named - port 53 is open TCP and UDP, UDP not available from outside our network

J

justhey

Registered
Jul 9, 2014
3
0
1
cPanel Access Level
DataCenter Provider
Hi,

we have a problem with the named daemon running on a full cPanel server.

When doing dig from the the server to the server, I successfully get a result:

Code: 
[email protected] [~]# dig mydomain.com @HULK_IP

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> mydomain.com @HULK_IP
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 36996
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;domain.com. IN A

;; Query time: 3 msec
;; SERVER: HULK_IP#53(HULK_IP)
;; WHEN: Thu Sep 4 23:28:39 2014
;; MSG SIZE rcvd: 33
It also works when I do same dig command from any other server in the same subnet as this server. However, when I do it from any other computer not in our network, I get:
Code: 
dig mydomain.com @HULK_IP

; <<>> DiG 9.4.3-P2 <<>> mydomain.com @HULK_IP
;; global options: printcmd
;; connection timed out; no servers could be reached
I have tried to connect from multiple different servers outside our network and it simply doesn't work. What is interesting is that the telnet connection to the port 53 TCP works even from the outside:
Code: 
telnet HULK_IP 53
Trying HULK_IP...
Connected to mydomain.com.
Escape character is '^]'.


List of open ports (53) on the system is:
[email protected] [/]# netstat -na | grep 53
tcp 0 0 HULK_IP:53 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN
tcp 0 0 ::1:53 :::* LISTEN
udp 0 0 HULK_IP:53 0.0.0.0:*
udp 0 0 127.0.0.1:53 0.0.0.0:*
udp 0 0 ::1:53 :::*

What is also interesting is that DNS works normally on a cPanel DNSONLY server, I can connect to DNS via UDP and TCP from inside and outside the network so I am pretty sure that our central firewall doesn't block anything. It must be something on this system (hulk), however I am unable to find it.

I have spent quite some time on this and will be very glad for any ideas.

TIA, Matej
 
cPanelMichael

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,880
2,261
463
Hello :)

To clarify, it's not just the dig results, but websites do not resolve outside of your internal network for anyone attempting to access them from a web browser? If so, have you verified this happens for any DNS zone on your system? You can open a support ticket using the link in my signature so we can take a closer look. Post the ticket number here so we can update this thread with the outcome.

Thank you.
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
M Change cPanel DNSOnly to write to _default.nzf instead of named.conf Domain Management 4
speckados Sometimes, named.conf lost first lines of file. Domain Management 3
webmasteryoda ImportError: No module named argparse Domain Management 2
sehh named is using UDP port 48349 ?! Domain Management 0
W Raport of buggy scripting for DNS-named under SuSE 9.0 Domain Management 2
Similar threads
Change cPanel DNSOnly to write to _default.nzf instead of named.conf
Sometimes, named.conf lost first lines of file.
ImportError: No module named argparse
named is using UDP port 48349 ?!
Raport of buggy scripting for DNS-named under SuSE 9.0
Top Bottom