2

My server has 2 ips: x.x.x.73 and x.x.x.248. I can access my site via these ips, using Web browser.

{Now, from a CentOS machine (not my server), using terminal}
If I:

dig @x.x.x.73 mydomain.com 
dig @x.x.x.248 mydomain.com

I get the result:

Connection timed out; no server could be reached.

Could somebody please tell me how to fix it? Thank you.

More information:

If I log in to my server using ssh and do:

dig @x.x.x.73 mydomain.com
dig @x.x.x.248 mydomain.com

I can see my zone shown as expected:

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-16.P1.el5_7.1 <<>> @x.x.x.73 mydomain.com
 ; (1 server found)
 ;; global options: printcmd
 ;; Got answer:
 ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12757
 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2

 ;; QUESTION SECTION:
 ;mydomain.com. IN A

 ;; ANSWER SECTION:
 mydomain.com. 38400 IN A x.x.x.73
 mydomain.com. 38400 IN A x.x.x.248

 ;; AUTHORITY SECTION:
 mydomain.com. 38400 IN NS ns2.mydomain.com.
 mydomain.com. 38400 IN NS ns1.mydomain.com.

 ;; ADDITIONAL SECTION:
 ns1.mydomain.com. 38400 IN A x.x.x.73
 ns2.mydomain.com. 38400 IN A x.x.x.248

 ;; Query time: 20 msec
 ;; SERVER: x.x.x.73#53(x.x.x.73)
 ;; WHEN: Sun Jan 15 11:46:30 2012
 ;; MSG SIZE rcvd: 129

  • BIND version 9.3.6, Centos 5.

  • Logging to my server using ssh, do inga "dig google.com" also shows expected results.

x4954
  • 23
  • 3

3 Answers3

6

You probably need to open port 53 in your firewall to allow DNS traffic into your server. As you are using CentOS 5

iptables -I RH-Firewall-1-INPUT -p udp -m udp --dport 53 -j ACCEPT
iptables -I RH-Firewall-1-INPUT -p tcp -m tcp --dport 53 -j ACCEPT

Should get you going. If this works then 

service iptables save

Will save your current firewall configuration.

user9517
  • 115,471
  • 20
  • 215
  • 297
  • Thank you for all your help... I don't know much about iptable, but http://ping.eu/port-chk/ shows that my server ip x.x.x.73:53 port is open. Is that fine? Could you please suggest more... – x4954 Jan 15 '12 at 11:14
  • The following is added to my /etc/sysconfig/iptables, but it still not work (after service iptables restart)...
    # Generated by iptables-save v1.3.5 on Mon Jan 16 09:36:11 2012 *filter :INPUT ACCEPT [148:13252] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [115:19884] :RH-Firewall-1-INPUT - [0:0] -I RH-Firewall-1-INPUT -p udp -m udp --dport 53 -j ACCEPT -I RH-Firewall-1-INPUT -p tcp -m tcp --dport 53 -j ACCEPT COMMIT     – x4954 Jan 16 '12 at 08:19
  • Is there another firewall between your CentOS client and the Server ? – user9517 Jan 16 '12 at 14:51
  • The issue fixed now. It's my vps/hosting provider blocked upd port. Thank Iain for all your advice. – x4954 Jan 16 '12 at 23:40
  • I'd like to accept all the answers, but seems that the system allows me to accept just one of them. I love you all. – x4954 Jan 17 '12 at 00:15
5

The primary problem is most likely that the DNS port 53 will be filtered out at some point before your server (or even with a firewall rule on your server).

Some other hints: It's usually not a good idea to run both name servers on the same machine and network. Also, it's very unusual to run the DNS server for your domain in the first place. It's not impossible, but you have to be sure you understand the implications of that. Mainly that means that your server must be registered as the authoritative server for this domain in the TLD of your choice.

Sven
  • 98,649
  • 14
  • 180
  • 226
  • Thank you for your help. ns1/ns2.mydomain.com has been registered at enom with the 2 ips of my server. – x4954 Jan 15 '12 at 11:17
  • 1
    @x4954 Your secondary DNS server should be on a different network block, preferably a separate location. Given the ongoing amplification attacks, implement a split zone DNS so that your server won't participate. – BillThor Jan 15 '12 at 15:51
  • Thank SvenW. The issue fiexed now; It's my vps/myhosting provider blocked udp port. About the security advice, I would save it for future reference, for at this time it's beyond my knowledge on this field. I am just at the begining steps seting and running up my first server :) – x4954 Jan 16 '12 at 23:54
1

Chances are you have not allowed recursion and queries from external devices (the internet)

Try setting bind to allow recursion and queries from localnets as well as localhost (127.0.0.1) in the bind config file.

Lucas Kauffman
  • 16,880
  • 9
  • 58
  • 93
Steve Rowe
  • 11
  • 1