Hi all,
I'm setting up a DNS server on CentOS 5.2, but can't get it to listen to the outside IP address for DNS queries. There's no firewall installed yet.
Here's the BIND config options:
options { /* make named use port 53 for the source of all queries, to allow * firewalls to block all ports except 53: */
query-source port 53;
// Put files that named is allowed to write in the data/ directory: directory "/var/named"; // the default dump-file "data/cache_dump.db"; statistics-file "data/named_stats.txt"; /* memstatistics-file "data/named_mem_stats.txt"; */ };
Yet, it only listes on 127.0.0.1
netstat -tulpn | grep :53 Stopping named: [ OK ] Starting named: [ OK ] tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 28979/named tcp 0 0 ::1:53 :::* LISTEN 28979/named udp 0 0 127.0.0.1:53 0.0.0.0:* 28979/named udp 0 0 ::1:53 :::* 28979/named
What am I missing?
From: Rudi Ahlers rudiahlers@gmail.com
I'm setting up a DNS server on CentOS 5.2, but can't get it to listen to the outside IP address for DNS queries. There's no firewall installed yet.
Here's the BIND config options:
options { /* make named use port 53 for the source of all queries, to allow * firewalls to block all ports except 53: */
query-source port 53; // Put files that named is allowed to write in the data/ directory: directory "/var/named"; // the default dump-file "data/cache_dump.db"; statistics-file "data/named_stats.txt";/* memstatistics-file "data/named_mem_stats.txt"; */ };
Yet, it only listes on 127.0.0.1
What am I missing?
I think, you need to tell him on which IP to listen to... See 'listen-on' in named.conf man page.
JD
Rudi Ahlers wrote:
Hi all,
I'm setting up a DNS server on CentOS 5.2, but can't get it to listen to the outside IP address for DNS queries. There's no firewall installed yet.
Here's the BIND config options:
This might depend on the version of bind that you're using. I don't have a specific line in my centos5.2's named.conf to request it to listen on particular addresses, but I do remember having to force it in the past: listen-on-v6 { none; }; listen-on { 127.0.0.1; 192.168.0.1; public.ip.addr.ess; }
-- Duncan Hutty
On 23/03/2009, Duncan Hutty dhutty@allgoodbits.org wrote:
Rudi Ahlers wrote:
Hi all,
I'm setting up a DNS server on CentOS 5.2, but can't get it to listen to the outside IP address for DNS queries. There's no firewall installed yet.
Here's the BIND config options:
As an aside using query-source port 53 makes you more vulnerable to last summer's DNS cache poisoning bug as all your queries are going to be coming from the same port.
mike
On Mon, Mar 23, 2009 at 4:27 PM, Duncan Hutty dhutty@allgoodbits.org wrote:
Rudi Ahlers wrote:
Hi all,
I'm setting up a DNS server on CentOS 5.2, but can't get it to listen to the outside IP address for DNS queries. There's no firewall installed yet.
Here's the BIND config options:
This might depend on the version of bind that you're using. I don't have a specific line in my centos5.2's named.conf to request it to listen on particular addresses, but I do remember having to force it in the past: listen-on-v6 { none; }; listen-on { 127.0.0.1; 192.168.0.1; public.ip.addr.ess; }
-- Duncan Hutty
Thanx Duncan, this is what I had tried, but it didn't work the first time. When I tried again, I did notice an error in the /etc/rndc file, which after fixing, worked fine.
-
Duncan Hutty -
John Doe -
Michael Simpson -
Rudi Ahlers