ltunp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name
tcp        0      0 0.0.0.0:46283               0.0.0.0:*                   LISTEN      1550/rpc.statd  
tcp        0      0 0.0.0.0:111                 0.0.0.0:*                   LISTEN      1531/portmap    
tcp        0      0 127.0.0.1:50000             0.0.0.0:*                   LISTEN      1780/hpiod      
tcp        0      0 127.0.0.1:50002             0.0.0.0:*                   LISTEN      1785/python      
tcp        0      0 10.9.2.230:53               0.0.0.0:*                   LISTEN      10409/named      
 
....more
0
 
LVL 43

Expert Comment

by:ravenpl
ID: 17941300
Well, I'm rather curious about the 'netstat -ltunp'. The info about routes was for You - You were asking for it.
About 10.9.2 and 10.9.3 - if they can ping each other and can ping outside internet - it's fine.
0
 

Author Comment

by:JWeb Admin
ID: 17941316
I can dig at both machines, only from one of the machines though.  If I dig from an outside machine, I get a "No servers can be reached" message.
0
 
LVL 43

Expert Comment

by:ravenpl
ID: 17941349
> ....more
about port 53? maybe: netstat -ltunp | grep ":53"
You will find IP's on which the named listens. But seems that 10.9.2.230:53 is open. Best way to verify it's ok is to run the following command from the gateway box (or another machine in the net)
host -a some.name.it.should.answer 10.9.2.230
0
 
LVL 43

Expert Comment

by:ravenpl
ID: 17941370
> I can dig at both machines, only from one of the machines though.  If I dig from an outside machine, I get a "No servers can be reached" message.
What You mean from outside machine? From internet? If so, then You need dd forwarding rules on Your firewall (propably the gateway box)
You need to set up DNAT(desination nat). Is the gateway/firewall(the one that has both: public & private IP) linux box or some other brand?
0
 

Author Comment

by:JWeb Admin
ID: 17941374
[root@dns1 /]# netstat -ltunp | grep ":53"
tcp        0      0 10.9.2.230:53               0.0.0.0:*                   LISTEN      10409/named
udp        0      0 10.9.2.230:53               0.0.0.0:*                               10409/named
udp        0      0 0.0.0.0:5353                0.0.0.0:*                               1951/avahi-daemon:

As for the host -a command:

It answers on dns1.101m3.com but not dns2.  Interesting.  dns1 seems to work fine.
0
 

Author Comment

by:JWeb Admin
ID: 17941432
I have already set up a NAT on our firewall.....thanks for your help so far its seemed to have helped already.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question