The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

BIND Disabled & Port 53 blocked

Discussion in 'Bind / DNS / Nameserver Issues' started by ItsMattSon, Sep 5, 2016.

Tags:
  1. ItsMattSon

    ItsMattSon Well-Known Member

    Joined:
    Sep 5, 2016
    Messages:
    75
    Likes Received:
    16
    Trophy Points:
    8
    Location:
    Perth
    cPanel Access Level:
    Root Administrator
    Hi all,

    I've disabled BIND and blocked port 53 TCP & UDP inbound, because my authoritive nameservers are with my Registrar and I don't need to provide a nameserver to anyone as I'm not hosting anyone now or in the future.

    Could anybody please advise whether I *should* block port 53 completely (TCP/UDP inbound & outbound) or whether I need to leave TCP/UDP inbound or outbound open, and why?

    It doesn't appear to have caused any issues thus far?
     
  2. dalem

    dalem Well-Known Member
    PartnerNOC

    Joined:
    Oct 24, 2003
    Messages:
    2,577
    Likes Received:
    40
    Trophy Points:
    48
    Location:
    SLC
    cPanel Access Level:
    DataCenter Provider
    no you still need to query outbound because your server still need to resolve domains
     
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  4. ItsMattSon

    ItsMattSon Well-Known Member

    Joined:
    Sep 5, 2016
    Messages:
    75
    Likes Received:
    16
    Trophy Points:
    8
    Location:
    Perth
    cPanel Access Level:
    Root Administrator
    Does anyone know why, if I've disallowed port 53 altogether, why I can still 'dig' from my GoDaddy VPS?

    I obviously want to be able to, but for testing purposes i thought that should've broken the functionality?

    Untitled.png
     
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello,

    Could you let us know the specific dig command you used? For instance, can you reproduce the issue when using a public name servers (e.g. dig @8.8.8.8) instead of the resolvers defined in your /etc/resolv.conf file?

    Thank you.
     
  6. ItsMattSon

    ItsMattSon Well-Known Member

    Joined:
    Sep 5, 2016
    Messages:
    75
    Likes Received:
    16
    Trophy Points:
    8
    Location:
    Perth
    cPanel Access Level:
    Root Administrator
    Hi Michael,

    Here's the result of your query:

    dig 8.8.8.8

    8888.PNG

    dig google.com

    8888.PNG

    Note: 8.8.8.8 was in my resolv.conf for the second screenshot :) Thanks!

    Is this strange to you? (that it digs when 53 is not open in or out on tcp or udp)
     
    #6 ItsMattSon, Sep 9, 2016
    Last edited: Sep 9, 2016
  7. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    I recommend consulting with your data center or hosting provider to verify if any special configurations are utilized for DNS traffic over port 53.

    Thank you.
     
Loading...

Share This Page