Shane Bywater wrote: > Hi, > It's just past 3am and for the past 6 hours I've been > configuring a secondary name server to replace one that just crashed. > My problem appears to be that port 53 is not open for some reason on my > server even though I have this: > > [root at tribe etc]# netstat -an | grep ":53 " > tcp 0 0 205.211.154.3:53 > 0.0.0.0:* LISTEN > tcp 0 0 127.0.0.1:53 > 0.0.0.0:* LISTEN > udp 0 0 205.211.154.3:53 0.0.0.0:* > > {snip} > > But with a test from > http://www.yougetsignal.com/tools/open-ports/ > it says port 53 is closed. > > I'm using CentOS 6.0 and BIND 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.2 > > I'm not using iptables (well I didn't configure any) > {snip} > 5 REJECT all -- 0.0.0.0/0 0.0.0.0/0 > reject-with icmp-host-prohibited > > {snip} > Can someone suggest something I have forgotten? > > TIA, > Shane > I think iptables rule 5 is stopping DNS. I can 'see' your ICMP (ping) and SSH are open from here. I've not used Centos 6 in production yet but try entering:- iptables -I INPUT 4 -p udp --dport 53 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT iptables -I INPUT 4 -p tcp --dport 53 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT hopefully that will fix it YMMV Ken -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.