Solved

BIND 9.3.3 wont listen on public IP.

Posted on 2013-01-30
8
703 Views
Last Modified: 2016-02-12
All of a sudden bind will not listen on my public port, only local. Ive tried many things

take a look

even though I have this in named.conf:

        listen-on {
                   127.0.0.1;
                   99.52.111.11;

};

I only get this..


Jan 30 06:33:56 host named[1311]: starting BIND 9.3.3 -u bind
Jan 30 06:33:57 host named[1311]: command channel listening on 127.0.0.1#953
Jan 30 06:33:57 host named[1311]: command channel listening on ::1#953
Jan 30 06:33:57 host named[1311]: running
Jan 30 06:37:09 host named[1322]: starting BIND 9.3.3 -4 -u bind
Jan 30 06:37:09 host named[1322]: command channel listening on 127.0.0.1#953
Jan 30 06:37:09 host named[1322]: running
0
Comment
Question by:lexshine
  • 4
  • 3
8 Comments
 
LVL 76

Expert Comment

by:arnold
Comment Utility
Is the public IP is on the system where bind is running.
ifconfig -a is the IP you listed referenced there?
netstat -rn

Note, 953 is the rndc (named control connection interface) connection. To open up your named to be controlled remotely, you need to add the public IP to the rndc section listen configuration in rndc.conf.
0
 

Author Comment

by:lexshine
Comment Utility
nope, no PUB ip's in my rndc.conf. does it add just like the local?

server 127.0.0.1 {
keys "rndc-key";
};

#this you should copy from your rndc.key file
key "rndc-key" {
algorithm hmac-md5;
secret "secretkey==";
};

controls {
inet 127.0.0.1 allow { localhost; }
keys { "rndc-key"; };
};
0
 
LVL 76

Expert Comment

by:arnold
Comment Utility
Do you want or even need to have control over your named/bind service from outside ( which is the implication from your need to have the control/command channel listen on the external public IP fom the log.)

Based information you posted your named service for domain name resolution should respond to requests sent to the 99.xx.xx.xx IP as long the 99 IP is directly on this system.

If you use a firewall with port forwarding and the IP on your system is not 99.xx, your configuration is incorrect. To work you would need to adjust your list to include the IP of the system.
0
 

Author Comment

by:lexshine
Comment Utility
the prblem was identified and it was far from what I thought. open resolver so IP was turned off. anyone know how to close and open resolver? tried the following with no luck..

acl myip {192.168.1.1;};

options {
        directory       "/etc/namedb";
        pid-file        "/var/run/named/pid";
        dump-file       "/var/dump/named_dump.db";
        statistics-file "/var/stats/named.stats";

        listen-on {
                127.0.0.1;
                55.55.55.55;
        };

        allow-transfer {
                127.0.0.1;
                55.55.55.55;
        };


allow-recursion {myip; };

};
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 76

Expert Comment

by:arnold
Comment Utility
Could you provide detail on what it is you are trying to do?
0
 

Author Comment

by:lexshine
Comment Utility
I am trying to close an open resolver in BIND 9.3.3
0
 
LVL 76

Expert Comment

by:arnold
Comment Utility
You opened this question on a completely different subject.
If the DNS has no authoritative domains, there is no reason to open it to the net.
Post the entire named.conf and any included file.
Allow-query in the options section might be what you are looking.
0
 
LVL 61

Accepted Solution

by:
gheist earned 500 total points
Comment Utility
:953 is where to send CONTROL COMMANDS,
:53 for DNS requests obeys your config directive.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

Occasionally you run into the website or two that will not resolve properly using your own DNS servers.  Some people simply set up global forwarders for their DNS server.  I don’t recommend doing this because it can cause problems resolving addresse…
I use more than 1 computer in my office for various reasons. Multiple keyboards and mice take up more than just extra space, they make working a little more complicated. Using one mouse and keyboard for all of my computers makes life easier. This co…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now