[Webinar] Streamline your web hosting managementRegister Today


Fedora Core 3 & BIND

Posted on 2006-11-14
Medium Priority
Last Modified: 2012-06-27
I've configured 2 Fedora Core 3 machines with BIND, and I've enabled ports 22 and 53 for SSH and DNS.  I've verified that the zone files are transferring between the master server to the slave server and are replicating correctly.

I am not able to telnet to port 53 to verify that the DNS servers are listening and port 53 is open - I've also ran nmap to verify what ports are open and this is the output, as you can see, no port 53 is open:

Starting Nmap 4.03 ( http://www.insecure.org/nmap/ ) at 2006-11-14 02:33 PST
Interesting ports on dns1 (
(The 1667 ports scanned but not shown below are in state: closed)
22/tcp    open  ssh
25/tcp    open  smtp
111/tcp   open  rpcbind
631/tcp   open  ipp
953/tcp   open  rndc
50000/tcp open  iiimsf
50002/tcp open  iiimsf
Device type: general purpose
Running: Linux 2.4.X|2.5.X|2.6.X
OS details: Linux 2.4.0 - 2.5.20, Linux 2.5.25 - 2.6.8 or Gentoo 1.2 Linux 2.4.19 rc1-rc7, Linux 2.6.3 - 2.6.10


I've also run nmap on our existing dns server which is in fact answering on port 53, and I'm seeing hte same output.  There is no mention of port 53.  I've also verified that iptables is not running.  What else can be preventing these servers from answering on port 53??  Is there possibly another firewall in place that I don't know about?

I've NAT'd one of these machines through our PIX and have verified that port 53 has been opened up, and our secondary DNS server (dns2) has been NAT'd through our F5 load balancer and port 53 has been properly opened as well.  

How would I verify that the gateway is correct on these machines?  I've heard that it could be the gateway setting preventing port 53 from listening?  What file is my GATEWAY=x.x.x.x setting located in?
Question by:JWeb Admin
  • 8
  • 5
LVL 43

Expert Comment

ID: 17940462
CAn You bring here output of: iptables -L INPUT -nx

Author Comment

by:JWeb Admin
ID: 17940488
[root@dns1 ~]# iptables -L INPUT -nx
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
LVL 43

Accepted Solution

ravenpl earned 2000 total points
ID: 17940665
> I am not able to telnet to port 53 to verify that the DNS servers are listening and port 53 is open
Not the best way to check. Rather
host -a somename.domain.tld ip.of.server

To check gateway setting:
route -n
ip route
cat /etc/sysconfig/network # the config

Also verifym that port53 is binded with: netstat -ltunp
Take Control of Web Hosting For Your Clients

As a web developer or IT admin, successfully managing multiple client accounts can be challenging. In this webinar we will look at the tools provided by Media Temple and Plesk to make managing your clients’ hosting easier.


Author Comment

by:JWeb Admin
ID: 17941203
Here's my routing table:

[root@dns1 ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface   U     0      0        0 eth0   U     0      0        0 eth1     U     0      0        0 eth1         UG    0      0        0 eth0

The other DNS server is on our 10.9.2.x network, and these machines also have a 10.9.3.x address as well which our router to the outside world lives on.  The router (gateway) is  Our router on the 10.9.2.x network is  In which file would I set the gateway?  Could this be a reason why I cannot communicate properly with my DNS servers?

Author Comment

by:JWeb Admin
ID: 17941208
Here's the output from ip route:

[root@dns1 ~]# ip route dev eth0  proto kernel  scope link  src dev eth1  proto kernel  scope link  src dev eth1  scope link
default via dev eth0

Author Comment

by:JWeb Admin
ID: 17941216
One more, here's the output from the cat /etc/sysconfig/network eth0 command:

[root@dns1 ~]# cat /etc/sysconfig/network eth0
cat: eth0: No such file or directory

Author Comment

by:JWeb Admin
ID: 17941290
I also wanted to include the output from the netstat -ltunp command:

[root@dns1 network-scripts]# netstat -ltunp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name
tcp        0      0     *                   LISTEN      1550/rpc.statd  
tcp        0      0       *                   LISTEN      1531/portmap    
tcp        0      0   *                   LISTEN      1780/hpiod      
tcp        0      0   *                   LISTEN      1785/python      
tcp        0      0     *                   LISTEN      10409/named      
LVL 43

Expert Comment

ID: 17941300
Well, I'm rather curious about the 'netstat -ltunp'. The info about routes was for You - You were asking for it.
About 10.9.2 and 10.9.3 - if they can ping each other and can ping outside internet - it's fine.

Author Comment

by:JWeb Admin
ID: 17941316
I can dig at both machines, only from one of the machines though.  If I dig from an outside machine, I get a "No servers can be reached" message.
LVL 43

Expert Comment

ID: 17941349
> ....more
about port 53? maybe: netstat -ltunp | grep ":53"
You will find IP's on which the named listens. But seems that is open. Best way to verify it's ok is to run the following command from the gateway box (or another machine in the net)
host -a some.name.it.should.answer
LVL 43

Expert Comment

ID: 17941370
> I can dig at both machines, only from one of the machines though.  If I dig from an outside machine, I get a "No servers can be reached" message.
What You mean from outside machine? From internet? If so, then You need dd forwarding rules on Your firewall (propably the gateway box)
You need to set up DNAT(desination nat). Is the gateway/firewall(the one that has both: public & private IP) linux box or some other brand?

Author Comment

by:JWeb Admin
ID: 17941374
[root@dns1 /]# netstat -ltunp | grep ":53"
tcp        0      0     *                   LISTEN      10409/named
udp        0      0     *                               10409/named
udp        0      0      *                               1951/avahi-daemon:

As for the host -a command:

It answers on dns1.101m3.com but not dns2.  Interesting.  dns1 seems to work fine.

Author Comment

by:JWeb Admin
ID: 17941432
I have already set up a NAT on our firewall.....thanks for your help so far its seemed to have helped already.

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Is your organization moving toward a cloud and mobile-first environment? In this transition, your IT department will encounter many challenges, such as navigating how to: Deploy new applications and services to a growing team Accommodate employee…
Suggested Courses

591 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question