DNS Reports showing major error on remote dns server

WebHostPro

Well-Known Member
PartnerNOC
Jul 28, 2002
1,721
27
328
LA, Costa RIca
cPanel Access Level
Root Administrator
Twitter
WARNING: One or more of your DNS servers does not accept TCP connections. Although rarely used, TCP connections are occasionally used instead of UDP connections. When firewalls block the TCP DNS connections, it can cause hard-to-diagnose problems. The problem servers are:


Anyone know what would cause this? I have three remote servers set up but one gives this error, I disabled the firewall and it still does it. Also it has the dns zones rom new accounts fine and show bind running fine.

Can't see any errors on the server yet it keeps showing this.
 

mtindor

Well-Known Member
Sep 14, 2004
1,363
65
178
inside a catfish
cPanel Access Level
Root Administrator
WARNING: One or more of your DNS servers does not accept TCP connections. Although rarely used, TCP connections are occasionally used instead of UDP connections. When firewalls block the TCP DNS connections, it can cause hard-to-diagnose problems. The problem servers are:


Anyone know what would cause this? I have three remote servers set up but one gives this error, I disabled the firewall and it still does it. Also it has the dns zones rom new accounts fine and show bind running fine.

Can't see any errors on the server yet it keeps showing this.
you likely wont see any errors on the server... it'll probably neve generate errors itself. But it sounds like TCP 53 is not open to that server, from the website that is doing the checking.

On the server in question you should be able to do a netstat and see if its active:
netstat -an|grep tcp|grep :53

tcp 0 0 xxx.xxx.xx.xxx:53 0.0.0.0:* LISTEN
tcp 0 0 xxx.xxx.xx.xxx:53 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN

And you should be able to telnet port 53 of that server and get a connection established (quite a non-useful connection, but a connection nonetheless). If you get a connection refused, then TCP 53 isn't active on that IP. If you dont get an established connection but instead it times out, a firewall somewhere is the culprit.

Mike
 

mtindor

Well-Known Member
Sep 14, 2004
1,363
65
178
inside a catfish
cPanel Access Level
Root Administrator
Thanks Mike, I get this from that command:

tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN

Should it lists the ip's as well?
Yeah it should. I don't know if your Listen-On stanza only has 127.0.0.1 in iti, or if there is some other directive that is eluding me that may be in your named.conf and causing it not to listen.

If you want to post the first bunch of lines of your named.conf (and obscure your actual IPs if they are in there), we can tell you. We don't need any of the 'zone' lines that list the domains you are authoritative for.

Are you running CentOS 5.0 ro RHEL 5 (if there is such a best) - you know, the latest greatest redhat-based?

MIke
 

WebHostPro

Well-Known Member
PartnerNOC
Jul 28, 2002
1,721
27
328
LA, Costa RIca
cPanel Access Level
Root Administrator
Twitter
Yeah it should. I don't know if your Listen-On stanza only has 127.0.0.1 in iti, or if there is some other directive that is eluding me that may be in your named.conf and causing it not to listen.

If you want to post the first bunch of lines of your named.conf (and obscure your actual IPs if they are in there), we can tell you. We don't need any of the 'zone' lines that list the domains you are authoritative for.

Are you running CentOS 5.0 ro RHEL 5 (if there is such a best) - you know, the latest greatest redhat-based?

MIke
Actually I added the ip's in the cpanel add ip tool, then rebooted and now it doesn't show the error. Thanks again.