DNS/BIND not answering external requests

Issues related to configuring your network
Post Reply
combatfisher
Posts: 9
Joined: 2020/04/25 14:09:15

DNS/BIND not answering external requests

Post by combatfisher » 2020/04/25 14:28:26

I am trying to migrate from a Mac OS X (DNS/webserver) to a CentOS (DNS/Webserver). I'm having trouble with BIND answering external requests (internal seems to work okay on my 192.168.0.x network)

/etc/named.conf
options {
listen-on port 53 { 127.0.0.1; any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
allow-query { 127.0.0.1; any; };
allow-query-cache { localhost; };
recursion no;
};
...all the zones...these are working okay internally on my 192.168.0.x network.

# firewall-cmd --get-active-zones
public
interfaces: enp6s0
# firewall-cmd --info-zone=public
public (active)
target: default
icmp-block-inversion: no
interfaces: enp6s0
sources:
services: cockpit dhcpv6-client ssh
ports: 80/tcp 443/tcp 53/udp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:

I have a router (192.168.0.1) that answering requests from my Mac OS X machine with no problem. When I switch the router to the CentOS box, it stops answering requests...

# netstat -tunal
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 192.168.0.11:53 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN
tcp 0 0 192.168.0.11:22 192.168.0.253:55995 ESTABLISHED
tcp6 0 0 :::80 :::* LISTEN
tcp6 0 0 ::1:53 :::* LISTEN
tcp6 0 0 :::22 :::* LISTEN
tcp6 0 0 ::1:953 :::* LISTEN
tcp6 0 0 :::443 :::* LISTEN
udp 0 0 192.168.0.11:53 0.0.0.0:*
udp 0 0 127.0.0.1:53 0.0.0.0:*
udp6 0 0 ::1:53 :::*

Internally, it has no problems...but when I try to request externally, it's just not responded...what am I missing ?

Thanks.

User avatar
TrevorH
Forum Moderator
Posts: 28514
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: DNS/BIND not answering external requests

Post by TrevorH » 2020/04/25 15:01:37

It's better to use --add-service=dns rather than --add-port=53/udp as the dns.xml opens both tcp and udp port 53. For other services the xml may also do other things like load nf_conntrack_* modules but in this case it does not. Similarly you should --add-service=http and https rather than opening the individual ports 80 & 443 though that should also work.

It would appear that your server is listening on all the right ip addresses so are you sure you got your port forwarding correct on the router? It will need both tcp and udp ports 53 forwarded to 192.168.0.11.
CentOS 6 will die in November 2020 - migrate sooner rather than later!
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 is dead, do not use it.
Full time Geek, part time moderator. Use the FAQ Luke

combatfisher
Posts: 9
Joined: 2020/04/25 14:09:15

Re: DNS/BIND not answering external requests

Post by combatfisher » 2020/04/26 00:37:33

I will give this a try (thanks).

I'm very sure I have my port forwarding set correctly. I setup my 2 servers on the same subnet (192.168.0.x) and I just point from my Mac OS X server to the CentOS server. The Mac OS X server is running normally and answering requests.

I'll let you know how things work out...

combatfisher
Posts: 9
Joined: 2020/04/25 14:09:15

Re: DNS/BIND not answering external requests

Post by combatfisher » 2020/04/26 03:13:50

Still the same problem. My router has no problem serving requests from my Mac OS X computer but when I switch to the CentOS system, it is still not serving requests. It also works fine from non-broadcasting IP address 192.168.0.x

Any ideas what could be blocking this ?

Firewall settings are now:
# firewall-cmd --info-zone=public
public (active)
target: default
icmp-block-inversion: no
interfaces: enp6s0
sources:
services: cockpit dhcpv6-client dns http https ssh
ports: 80/tcp 443/tcp 53/udp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:

# netstat -tunal
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 192.168.0.11:53 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN
tcp 0 0 192.168.0.11:22 192.168.0.253:59130 ESTABLISHED
tcp6 0 0 :::80 :::* LISTEN
tcp6 0 0 ::1:53 :::* LISTEN
tcp6 0 0 :::22 :::* LISTEN
tcp6 0 0 ::1:953 :::* LISTEN
tcp6 0 0 :::443 :::* LISTEN
udp 0 0 192.168.0.11:53 0.0.0.0:*
udp 0 0 127.0.0.1:53 0.0.0.0:*
udp6 0 0 ::1:53 :::*

File : /etc/named.conf
options {
listen-on port 53 { 127.0.0.1; any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
allow-query { 127.0.0.1; any; };
allow-query-cache { localhost; };
recursion no;
};
...(all the zones)

combatfisher
Posts: 9
Joined: 2020/04/25 14:09:15

Re: DNS/BIND not answering external requests

Post by combatfisher » 2020/04/26 03:22:42

I think I got it figured out...thanks for the help...

I removed all the ports and services...then I re-added the services dns, http, https. It's now serving the requests externally

# firewall-cmd --info-zone=public
public (active)
target: default
icmp-block-inversion: no
interfaces: enp6s0
sources:
services: cockpit dhcpv6-client dns http https ssh
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:

combatfisher
Posts: 9
Joined: 2020/04/25 14:09:15

Re: DNS/BIND not answering external requests

Post by combatfisher » 2020/04/26 03:24:58

It seems like the DNS records (SOA records) are not working the same as what I had on my Mac. I guess that's another problem I need to deal with.

combatfisher
Posts: 9
Joined: 2020/04/25 14:09:15

Re: DNS/BIND not answering external requests

Post by combatfisher » 2020/04/28 17:02:47

It's happening again !!! I cannot get my external DNS requests...but internal requests are working fine. Why ?

# rpm -qa bind*
bind-9.11.4-26.P2.el8.x86_64
bind-license-9.11.4-26.P2.el8.noarch
bind-utils-9.11.4-26.P2.el8.x86_64
bind-libs-9.11.4-26.P2.el8.x86_64
bind-libs-lite-9.11.4-26.P2.el8.x86_64
bind-export-libs-9.11.4-26.P2.el8.x86_64


/etc/named.conf file
options {
listen-on port 53 { 127.0.0.1; any; };
listen-on-v6 port 53 { ::1; };
allow-query { 127.0.0.1; any; };
allow-query-cache { localhost; any; };
directory "/var/named";
recursion no;
allow-recursion { none; };
dnssec-enable yes;
dnssec-validation yes;
};

...
Zone information


# firewall-cmd --info-zone=public
public (active)
target: default
icmp-block-inversion: no
interfaces: enp6s0
sources:
services: cockpit dhcpv6-client dns http https ssh
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:

all DNS look-ups work when I use my internal IP address...but when I try using my external IP address, it times-out. When I switch my router to my Mac OS X machine, it works fine...so the ports on the router are not the problem...firewall seems okay...what am I missing ?

combatfisher
Posts: 9
Joined: 2020/04/25 14:09:15

Re: DNS/BIND not answering external requests

Post by combatfisher » 2020/04/28 17:40:07

# netstat -tunal
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:5355 0.0.0.0:* LISTEN
tcp 0 0 192.168.0.11:53 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN
tcp 0 0 192.168.0.11:22 192.168.0.253:54767 ESTABLISHED
tcp6 0 0 :::5355 :::* LISTEN
tcp6 0 0 :::80 :::* LISTEN
tcp6 0 0 ::1:53 :::* LISTEN
tcp6 0 0 :::22 :::* LISTEN
tcp6 0 0 ::1:953 :::* LISTEN
tcp6 0 0 :::443 :::* LISTEN
udp 0 0 192.168.0.11:53 0.0.0.0:*
udp 0 0 127.0.0.1:53 0.0.0.0:*
udp 0 0 127.0.0.53:53 0.0.0.0:*
udp 0 0 0.0.0.0:5355 0.0.0.0:*
udp6 0 0 ::1:53 :::*
udp6 0 0 :::5355 :::*

Post Reply

Return to “CentOS 8 - Networking Support”