0

I'm trying to set up a DNS server with bind9 on Debain 10.

I can query the server from the local network, but when I try to dig on the server's public IP, I get connection timed out; no servers could be reached.

The server is a Debian 10 VM in Azure.

Ports 95 and 953 are open in Azure.

$ netstat -lnpu
...
udp        0      0 10.0.1.4:53             0.0.0.0:*                           2991/named          
udp        0      0 127.0.0.1:53            0.0.0.0:*                           2991/named          
udp6       0      0 :::53                   :::*                                2991/named          
...

Thank you!

Edit: I have no idea why I was using port 95. DNS uses port 53.

DCowan
  • 38
  • 3
  • "DNS uses port 53." Yes, but in UDP **AND** TCP. – Patrick Mevzek Jul 13 '20 at 16:57
  • @PatrickMevzek Yes, I know that. I just only showed the UDP ports here - mainly because I just pasted a command I used earlier. – DCowan Jul 13 '20 at 16:59
  • **A lot** of people think DNS is UDP only, so reiterating it is also over TCP is never useless. – Patrick Mevzek Jul 13 '20 at 17:44
  • @PatrickMevzek OK. TCP is usually only used as a backup, isn't it? – DCowan Jul 13 '20 at 18:46
  • That is exactly the idea that people SHOULD NOT have. DNS uses UDP and TCP, end of story. (If you want to have details, TCP is required at least for AXFR and DNS Update. And can be used for any other query, specifically if the recursive caching nameserver has observed in the past that some authoritative (or the network in between) is not replying correctly under UDP even with EDNS bufsize activated, and hence will do TCP immediately. And of course with a stretch, newer cases like DNS over HTTPS or DNS over TLS are using TCP at the core. Will be different for DNS over QUIC. – Patrick Mevzek Jul 13 '20 at 19:21
  • @PatrickMevzek Thank you for correcting me! :) – DCowan Jul 13 '20 at 20:14

1 Answers1

0

You need to open UDP port 53. Neither 95 nor 953 are used here.

Michael Hampton
  • 244,070
  • 43
  • 506
  • 972
  • Thank you so much! I have no idea why I allowed port 95! 953 is for bind9 remote administration. – DCowan Jul 13 '20 at 16:27