DNS Server Port 53, is not reachable from the internet

Wayne Barron
Wayne Barron used Ask the Experts™
on
Hello, All;

Virtual Machine
Windows 2016 Server
Windows DNS
Belkin Router

OK, the other day my port 53 became unavailable, I did not find out about it, until last night.
All my other ports are reachable, but port 53 is NOT.
I have it opened in my Router, and I can telnet 53 on the VM Server itself.

The servers have been running fine for several months.
Can someone please let me know what I need to check, as this has all my sites down as well as the Mail Server.

Wayne
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Paul MacDonaldDirector, Information Systems

Commented:
Two things I'd look for:
1) Windows (or other software-based) Firewall on the VM and the host
2) Another software product that interferes with DNS (Quickbooks can break DNS if Quickbooks doesn't start first.)
Wayne BarronAuthor, Web Developer
Top Expert 2009

Author

Commented:
Neither one is an issue on the server.
If I can telnet the port, it should be OK and accessible on the server.
Scott SilvaNetwork Administrator

Commented:
Are you telnetting the port from outside?
Internal and external issues can be different.
Also your ISP could be blocking port 53 for some reason...
Sometimes they will get random ideas about different services they decide they don't want customers running...
Expert Spotlight: Joe Anderson (DatabaseMX)

We’ve posted a new Expert Spotlight!  Joe Anderson (DatabaseMX) has been on Experts Exchange since 2006. Learn more about this database architect, guitar aficionado, and Microsoft MVP.

Wayne BarronAuthor, Web Developer
Top Expert 2009

Author

Commented:
I can telnet to the server from within the network on port 53.
I cannot telnet from outside of the network, the WWW cannot access my port 53.
Called my ISP, and since I purchased a Static IP From them, and I have my Modem BRIDGED to my Router.
There is no way for them to block any of my ports.
Paul MacDonaldDirector, Information Systems

Commented:
"If I can telnet the port, it should be OK and accessible on the server."
Creating a connection on port 53 doesn't mean you're talking to DNS, it just means you're talking to something that's listening on port 53.
Scott SilvaNetwork Administrator

Commented:
Telnet doesn't really work with DNS queries... Could be as simple as a router reboot, or it could be something else...
You need to use dig or other things that speak DNS from OUTSIDE... If they don't connect, I would really look at your routers port forwards.
Principal Support Engineer
Commented:
If you can connect to the port from within your network and not from outside, the most likely culprit is your router. Check that port-forwarding rule again (and maybe even delete and recreate it). Also, keep in mind that DNS usually uses UDP  but can switch to TCP if necessary. Telnet, on the other hand, can only be used to connect to TCP ports.
Wayne BarronAuthor, Web Developer
Top Expert 2009

Author

Commented:
I have DNS Connection now.
I can ping from the outside world and make a connection to my DNS Server.
HOWEVER. using tools: intodns.com
They cannot see or speak to my DNS Server.

So. To fix the issue with connecting to my DNS Server, the IP Address had been changed on the network, and I had to change it in the router.
From .22 to .21

So now, I just need to find out why the world is not able to communicate with it?
DrDave242Principal Support Engineer

Commented:
Can you post the relevant portion of the intodns.com report? The details might help narrow down the problem.
Wayne BarronAuthor, Web Developer
Top Expert 2009

Author

Commented:
Mismatched NS records
WARNING: One or more of your nameservers did not return any of your NS records.
DNS servers responded
ERROR: One or more of your nameservers did not respond:
The ones that did not respond are:
Multiple Nameservers
ERROR: Looks like you have less than 2 nameservers.
Missing nameservers reported by your nameservers
You should already know that your NS records at your nameservers are missing, so here it is again:
SOA record
No valid SOA record came back!
MX Records
Oh well, I did not detect any MX records
WWW A Record
ERROR: I could not get any A records for domain name
Scott SilvaNetwork Administrator
Commented:
do you feel confident sharing your domain name?
We could test from different spots on the planet...

And are you sure your port forward on your router is UDP and not just TCP?
Does your router have any name services of its own? If it does you will need to make sure it is off...
Wayne BarronAuthor, Web Developer
Top Expert 2009

Author

Commented:
Dang.
OK, so, it was a HUGE mistake on my part, that goes all the way back to a month ago when I switched everything over from a single drive to a RAID drive setup with a Server Farm consisting of 7-VM Windows 2016 servers.

So, from the existing VMs that were not a Farm, I simply added in new entries into the ROUTER for the new servers and disabled the old pointers. And the IP Addresses I used (DUAL NICS), everything worked great for about a month, and then, yesterday happened.
The only thing I needed to do was change the IP Address to the other NIC, and BAM, everything went to working.

So, for future visitors to this Thread.
If you have DUAL NICS, and you are having issues with your DNS not working.
Change to the other NIC within your ROUTER.

Thanks all.
I will split the point and have this as ANSWER.

Wayne
Wayne BarronAuthor, Web Developer
Top Expert 2009

Author

Commented:
Oh, and my Name Server had changed as well and was not properly put in.
So, I have to wait for that to go into effect and hopefully by tomorrow, I can post that everything is working right.
The only thing that is working at the moment, at least for some sites is the Mail Server.
And the DNS is working for getting my GMail to work for my main domain as well.

A lot of oversite and mess that I should have caught onto a month ago, is now biting me in the butt.
Scott SilvaNetwork Administrator

Commented:
As long as you have it swinging toward fixed, that is good...

Don't feel bad, we all have done something like it at least once...
Wayne BarronAuthor, Web Developer
Top Expert 2009

Author

Commented:
It seems that I have more issues than I originally expected.
DNS or Something is not functioning properly.

When I try to add my NS record, for my domain that I have assigned to the IP Address.
It gives me:

The IP Address(es) or this server cannot be found.
No such host is known.

The NS record exists and is found.
NS Record
But, I can no longer access it through my network.
And I use BUDDYNS.COM as well, and they also do not resolve like they used to.
Nothing works.

What has happened?
before switching over to a Web forest, I just had 4 servers that ran everything and all worked.
But now that I am running ARR, it is proving to be a complete pain in the butt, to get this thing working properly.

Any idea's on what would be causing the DNS Resolve Error?
NS Record - The IP Address for this server cannot be found.
Wayne BarronAuthor, Web Developer
Top Expert 2009

Author

Commented:
Fixed the last issue.
On my primary domain, of which is
carrz-fox-fire.com
I needed the primary server to be.
ns1.carrz-fox-fire.com

All is good for this one.
Going to close it out.

I tell you, all it takes is a few minutes of reading and NOT being tired when you do it.

Have a good one all.
Wayne

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial