[CentOS] Yes another "I can't open port 53 for Bind DNS"

Ken Smith kens at kensnet.org
Wed Feb 1 09:01:08 UTC 2012


Shane Bywater wrote:
> Hi,
>            It's just past 3am and for the past 6 hours I've been
> configuring a secondary name server to replace one that just crashed.
> My problem appears to be that port 53 is not open for some reason on my
> server even though I have this:
>
> [root at tribe etc]# netstat -an | grep ":53 "
> tcp        0      0 205.211.154.3:53
> 0.0.0.0:*                   LISTEN
> tcp        0      0 127.0.0.1:53
> 0.0.0.0:*                   LISTEN
> udp        0      0 205.211.154.3:53            0.0.0.0:*
>    

> {snip}
>
> But with a test from
> http://www.yougetsignal.com/tools/open-ports/
> it says port 53 is closed.
>
> I'm using CentOS 6.0 and BIND 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.2
>
> I'm not using iptables (well I didn't configure any)
>    
{snip}


> 5    REJECT     all  --  0.0.0.0/0            0.0.0.0/0
> reject-with icmp-host-prohibited
>
>    
{snip}
> Can someone suggest something I have forgotten?
>
> TIA,
> Shane
>    
I think iptables rule 5 is stopping DNS.

I can 'see' your ICMP (ping) and SSH are open from here.

I've not used Centos 6 in production yet but try entering:-

iptables -I INPUT 4 -p udp --dport 53 -m state --state 
NEW,ESTABLISHED,RELATED -j ACCEPT

iptables -I INPUT 4 -p tcp --dport 53 -m state --state 
NEW,ESTABLISHED,RELATED  -j ACCEPT



hopefully that will fix it

YMMV

Ken

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.




More information about the CentOS mailing list