Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

SOLVED BIND Disabled & Port 53 blocked

Discussion in 'Bind/DNS/Nameserver' started by ItsMattSon, Sep 5, 2016.

Tags:
  1. ItsMattSon

    ItsMattSon Well-Known Member

    Joined:
    Sep 5, 2016
    Messages:
    167
    Likes Received:
    34
    Trophy Points:
    103
    Location:
    Perth
    cPanel Access Level:
    Root Administrator
    Hi all,

    I've disabled BIND and blocked port 53 TCP & UDP inbound, because my authoritive nameservers are with my Registrar and I don't need to provide a nameserver to anyone as I'm not hosting anyone now or in the future.

    Could anybody please advise whether I *should* block port 53 completely (TCP/UDP inbound & outbound) or whether I need to leave TCP/UDP inbound or outbound open, and why?

    It doesn't appear to have caused any issues thus far?
     
  2. dalem

    dalem Well-Known Member
    PartnerNOC

    Joined:
    Oct 24, 2003
    Messages:
    2,679
    Likes Received:
    71
    Trophy Points:
    203
    Location:
    SLC
    cPanel Access Level:
    DataCenter Provider
    no you still need to query outbound because your server still need to resolve domains
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,870
    Likes Received:
    1,811
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. ItsMattSon

    ItsMattSon Well-Known Member

    Joined:
    Sep 5, 2016
    Messages:
    167
    Likes Received:
    34
    Trophy Points:
    103
    Location:
    Perth
    cPanel Access Level:
    Root Administrator
    Does anyone know why, if I've disallowed port 53 altogether, why I can still 'dig' from my GoDaddy VPS?

    I obviously want to be able to, but for testing purposes i thought that should've broken the functionality?

    Untitled.png
     
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,870
    Likes Received:
    1,811
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Could you let us know the specific dig command you used? For instance, can you reproduce the issue when using a public name servers (e.g. dig @8.8.8.8) instead of the resolvers defined in your /etc/resolv.conf file?

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. ItsMattSon

    ItsMattSon Well-Known Member

    Joined:
    Sep 5, 2016
    Messages:
    167
    Likes Received:
    34
    Trophy Points:
    103
    Location:
    Perth
    cPanel Access Level:
    Root Administrator
    Hi Michael,

    Here's the result of your query:

    dig 8.8.8.8

    8888.PNG

    dig google.com

    8888.PNG

    Note: 8.8.8.8 was in my resolv.conf for the second screenshot :) Thanks!

    Is this strange to you? (that it digs when 53 is not open in or out on tcp or udp)
     
    #6 ItsMattSon, Sep 9, 2016
    Last edited: Sep 9, 2016
  7. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,870
    Likes Received:
    1,811
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    I recommend consulting with your data center or hosting provider to verify if any special configurations are utilized for DNS traffic over port 53.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice