[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: Bind 9 named on RH 9 only listens to local machine?

From: "Benjamin J. Weiss" <benjamin Weiss name>
To: redhat-list redhat com
Subject: Re: Bind 9 named on RH 9 only listens to local machine?
Date: Mon Sep 1 12:56:04 2003

On 31 Aug 2003, Bret Hughes wrote:

> On Sun, 2003-08-31 at 14:56, Benjamin J. Weiss wrote:
> > All,
> > 
> > I'm setting up a name server for work.  I've gone into the
> > redhat-config-bind tool, and I think I have all of the zones configured
> > correctly.  I was able to add the service with chkconfig, and I was able to
> > start the named service with /etc/init.d/named start.  I allowed port 53,
> > both tcp and udp through the firewall, with the following two iptables
> > rules:
> > 
> > -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 53 --syn -j ACCEPT
> > -A RH-Lokkit-0-50-INPUT -p udp -m udp --sport 53 -j ACCEPT
> > 
> > and restarted iptables.
> > 
> > I still couldn't get anything from dig, so I tried a netstat -tap | grep
> > named:
> > 
> > tcp        0      0 orion.osbi.state:domain *:*                     LISTEN
> > 21389/named
> > tcp        0      0 localhost:domain        *:*                     LISTEN
> > 21389/named
> > tcp        0      0 localhost:rndc          *:*                     LISTEN
> > 21389/named
> > 
> > 
> > Note that orion.osbi.state.ok.us is the name of the machine.  This seems to
> > show that the named daemon is only listening to itself for dns queries,
> > correct?
> > 
> 
> Not sure about this. I believe that the external ip address is getting
> resolved to the manchine name. Try:
> netstat -tapn | grep named
> 
> it should shout the ipaddress of the interface
> 
> Nret
> 

Okay:

[root orion root]# netstat -tapn | grep named
tcp        0      0 204.87.126.145:53       0.0.0.0:*               LISTEN      
21389/named
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      
21389/named
tcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN      
21389/named

And I can still do a dig from the machine, but not from any external 
machine.  I know the port is open (I've done an nmap from home).  I did a 
netstat -tapn | grep httpd, and it shows that the ip address should be 
0.0.0.0 instead of the local ip address....

Ben

Follow-Ups:
- Re: Bind 9 named on RH 9 only listens to local machine?
  - From: Bret Hughes

References:
- Re: Bind 9 named on RH 9 only listens to local machine?
  - From: Bret Hughes

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]