FC4 Trying to get nameserver working

pushback · #1 27th June 2005, 05:43 AM

Hello,

I had a thread already going on this but for some reason all the posts from zigzagcom got deleted--so, here we go again ...

I am trying to get my nameserver to propagate my domain to Internet but its just not happening. I can see the requests coming in using tcpdump, but each request is met with "unreachable - admin prohibited":

20:33:49.504131 IP 202.188.0.181.36949 > 192.168.100.3.domain: 17223 A? mydomain.com. (24)
20:33:49.504242 IP 192.168.100.3 > 202.188.0.181: icmp 60: host 192.168.100.3 unreachable - admin prohibited

I have the server behind a linksys router. The external IP of the router is what the registrar was instructed to send requests to (nameserver) and I have the linksys router rigged to forward all port 53 traffic to the server (192.168.100.3).

Port 53 is indeed open on the server (portscanned from the LAN):

Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
Interesting ports on dsl081-053-098.sfo1.dsl.speakeasy.net (64.81.53.98):
(The 1596 ports scanned but not shown below are in state: filtered)
Port State Service
21/tcp open ftp
22/tcp open ssh
53/tcp open domain
80/tcp open http
10000/tcp open snet-sensor-mgmt

Nmap run completed -- 1 IP address (1 host up) scanned in 189 seconds

and 53 is open to Internet on the router (portscanned from another server out on Internet)

(The 1596 ports scanned but not shown below are in state: filtered)
Port State Service
21/tcp open ftp
22/tcp open ssh
53/tcp open domain
80/tcp open http

As far as the server is concerned--named is running just peachy:

named 424 1 0 Jun25 ? 00:00:00 /usr/sbin/named -u named -t /var/named/chroot

and the zone file appears to be fine:

$TTL 180s
@ IN SOA ns4.mydomain.com. webmaster.mydomain.com. (
2005062501 ; Serial
180s ; Refresh Slaves
1H ; Retry
1W ; Expiry
1D ) ; Minimum
;
NS www ; Internet address of nameserver
mydomain.com. MX 10 mail ; Primary Mail Exchanger

;
localhost A 127.0.0.1
apollo A 123.123.123.123 <---external IP
ns4 CNAME apollo
ns5 CNAME apollo
www CNAME apollo
ftp CNAME apollo
mail CNAME apollo

So--the question is--why can't I propagate my domain name?

pushback · #2 29th June 2005, 03:31 AM

OK--I got this solved. I'll enter the resolution in here so that others won't have to wrack their brains like I did for 2 weeks! It seems it wasn' a DNS issue at all, rather, I had to have both UDP and TCP open on the firewall (IPtables) for DNS to work. Once I opened up UDP for port 53 the problem was solved.