[CentOS] Yes another "I can't open port 53 for Bind DNS"
Ken Smith
kens at kensnet.org
Wed Feb 1 09:01:08 UTC 2012
Shane Bywater wrote:
> Hi,
> It's just past 3am and for the past 6 hours I've been
> configuring a secondary name server to replace one that just crashed.
> My problem appears to be that port 53 is not open for some reason on my
> server even though I have this:
>
> [root at tribe etc]# netstat -an | grep ":53 "
> tcp 0 0 205.211.154.3:53
> 0.0.0.0:* LISTEN
> tcp 0 0 127.0.0.1:53
> 0.0.0.0:* LISTEN
> udp 0 0 205.211.154.3:53 0.0.0.0:*
>
> {snip}
>
> But with a test from
> http://www.yougetsignal.com/tools/open-ports/
> it says port 53 is closed.
>
> I'm using CentOS 6.0 and BIND 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.2
>
> I'm not using iptables (well I didn't configure any)
>
{snip}
> 5 REJECT all -- 0.0.0.0/0 0.0.0.0/0
> reject-with icmp-host-prohibited
>
>
{snip}
> Can someone suggest something I have forgotten?
>
> TIA,
> Shane
>
I think iptables rule 5 is stopping DNS.
I can 'see' your ICMP (ping) and SSH are open from here.
I've not used Centos 6 in production yet but try entering:-
iptables -I INPUT 4 -p udp --dport 53 -m state --state
NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -I INPUT 4 -p tcp --dport 53 -m state --state
NEW,ESTABLISHED,RELATED -j ACCEPT
hopefully that will fix it
YMMV
Ken
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the CentOS
mailing list