[ale] Can't connect to port 53
Michael H. Warfield
mhw at WittsEnd.com
Thu Jan 17 18:34:40 EST 2013
On Thu, 2013-01-17 at 18:14 -0500, Jim Lynch wrote:
> Hosts file is OK, I'm not an expert at dns so I'll have to research the
> other possibility. Thanks,
By default, BIND is only going to listen on localhost:
IPv4: 127.0.0.1
IPv6: ::1
Try doing a "netstat -nta" | grep :53
Then see what it says.
If you want BIND to listen on the network in general, you'll have to set
up the listen-on and listen-on-v6 options. Make sure, if this is expose
to the network, that you have RESTRICTED recursion (your local host
and/or your local networks).
Examples from one of my nameserver's /etc/named.conf file:
ACL for my local networks and stuff for recursion:
--
acl recurse-allow {
130.205.0.0/16;
127.0.0.1
2001:4830:3000::/48;
2001:0:82cd:2004::/64;
::1
};
--
In global options:
--
options {
--
--
listen-on {
any;
};
listen-on-v6 {
!::ffff:0:0;
any;
};
provide-ixfr yes;
request-ixfr yes;
allow-recursion { recurse-allow; };
--
Regards,
Mike
> Jim.
> On 01/17/2013 06:07 PM, Matt Hessel wrote:
> >
> > When you telnet to local host, you are connecting to a virtual
> > interface (loopback) which uses 127.0.0.1
> >
> > External hosts cannot use it.
> >
> > Your bind9 instance has attached to the loopback instead of the
> > external IP address for your host.
> >
> > Check the configuration for bind, and optionally your hosts file, make
> > sure your hostname is set to the external IP, and not the loopback
> > (which is default)
> >
> > On Jan 17, 2013 5:59 PM, "Jim Lynch" <ale_nospam at fayettedigital.com
> > <mailto:ale_nospam at fayettedigital.com>> wrote:
> >
> > I have a vps system running bind9 that I can telnet to port 53
> > from the local system but not from any other system (I tried
> > three). See:
> >
> > telnet localhost 53
> > Trying ::1...
> > Connected to localhost.
> > Escape character is '^]'.
> > }^]
> > telnet> quit
> >
> > ifconfig | grep inet
> >
> > inet addr:xxx.xxx.33.120 P-t-P:xxx.xxx.33.120
> > Bcast:xxx.xxx.33.120 Mask:255.255.255.255
> >
> > iptables -L
> > Chain INPUT (policy ACCEPT)
> > target prot opt source destination
> >
> > Chain FORWARD (policy ACCEPT)
> > target prot opt source destination
> >
> > Chain OUTPUT (policy ACCEPT)
> > target prot opt source destination
> >
> > (from another host)
> > telnet xxx.xxx.33.120 53
> > Trying xxx.xxx.33.120...
> > telnet: Unable to connect to remote host: Connection refused
> >
> > /etc/hosts.deny has some entries, but none for the host that can't
> > connect and all the entries are for sshd anyway.
> >
> > Is there something else that needs to be configured? Selinux
> > doesn't seem to be installed on this Centos 5.8 system. No
> > sestatus command, no /etc/selinux/config file, etc.
> >
> > Thanks,
> > Jim.
> >
> >
> >
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org <mailto:Ale at ale.org>
> > http://mail.ale.org/mailman/listinfo/ale
> > See JOBS, ANNOUNCE and SCHOOLS lists at
> > http://mail.ale.org/mailman/listinfo
> >
> >
> >
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > http://mail.ale.org/mailman/listinfo/ale
> > See JOBS, ANNOUNCE and SCHOOLS lists at
> > http://mail.ale.org/mailman/listinfo
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
--
Michael H. Warfield (AI4NB) | (770) 985-6132 | mhw at WittsEnd.com
/\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 482 bytes
Desc: This is a digitally signed message part
URL: <http://mail.ale.org/pipermail/ale/attachments/20130117/cf509b16/attachment.sig>
More information about the Ale
mailing list