tinydns not responding to remote queries [2]

jose sanchez j_r_sanchez at yahoo.com
Fri Apr 25 17:01:13 CDT 2003 

Hello:

After Alex's reply to my post I decided to run
ethereal on the DMZ to see if the queries were
reaching my dns server. I noticed that yes the queries
were reaching the server but, tinydns was not
resonding. I enabled tinydns to accept queries from
the outside and now problem is solved.

The only problem I am having is that when I try to
access one of the domain names' website by typing
www.domainname.com I can't get to it. I don't know if
I'm doing something wrong in tinydns' configuration.
Here is tinydns' data file:

.bluekc.com:65.28.15.82::259200
+www.bluekc.com:65.28.15.82:86400
+bluekc.com:65.28.15.82:86400

.albertopujols.com:65.28.15.82::259200
+www.albertopujols.com:65.28.15.82:86400
+albertopujols.com:65.28.15.82:86040

.whmicrohome.com:65.28.15.82::259200
+www.whmicrohome.com:65.28.15.82:86400
+whmicrohome.com:65.28.15.82:86400

.kcmultiservice.com:65.28.15.82::259200
+www.kcmultiservice.com:65.28.15.82:8600
+kcmultiservice.com:65.28.15.82:8600

.elinuxmagazine.com:65.28.15.82::259200
+www.elinuxmagazine.com:65.28.15.82:8600
+elinuxmagazine.com:65.28.15.82:8600

Then dns server on the registrar' for all the domains
is ns.bluekc.com, which is a "registered nameserver".

Is the aliasing correct or do I need to set it up as
hosts with the "=" sing?

Thanks.
--- Alex Greg <mailinglists at mwr.biz> wrote:
> Hi,
> 
> 
> Because of the nature of UDP, the port will only
> show up as being blocked if
> the packet is rejected rather than dropped. Else it
> shows as open (which is
> what was happening in my  case).
> 
> So evidently something is explicitly blocking your
> UDP port. What happens
> when you portscan the DNS server from behind the
> firewall? It also might be
> helpful if you post your firewall script.
> 
> 
> Alex
> ----- Original Message -----
> From: "jose sanchez" <j_r_sanchez at yahoo.com>
> To: <dns at list.cr.yp.to>
> Sent: Tuesday, April 22, 2003 3:11 PM
> Subject: Re: tinydns not responding to remote
> queries [2]
> 
> 
> > I am having a similar problem. I have my firewall
> to
> > forward traffic to port 53 (udp) to my DNS server
> but,
> > when I scan the firewall from the outside it shows
> > that port 53 is blocked and it isn't. I don't know
> why
> > I'm getting this problem. I've checked my script
> and
> > nowhere I'm blocking that port.
> >
> > I am getting time out errors. I don't know what to
> > look for. I know the firewall script is ok.
> >
> > Thanks.
> > --- Alex Greg <mailinglists at mwr.biz> wrote:
> > > Hi Paul,
> > >
> > >
> > > Thanks a lot for your help (and Georgi's). dnsq
> > > didn't return anything when
> > > I ran it, it just hung there with no output and
> > > eventually timed out:
> > >
> > > [root at exp apache]# dnsq a agreg.com
> 213.253.22.210
> > > 1 agreg.com:
> > > timed out
> > > [root at exp apache]#
> > >
> > >
> > > No entries appeared in the log files while dnsq
> or
> > > dnstrace were running
> > > from the remote machine. Additionally, I ran
> tcpdump
> > > as suggested, and no
> > > dns traffic was leaving the server  (only ssh
> > > traffic to my login here).
> > >
> > > However the log file is as follows (the queries
> > > appearing in it were run
> > > from the local machine, which works fine):
> > >
> > > [root at server1 main]# cat current
> > > @400000003e9d97530c874874 starting tinydns
> > > @400000003e9d9c03020a1264 d5fd16d2:f4f7:54a4 +
> 0001
> > > agreg.com
> > > @400000003e9d9c212d88e21c d5fd16d2:7170:1e4a +
> 000f
> > > agreg.com
> > > @400000003e9d9c7216ee913c d5fd16d2:48e3:af40 +
> 000f
> > > agreg.com
> > > @400000003e9d9c7f21394984 d5fd16d2:4620:34fa +
> 0001
> > > agreg.com
> > > @400000003e9d9c8308bb6f7c d5fd16d2:f424:8763 +
> 0001
> > > agreg.com
> > > @400000003e9d9c832f350f64 d5fd16d2:58e8:c492 +
> 0001
> > > agreg.com
> > > @400000003e9d9c840a5a6dc4 d5fd16d2:18be:d50d +
> 0001
> > > agreg.com
> > > @400000003e9d9c841abe561c d5fd16d2:0b04:d516 +
> 0001
> > > agreg.com
> > > @400000003e9d9c842bac4e34 d5fd16d2:c57d:3895 +
> 0001
> > > agreg.com
> > > @400000003e9d9c85011c10b4 d5fd16d2:2bc9:735f +
> 0001
> > > agreg.com
> > > @400000003e9d9c862d3cb61c d5fd16d2:a464:6097 +
> 0001
> > > agreg.com
> > > @400000003e9e977e20f3053c d5fd16d2:4175:0567 +
> 0001
> > > agreg.com
> > > @400000003e9ec4e10a3ad004 d5fd16d2:6f41:d8eb +
> 0001
> > > agreg.com
> > > @400000003e9ec4e10a47570c d5fd16d2:2a88:0c42 +
> 0001
> > > a.ns.agreg.com
> > > @400000003e9ec4e10a4ff614 d5fd16d2:def8:1259 +
> 0001
> > > b.ns.agreg.com
> > > @400000003e9ec4e10a587dac d5fd16d2:ba15:f150 +
> 0001
> > > agreg.com
> > > @400000003e9ec4e10a614f7c d5fd16d2:51ed:b5b6 +
> 0001
> > > a.ns.agreg.com
> > > @400000003e9ec4e10a6a05f4 d5fd16d2:6992:2eb4 +
> 0001
> > > b.ns.agreg.com
> > > @400000003e9ec5032f3f5834 d5fd16d2:0515:6556 +
> 0001
> > > agreg.com
> > > [root at server1 main]#
> > >
> > >
> > > Any ideas? It's frustrating, as I've had tinydns
> > > working fine at home!
> > >
> > >
> > > Alex
> > > ----- Original Message -----
> > > From: "Paul Jarc" <prj at po.cwru.edu>
> > > To: "Alex Greg" <mailinglists at mwr.biz>
> > > Cc: <dns at list.cr.yp.to>
> > > Sent: Thursday, April 17, 2003 7:32 PM
> > > Subject: Re: tinydns not responding to remote
> > > queries
> > >
> > >
> > > > "Alex Greg" <mailinglists at mwr.biz> wrote:
> > > > > However, I can't seem to make queries from
> > > remote machines:
> > > > >
> > > > > [root at exp root]# dnstrace a agreg.com
> > > 213.253.22.210
> > > > > 0:.:.:start:NS:.:.
> > > > > 0:.:.:start:A:.:213.253.22.210
> > > > > 1:agreg.com:.:213.253.22.210:tx
> > > > > 1:agreg.com:.:213.253.22.210:ALERT:query
> failed;
> > > timed out
> > > > > [root at exp root]#
> > > >
> > > > Try this again (but using dnsq; it's simpler,
> and
> > > it's enough for this
> > > > purpose), and have tcpdump running on the
> tinydns
> > > machine to see what
> > > > traffic is going to or from UDP port 53.  Also
> > > check tinydns's logs.
> > > >
> > > >
> > > > paul
> > >
> >
> >
> > =====
> > "An ounce of gold cannot buy an ounce of time."
> > - Anonymous
> >
> >
> > www.whmicro.com
> >
> > __________________________________________________
> > Do you Yahoo!?
> > The New Yahoo! Search - Faster. Easier. Bingo
> > http://search.yahoo.com
> 

__________________________________________________
Do you Yahoo!?
The New Yahoo! Search - Faster. Easier. Bingo
http://search.yahoo.com

More information about the Kclug mailing list