Hello, I can't make DNS zones resolve outside my network, I follow the manual, the ports are open on the firewall, but I cant telnet port 53 from the internet. Please point me where to fix this issue. Best Regards
Is the domain registered properly, and the domain uses your name server as authoritative name server? There is Tutorial on setting up DNS with ISPConfig. Tutorial has instructions on testing, that part applies even when setting up DNS in other ways. https://www.howtoforge.com/tutorial/setting-up-your-own-name-service-with-ispconfig/#nbsptesting
Hello thanks for the reply man, Yes the port is open, 53 and 953 also in the firewall. The domain are registered and the server is the start of authority in the registrar. I have a conversation with the ISP and my public IP is now authorize to send emails, that was an advance (roundcube send the email to google but as it does not resolve it was dellivered to spam, but before it wasn't even received), I delete al the DNS records to start all over again. When I telnet the 53 port with localhost it connected : root@host2722:~# telnet 192.168.15.27 53 Trying 192.168.15.27... Connected to 192.168.15.27. Escape character is '^]'. Connection is made from server I could think that ports on firewall are correctly open also fron localhost. but when I try the same test from the outside : root@host0588:/etc/bind# telnet host2722.borderxxx.com 53 Trying 187.162.218.53... telnet: Unable to connect to remote host: Connection timed out The ISP insist that the port is open. The router config is DMZ to local address everything else works. I have two locations thinking in redundancy and on both happens that port unaccesible. if I execute : ; <<>> DiG 9.11.5-P4-5.1-Debian <<>> foraneos.mx ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16626 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ; COOKIE: 5406cee5c42fda7dae692eef5e5525548beb34caff35a4e1 (good) ;; QUESTION SECTION: ;foraneos.mx. IN A ;; ANSWER SECTION: foraneos.mx. 3600 IN A 187.162.218.53 ;; AUTHORITY SECTION: foraneos.mx. 3600 IN NS dns2.borderxxxx.com. foraneos.mx. 3600 IN NS dns1.borderxxxx.com. ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Tue Feb 25 07:47:00 CST 2020 ;; MSG SIZE rcvd: 137 I resolve without problems, but again If I try to resolve from outside It didn't. I have a chat with my ISP later and he insist that the port is open and fowarded to my router. Please help, how can I tell that's true or false?
Check with netstat that BIND really listens to the correct IP and with iptables command that port 53 is not closed. If that's both ok, then your problem must be outside of the server (Router / External Firewall / Firewall at ISP).
Hello Till, I made the test from my workstation that has another internal IP address 192.168.15.5 : javier@linux-588j:~> telnet 192.168.15.27 53 Trying 192.168.15.27... Connected to 192.168.15.27. Escape character is '^]'. And netstat : root@host2722:~# netstat -tuanp | grep named tcp 0 0 192.168.15.27:53 0.0.0.0:* LISTEN 1097/named tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 1097/named tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 1097/named tcp6 0 0 :::53 :::* LISTEN 1097/named tcp6 0 0 ::1:953 :::* LISTEN 1097/named udp 0 0 192.168.15.27:53 0.0.0.0:* 1097/named udp 0 0 127.0.0.1:53 0.0.0.0:* 1097/named udp6 0 0 :::53 :::* 1097/named and iptables -L Chain ufw-user-input (1 references) target prot opt source destination .... ACCEPT tcp -- anywhere anywhere tcp dpt:smtp ACCEPT tcp -- anywhere anywhere tcp dpt:domain ....... ACCEPT udp -- anywhere anywhere udp dpt:domain ACCEPT udp -- anywhere anywhere udp dpt:mysql ACCEPT tcp -- anywhere anywhere tcp dpt:953 ACCEPT udp -- anywhere anywhere udp dpt:953 I even add on named.conf.options : listen-on { any; }; allow-query { any; }; I end this post when solved, thank you. Best regards, looks everithing is ok so it is the ISP.
Sorry for the delay, yes it is as DMZ, but only that port is not passing through. I check and recheck is crazy, the ISP is going to change the router for one better, but I run out of Ideas. Regards,
Seems like your ISP is blocking that port, or the router has this port assigned to a DNS service of it's own. Besides that, do you really want to run your DNS at a normal home connection, which is not too reliable?
Yes I think the router uses that port (just for catching). do you know how to work around it? Regrads
If the company where you bought the domains offers a DNS service (as most of them do), then use their DNS service instead of running your own DNS server. Or get a server or virtual server in a data center and run your server there without port restrictions.
Thank's for your attention Till, I follow your advise with a shared unexpensive server can do the DNS job. Best Regards, Update: Talking with my ISP they had no restrictions, just a bad "modem-router" with a small ubiquity one I will have control of everything on ISPconfig.