>If named is running and doesn't respond on the external interface, it's
>possible that your listen-on {}; directive is set to only localhost.
>TCP connections to 205.238.182.102 come back "Connection refused", so
>it's possible that BIND just isn't listening on the interface or perhaps
>you're filtering the inbound queries. Do you see the queries come in to
>the box, either via packet dump or query logs?
Is your BIND server behind a firewall? Is it only listening on localhost, or
on an internal interface? If '~]$ netstat -nlp | grep named' tells you that
named is only listening on 127.0.0.1:53, then you need to adjust listen-on in
named.conf. If you are running iptables, you need to allow at least UDP/53 in,
if this is a master transferring to slaves, it might be a good idea to allow
TCP/53 in as well. If you are behind a firewall, you need to open up UDP/53
or port forward UDP/53 to your bind server.
Here's what I see when looking at the IP you provided:
~]$ sudo nmap -sT -sU -p 53 205.238.182.102
Starting Nmap 5.51 ( http://nmap.org ) at 2014-09-30 16:02 MST
Nmap scan report for www3.greenbuilder.com (205.238.182.102)
Host is up (1.1s latency).
PORT STATE SERVICE
53/tcp closed domain
53/udp closed domain
Here is what I should see, using Google's DNS server as an example:
~]$ sudo nmap -sT -sU -p 53 8.8.8.8
Starting Nmap 5.51 ( http://nmap.org ) at 2014-09-30 16:03 MST
Nmap scan report for google-public-dns-a.google.com (8.8.8.8)
Host is up (0.062s latency).
PORT STATE SERVICE
53/tcp open domain
53/udp open|filtered domain
John A.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
