A new and improved instance of onlo.htt-consult.com is up and providing DNS service. It is my 1st Centos 6.3 production box. This is Phase I which included IPv6 working 'right'. Phase II will be to sign my zone and get fully with DNSSEC. I want to thank people here in answering my questions. Now on to other projects. I have a couple dozen to tackle.
It looks like no system, internal or external could access the DNS on my new server. IPTABLES was set for 53 both UDP and TCP. Firewall was OK. In fact a local system on the same subnet, thus NOT going through my firewall was denied access to the internal domain. Localhost of course works. So it is either the Linux firewall and bind port randomization, or it is SELINUX. How do I test to find out which? Since the new server is on the same IP address as the old, it is unplugged from the switch. I can switch back and forth between to two boxes, only taking the time for ARP table updates. So I hope someone can point me to what I have missed. On 02/20/2013 02:13 PM, Robert Moskowitz wrote:> A new and improved instance of onlo.htt-consult.com is up and providing > DNS service. It is my 1st Centos 6.3 production box. > > This is Phase I which included IPv6 working 'right'. Phase II will be > to sign my zone and get fully with DNSSEC. > > I want to thank people here in answering my questions. > > Now on to other projects. I have a couple dozen to tackle. > > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >
Robert Moskowitz <rgm at ...> writes:> > It looks like no system, internal or external could access the DNS on my > new server. IPTABLES was set for 53 both UDP and TCP. Firewall was OK. > In fact a local system on the same subnet, thus NOT going through my > firewall was denied access to the internal domain. Localhost of course > works.<SNIP> Not sure what you mean be "Localhost of course works." Are you using: dig @localhost any mysubdom.mydom.com to see if the DNS server is responding? If not, try dig on your DNS both using @localhost, @int.ernal.ip.addr and @ext.ernal.ip.addr and then try it from other systems on your network. The first thing to do is to make sure the DNS server responds correctly to queries. Cheers, Dave
On 02/21/2013 10:16 AM, David G. Miller wrote:> Robert Moskowitz <rgm at ...> writes: > >> It looks like no system, internal or external could access the DNS on my >> new server. IPTABLES was set for 53 both UDP and TCP. Firewall was OK. >> In fact a local system on the same subnet, thus NOT going through my >> firewall was denied access to the internal domain. Localhost of course >> works. > <SNIP> > Not sure what you mean be "Localhost of course works." Are you using: > > dig @localhost any mysubdom.mydom.com > > to see if the DNS server is responding? > > If not, try dig on your DNS both using @localhost, @int.ernal.ip.addr and > @ext.ernal.ip.addr and then try it from other systems on your network. > > The first thing to do is to make sure the DNS server responds correctly to > queries.All solved with adding allow-query.