I would like to setup a public DNS server that uses the server hosts file for certain domains, and then falls back on google's DNS for all other queries.
At such, I setup dnsmasq with the following minimal config:
no-resolv
server=8.8.4.4
server=8.8.8.8
interface=eth0
no-dhcp-interface=eth0
log-queries
log-dhcp
If I run nslookup mydomain.com 127.0.0.1 on the server, I get returned the correct IP address for mydomain.com from the server's hosts file.
However, if I were to replace 127.0.0.1 with the server's public IP, whether I run this command on the server or another host, I get the following error:
;; connection timed out; no servers could be reached
The server is an Amazon Linux EC2 instance with iptables turned off, and the server's firewall policy has tcp port 53 open for 0.0.0.0/0. eth0 is the only network connection for the server.
If I run netstat -vatn on the server, I can see that something is listening on tcp port 53 on 0.0.0.0:
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN
I can see that port 53 is open on the server because I can successfully open a connection with telnet my-server-ip 53, but I never get any response back from the server on that connection.
This leads me to believe that perhaps my dnsmasq config might be missing something. Does anybody have any ideas?
