On 02/01/2012 10:01 AM, Ken Smith wrote: > Shane Bywater wrote: >> Hi, >> It's just past 3am and for the past 6 hours I've been >> configuring a secondary name server to replace one that just crashed. >> My problem appears to be that port 53 is not open for some reason on my >> server even though I have this: >> >> [root at tribe etc]# netstat -an | grep ":53 " >> tcp 0 0 205.211.154.3:53 >> 0.0.0.0:* LISTEN >> tcp 0 0 127.0.0.1:53 >> 0.0.0.0:* LISTEN >> udp 0 0 205.211.154.3:53 0.0.0.0:* >> > >> {snip} >> >> But with a test from >> http://www.yougetsignal.com/tools/open-ports/ >> it says port 53 is closed. >> >> I'm using CentOS 6.0 and BIND 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.2 >> >> I'm not using iptables (well I didn't configure any) >> > {snip} > > >> 5 REJECT all -- 0.0.0.0/0 0.0.0.0/0 >> reject-with icmp-host-prohibited >> >> > {snip} >> Can someone suggest something I have forgotten? >> >> TIA, >> Shane >> > I think iptables rule 5 is stopping DNS. > > I can 'see' your ICMP (ping) and SSH are open from here. > > I've not used Centos 6 in production yet but try entering:- > > iptables -I INPUT 4 -p udp --dport 53 -m state --state > NEW,ESTABLISHED,RELATED -j ACCEPT > > iptables -I INPUT 4 -p tcp --dport 53 -m state --state > NEW,ESTABLISHED,RELATED -j ACCEPT You only want "--state NEW". The related/established bit is handled by rule 1 in the INPUT chain. Regards, Dennis