I don’t know what else to do. There is just my modem, 2 routers (each configured with an external static ip and connected to a lan card with an internal ip) and my server. I don’t have any other hardware in between. Port 53 is opened in both TCP and UDP.
Please help! I tried putting the route in DMZ mode for a minute and still got the same results in
http://www.intodns.com/pcelements.com
What output do you receive if you run this command on your server that’s running BIND:
netstat -an | grep :53
Is the IP 173.243.94.194 correct? Is that your router? Double-check if you forwarded port 53 TCP AND UDP in your router to the LAN IP of your BIND server. (DNS uses UDP for regular queries.)
Since you already verified before that something is listening on port 53 on your server, and that iptables isn’t blocking the port, that’s all I can think of. You might want to check the syslog at the time of failed query too. To additionally print the process name that’s listening on ports, do netstat -pln | grep :53
This the output for netstat -an | grep :53:
[root@apollo ~]# netstat -an | grep :53
tcp 0 0 10.0.1.100:53 0.0.0.0:* LISTEN
tcp 0 0 10.0.0.100:53 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN
tcp 0 0 :::53 :::* LISTEN
udp 0 0 10.0.1.100:53 0.0.0.0:*
udp 0 0 10.0.0.100:53 0.0.0.0:*
udp 0 0 127.0.0.1:53 0.0.0.0:*
udp 0 0 :::53 :::*
[root@apollo ~]#
The IP 10.0.1.100 is configured in the lan card that is connected to the router which is configured with the IP 173.243.94.194
Ports 53 TCP and UDP are forwarded in both routers to the internal IP’s 10.0.0.100 in router A and 10.0.1.100 in router B.
In “both” routers? There can be only one router that is responsible for your external IP and has to forward it to your BIND server.
But, I have 2 external IP’s assigned to my nameservers:
ns1.pcelements.com 173.243.84.34 - IP configured in router A
and
ns2.pcelements.com 173.243.94.194 - IP configured in router B
Well something is obviously wrong with your network setup. What’s the output of
ifconfig -a
route -n
And does port forwarding from your router B work in general? Did you try it with other PCs? I’m running out of ideas here.
This is the output for ifconfig -a :(I’m using eth2 and eth3)
eth0 Link encap:Ethernet HWaddr 00:13:72:4F:D5:8D
BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
eth1 Link encap:Ethernet HWaddr 00:13:72:4F:D5:8E
BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
eth2 Link encap:Ethernet HWaddr 00:04:23:CE:A5:62
inet addr:10.0.0.100 Bcast:10.0.0.255 Mask:255.255.255.0
inet6 addr: fe80::204:23ff:fece:a562/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:123276 errors:0 dropped:0 overruns:0 frame:0
TX packets:128368 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:49614901 (47.3 MiB) TX bytes:21928926 (20.9 MiB)
eth3 Link encap:Ethernet HWaddr 00:04:23:CE:A5:63
inet addr:10.0.1.100 Bcast:10.0.0.255 Mask:255.255.255.0
inet6 addr: fe80::204:23ff:fece:a563/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:7498 errors:0 dropped:0 overruns:0 frame:0
TX packets:568 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:609947 (595.6 KiB) TX bytes:35043 (34.2 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:39172 errors:0 dropped:0 overruns:0 frame:0
TX packets:39172 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:4955513 (4.7 MiB) TX bytes:4955513 (4.7 MiB)
This is the output for route -n:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2
10.0.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth3
169.254.0.0 0.0.0.0 255.255.0.0 U 1004 0 0 eth2
169.254.0.0 0.0.0.0 255.255.0.0 U 1005 0 0 eth3
0.0.0.0 10.0.0.1 0.0.0.0 UG 0 0 0 eth2
You have an incorrect broadcast address on your eth3. That might be a problem. Can you ping the router’s IP in the 10.0.1.* network from the server?
You might want to do a packet capture on your server, to see if DNS queries arrive via router B, and if replies go out:
tcpdump udp port 53
Yes, I can ping from the server to router B )10.0.1.1). I changed the broadcast address on eth3 to 10.0.1.255 and did a reboot on the server, but no change.
I’m getting this output for tcpdump udp port 53:
tcpdump: USB link-layer type filtering not implemented
So, I used this one that I found on Google, although I don’t know if this is what you wanted:
tcpdump -i eth3 port 53
and the output is:
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth3, link-type EN10MB (Ethernet), capture size 65535 bytes
^C
0 packets captured
0 packets received by filter
0 packets dropped by kernel
[root@apollo ~]# tcpdump -i eth3 port 53
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth3, link-type EN10MB (Ethernet), capture size 65535 bytes
^C
0 packets captured
0 packets received by filter
0 packets dropped by kernel
Right, you have to tell tcpdump what interface to listen on.
But unfortunately, I’m out of ideas here. All I can say is that for some reason, the DNS query packets don’t reach your server. They are filtered somewhere (it’s possible your ISP does so, for security reasons, i.e. filter DNS packets that aren’t replies to queries by you, after all you’re probably an end user and not a server operator) or not forwarded properly by your router. All I can suggest is to re-check the router in this regard. Maybe someone else can give some more input about this.
Hi Everybody!
I’m still having issues and I’m desperate!
I get this error when going to http://www.intodns.com/pcelements.com :
ERROR: One or more of your nameservers did not respond:
The ones that did not respond are:
173.243.94.194
I talked with my ISP and told us that they are not blocking any ports.
Does anybody have new ideas that I can try? I’m thinking about reinstalling Centos and Virtualmin from scratch.
Please Help!
I fear this issue is getting too complex for me to try and solve by “remote guessing”. If you’d like, I can offer you personal support by taking a look at your system myself: http://www.virtualmin.com/node/29342
Thanks Locutus for your offer!
But, I got a little impatient and reinstalled Centos and Virtualmin. This time, using only 1 IP address 173.243.84.34.
But, when I go to http://www.intodns.com/pcelements.com I still get some errors, but this time they are different.
Also, under System Settings -> Re-Check Configuration, I get the following message:
Default IP address is set to 10.0.0.100, but the detected external address is actually 173.243.84.34. This is typically the result of being behind a NAT firewall, and should be corrected on the module configuration page.
I guess both errors are related, but I don’t want to mess up my server this time. Can you guide me so I can solve this?
Thanks!
I figured it out.
In Virtualmin-System Settings-Virtualmin Configuration-Network Settings changed from Default IP Address for DNS Records from –Same as Virtual IP to Automatically Detect external Address.
I deleted the virtual server and created it again.
Works Perfectly! I really appreciate all your help!!!
Thank You!!!