<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=utf-8">
<META NAME="Generator" CONTENT="MS Exchange Server version 6.5.7652.24">
<TITLE>Re: [tclug-list] DNS connection refused</TITLE>
</HEAD>
<BODY>
<!-- Converted from text/plain format -->
<P><FONT SIZE=2>This is from my blackberry so I might not have seen it all, but maybe the listen-on port 53 (127.00.1) is the problem. Shouldn't that ip be the external interface?<BR>
<BR>
<BR>
-----<BR>
Sent from my wireless device<BR>
<BR>
-----Original Message-----<BR>
From: tclug-list-bounces@mn-linux.org <tclug-list-bounces@mn-linux.org><BR>
To: tclug-list@mn-linux.org <tclug-list@mn-linux.org><BR>
Sent: Wed Jul 02 21:40:11 2008<BR>
Subject: [tclug-list] DNS connection refused<BR>
<BR>
Howdy,<BR>
<BR>
I have Fedora 9 installed and would like to use it as the DNS system in the house.<BR>
<BR>
The setup is as follows<BR>
<BR>
options {<BR>
listen-on port 53 { 127.0.0.1; };<BR>
listen-on-v6 port 53 { ::1; };<BR>
directory "/var/named";<BR>
dump-file "/var/named/data/cache_dump.db";<BR>
statistics-file "/var/named/data/named_stats.txt";<BR>
memstatistics-file "/var/named/data/named_mem_stats.txt";<BR>
allow-query { localhost; };<BR>
recursion yes;<BR>
forwarders {<BR>
68.87.77.130;<BR>
68.87.72.130;<BR>
};<BR>
};<BR>
logging {<BR>
channel default_debug {<BR>
file "data/named.run";<BR>
severity dynamic;<BR>
};<BR>
};<BR>
zone "." IN {<BR>
type hint;<BR>
file "named.ca";<BR>
};<BR>
<BR>
<BR>
include "/etc/named.rfc1912.zones";<BR>
<BR>
zone "home.local" {<BR>
type master;<BR>
file "/var/named/home.local.hosts";<BR>
};<BR>
<BR>
zone "1.168.192.in-addr.arpa" {<BR>
type master;<BR>
file "1.168.192.in-addr.arpa.zone";<BR>
allow-update { key "rndckey"; };<BR>
notify yes;<BR>
<BR>
<BR>
I have the files in /var/named setup and configured. From the DNS system I can type<BR>
nslookup 43p and get the following<BR>
[root@fc9 named]# vi /etc/named.conf<BR>
[root@fc9 named]# nslookup 43p<BR>
Server: 127.0.0.1<BR>
Address: 127.0.0.1#53<BR>
Name: 43p.home.local<BR>
Address: 192.168.1.52<BR>
<BR>
From a windows system I get the following<BR>
C:\Users\dalan>nslookup 43p<BR>
Server: UnKnown<BR>
Address: 192.168.1.50:53<BR>
*** UnKnown can't find 43p: Query refused<BR>
<BR>
From the AIX system I get<BR>
(43p-aix) [dalan] nslookup 43p<BR>
*** Can't find server name for address 192.168.1.50:Query refused<BR>
*** Default servers are not available<BR>
(43p-aix) [dalan]<BR>
<BR>
I have shut off the firewall and SE-Linux on the Fedora system. I'm not sure why the fedora system is blocking/refusing the request coming from another system.<BR>
I even put the following entries in iptables.<BR>
SERVER_IP="192.168.1.50"<BR>
iptables -A INPUT -p udp -s 0/0 --sport 1024:65535 -d $SERVER_IP --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT<BR>
iptables -A OUTPUT -p udp -s $SERVER_IP --sport 53 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT<BR>
iptables -A INPUT -p udp -s 0/0 --sport 53 -d $SERVER_IP --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT<BR>
iptables -A OUTPUT -p udp -s $SERVER_IP --sport 53 -d 0/0 --dport 53 -m state --state ESTABLISHED -j ACCEPT<BR>
iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 -d $SERVER_IP --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT<BR>
iptables -A OUTPUT -p tcp -s $SERVER_IP --sport 53 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT<BR>
iptables -A INPUT -p tcp -s 0/0 --sport 53 -d $SERVER_IP --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT<BR>
iptables -A OUTPUT -p tcp -s $SERVER_IP --sport 53 -d 0/0 --dport 53 -m state --state ESTABLISHED -j ACCEPT<BR>
<BR>
I still have the same effect.<BR>
<BR>
Running the following shows that the system is refusing the connection.<BR>
/usr/sbin/tcpdump -X port 53<BR>
<BR>
[root@fc9 named]# /usr/sbin/tcpdump -X port 53<BR>
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode<BR>
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes<BR>
21:39:38.512926 IP aix.sparish.local.52686 > fc9.sparish.local.domain: 46304+ PTR? 50.1.168.192.in-addr.arpa. (43)<BR>
0x0000: 4500 0047 ac22 0000 1e11 6ccd c0a8 0134 E..G."....l....4<BR>
0x0010: c0a8 0132 cdce 0035 0033 7c2c b4e0 0100 ...2...5.3|,....<BR>
0x0020: 0001 0000 0000 0000 0235 3001 3103 3136 .........50.1.16<BR>
0x0030: 3803 3139 3207 696e 2d61 6464 7204 6172 8.192.in-addr.ar<BR>
0x0040: 7061 0000 0c00 01 pa.....<BR>
21:39:38.519048 IP fc9.sparish.local.domain > aix.sparish.local.52686: 46304 Refused- 0/0/0 (43)<BR>
0x0000: 4500 0047 0000 4000 4011 b6ef c0a8 0132 E..G..@.@......2<BR>
0x0010: c0a8 0134 0035 cdce 0033 fc26 b4e0 8105 ...4.5...3.&....<BR>
0x0020: 0001 0000 0000 0000 0235 3001 3103 3136 .........50.1.16<BR>
0x0030: 3803 3139 3207 696e 2d61 6464 7204 6172 8.192.in-addr.ar<BR>
0x0040: 7061 0000 0c00 01 pa.....<BR>
<BR>
<BR>
Any help would be welcome<BR>
<BR>
Thanks<BR>
</FONT>
</P>
</BODY>
</HTML>