[CentOS] Not - Re: New DNS server up and running
James Hogarth
james.hogarth at gmail.com
Thu Feb 21 09:30:20 UTC 2013
On 21 February 2013 01:28, Robert Moskowitz <rgm at htt-consult.com> wrote:
> It looks like no system, internal or external could access the DNS on my
> new server. IPTABLES was set for 53 both UDP and TCP. Firewall was OK.
> In fact a local system on the same subnet, thus NOT going through my
> firewall was denied access to the internal domain. Localhost of course
> works.
>
> So it is either the Linux firewall and bind port randomization, or it is
> SELINUX. How do I test to find out which?
>
> Since the new server is on the same IP address as the old, it is
> unplugged from the switch. I can switch back and forth between to two
> boxes, only taking the time for ARP table updates.
>
> So I hope someone can point me to what I have missed.
>
audit2allow -a will tell you if it's selinux ... and specifically what is
wrong...
A quick test would be getenforce Permissive and restarting bind ...
Incidentally what do you mean by bind port randomization? DNS needs to be
on port 53 as the dest port and iptables rules should not be taking a
source port from systems into account...
More information about the CentOS
mailing list