I installed CentOS 4 on a new box to use as a DNS server. It is a basic server install. I configured named and it is all up and running fine. It just isn't listening on Port 53. It also (obviously) does not respond to DNS requests. Requests from the machine itself are processed just fine, so the service is working. It just can't be used by other machines. Not good for a public DNS server. I did install and turn on SELinux. Maybe that was a mistake? I've not worked with SELinux before. Thanks for any ideas, Michael
Michael Barnes spake the following on 4/4/2007 10:46 AM:> I installed CentOS 4 on a new box to use as a DNS server. It is a basic > server install. > > I configured named and it is all up and running fine. It just isn't > listening on Port 53. It also (obviously) does not respond to DNS > requests. Requests from the machine itself are processed just fine, so > the service is working. It just can't be used by other machines. Not > good for a public DNS server. > > I did install and turn on SELinux. Maybe that was a mistake? I've not > worked with SELinux before. > > Thanks for any ideas, > MichaelDid you also enable the firewall? Did you allow the DNS ports to be open? -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!!
Michael Barnes wrote:> I installed CentOS 4 on a new box to use as a DNS server. It is a basic > server install. > > I configured named and it is all up and running fine. It just isn't > listening on Port 53. It also (obviously) does not respond to DNS > requests. Requests from the machine itself are processed just fine, so > the service is working. It just can't be used by other machines. Not > good for a public DNS server. > > I did install and turn on SELinux. Maybe that was a mistake? I've not > worked with SELinux before. > > Thanks for any ideas, > Michael > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos > >Do you see the server in a netstat -a??? You should see it on TCP domain (which is port 53) and UDP domain.. You say it works when local.. Meaning when you are on the machine and you do a host domain.com, it returns ok?? But when on another host and you do a host domain.com ns1.server.com, it doesnt respond?? -ed-
On 4/4/07, Michael Barnes <mbarnes at srnradio.com> wrote:> I installed CentOS 4 on a new box to use as a DNS server. It is a basic > server install. > > I configured named and it is all up and running fine. It just isn't > listening on Port 53. It also (obviously) does not respond to DNS > requests. Requests from the machine itself are processed just fine, so > the service is working. It just can't be used by other machines. Not > good for a public DNS server. > > I did install and turn on SELinux. Maybe that was a mistake? I've not > worked with SELinux before. >Sounds like the default firewall is also turned on. The SElinux policies on this service would affect things both locally and remotely. Since local host/dig requests work, it sounds like the iptables is not allowing remote 53 tcp/udp packates -- Stephen J Smoogen. -- CSIRT/Linux System Administrator How far that little candle throws his beams! So shines a good deed in a naughty world. = Shakespeare. "The Merchant of Venice"
On Wed April 4 2007 13:46, Michael Barnes wrote:> I installed CentOS 4 on a new box to use as a DNS server. It is a basic > server install. > > I configured named and it is all up and running fine. It just isn't > listening on Port 53. It also (obviously) does not respond to DNS > requests. Requests from the machine itself are processed just fine, so > the service is working. It just can't be used by other machines. Not > good for a public DNS server. > > I did install and turn on SELinux. Maybe that was a mistake? I've not > worked with SELinux before.There are so many possibilities where does one start? You don't give us much information to go on. I seen the other replies to your question but I didn't see anyone ask about your DNS setup itself. Check your DNS configuration and ensure that others are allowed to make requests to this box. -- Regards Robert Smile... it increases your face value!