named - port 53 is open TCP and UDP, UDP not available from outside our network


Jul 9, 2014
cPanel Access Level
DataCenter Provider

we have a problem with the named daemon running on a full cPanel server.

When doing dig from the the server to the server, I successfully get a result:

[email protected] [~]# dig @HULK_IP

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> @HULK_IP
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 36996
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

; IN A

;; Query time: 3 msec
;; WHEN: Thu Sep 4 23:28:39 2014
;; MSG SIZE rcvd: 33
It also works when I do same dig command from any other server in the same subnet as this server. However, when I do it from any other computer not in our network, I get:
dig @HULK_IP

; <<>> DiG 9.4.3-P2 <<>> @HULK_IP
;; global options: printcmd
;; connection timed out; no servers could be reached
I have tried to connect from multiple different servers outside our network and it simply doesn't work. What is interesting is that the telnet connection to the port 53 TCP works even from the outside:
telnet HULK_IP 53
Trying HULK_IP...
Connected to
Escape character is '^]'.

List of open ports (53) on the system is:
[email protected] [/]# netstat -na | grep 53
tcp 0 0 HULK_IP:53* LISTEN
tcp 0 0* LISTEN
tcp 0 0* LISTEN
tcp 0 0 ::1:53 :::* LISTEN
udp 0 0 HULK_IP:53*
udp 0 0*
udp 0 0 ::1:53 :::*

What is also interesting is that DNS works normally on a cPanel DNSONLY server, I can connect to DNS via UDP and TCP from inside and outside the network so I am pretty sure that our central firewall doesn't block anything. It must be something on this system (hulk), however I am unable to find it.

I have spent quite some time on this and will be very glad for any ideas.

TIA, Matej


Staff member
Apr 11, 2011
Hello :)

To clarify, it's not just the dig results, but websites do not resolve outside of your internal network for anyone attempting to access them from a web browser? If so, have you verified this happens for any DNS zone on your system? You can open a support ticket using the link in my signature so we can take a closer look. Post the ticket number here so we can update this thread with the outcome.

Thank you.