Re: bind 9.2.1 dig problems

From: David Efflandt (efflandt_at_xnet.com)
Date: 10/23/03

Next message: David Efflandt: "Re: Caching only name server"
Previous message: ynotssor: "Re: Caching only name server"
In reply to: mark stephens: "Re: bind 9.2.1 dig problems"
Next in thread: mark stephens: "Re: bind 9.2.1 dig problems"
Reply: mark stephens: "Re: bind 9.2.1 dig problems"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Thu, 23 Oct 2003 01:02:22 +0000 (UTC)

On 22 Oct 2003 07:39:00 -0700, mark stephens <mark_r_stephens@yahoo.com> wrote:
> iptables -L returns this for domain:
>
> ACCEPT udp -- opalfire anywhere udp
> spt:domain dpts:1025:65535
> ACCEPT udp -- ns1.mindspring.com anywhere udp
> spt:domain dpts:1025:65535
> ACCEPT udp -- ns2.mindspring.com anywhere udp
> spt:domain dpts:1025:65535

OK, which chain is that (OUTPUT?)? That appears to allow opalfire to
connect its port 53 (domain) to a limited range of ports anywhere, but
where is the rule to ACCEPT any port from anywhere to dpt:domain on
opalfire? Your tcpdump posted separately confirms that incoming domain
(port 53) requests are being refused as network unreachable.

> I'm still playing with tcpdump to see what's coming through.
>
> efflandt@xnet.com (David Efflandt) wrote in message news:<slrnbpbf6g.ebf.efflandt@typhoon.xnet.com>...
>> On 21 Oct 2003 08:40:08 -0700, mark stephens <mark_r_stephens@yahoo.com
>
> Check the output of 'iptables -L' on your nameserver. It could be running
>> a default firewall that only allows access from local IPs.
>>
>> Or run tcpdump and do a query from outside (internet) to see if there is
>> any sign of a hit and/or lack of response.

-- 
David Efflandt - All spam ignored  http://www.de-srv.com/
http://www.autox.chicago.il.us/  http://www.berniesfloral.net/
http://cgi-help.virtualave.net/  http://hammer.prohosting.com/~cgi-wiz/

Next message: David Efflandt: "Re: Caching only name server"
Previous message: ynotssor: "Re: Caching only name server"
In reply to: mark stephens: "Re: bind 9.2.1 dig problems"
Next in thread: mark stephens: "Re: bind 9.2.1 dig problems"
Reply: mark stephens: "Re: bind 9.2.1 dig problems"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages

How to put a web site on a dynamic IP?
... I have DSL with a dynamic IP from Verizon, and want to put a web site up. ... and the other, daphne, is at 4.11.176.232. ... Chain FORWARD ... Connection was to 4.11.176.232 at port 80 ...
(comp.os.linux.networking)
Re: Odd iptables blocking on port 25
... >>Chain OUTPUT ... >>OUTBOUND connection with SOURCE port 25 and a dynamic destination port? ... > The packet you are seeing is a SYN ACK packet, ie. a response to a new ...
(comp.os.linux.security)
Re: smtp and iptables
... The INPUT chain defines rules coming IN to the box, ... If this is the incoming mail server, then this is what you want ... Connect to your debian box using SSH (port 22) ...
(comp.os.linux.networking)
Re: iptables: using the same address lists against multiple ports
... It's under Netfilter Xtables support and is called "multiport" ... multiple port match support. ... Chain INPUT ...
(comp.os.linux.networking)
Re: iptables fubared?
... If I DON'T have traffic on port 8080, I have problems with iptables. ... Chain FORWARD (policy ACCEPT) ...
(Fedora)