On 24 February 2018 at 12:36, Reco <recovery...@gmail.com> wrote:
> Ok, what about this (again, run it from the malfunctioning DNS, root is
> needed for the second and third command):
>
> dig in a debian.org @127.0.0.1
>
> ss -nplu
>
> iptables-save
>
I've attached the output of those commands also now.
> > As previously mentioned each server and client has 2 network cards, one
> > which provides internet access to the client or server, and the other
> > provides internal services that are on the local network after the
> > firewall, the DNS server shouldn't be accessible by any clients or
> servers
> > that are on the internet/external side of my router/firewall.
>
> You're talking about inbound connections, but your problem may lie with
> the outbound ones.
>
Oh right I see.
<https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>
Virus-free.
www.avast.com
<https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>
<#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
root@debian:~# dig in a debian.org @127.0.0.1
; <<>> DiG 9.10.3-P4-Debian <<>> in a debian.org @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 22821
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;debian.org. IN A
;; Query time: 336 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat Feb 24 12:38:39 GMT 2018
;; MSG SIZE rcvd: 39
root@debian:~# ss -nplu
State Recv-Q Send-Q Local Address:Port
Peer Address:Port
UNCONN 0 0 10.0.2.20:53
*:*
users:(("named",pid=1193,fd=515))
UNCONN 0 0 192.168.0.61:53
*:*
users:(("named",pid=1193,fd=514))
UNCONN 0 0 127.0.0.1:53
*:*
users:(("named",pid=1193,fd=513))
UNCONN 0 0 *:68
*:*
users:(("dhclient",pid=456,fd=6))
UNCONN 0 0 :::53
:::*
users:(("named",pid=1193,fd=512))
root@debian:~# iptables-save
root@debian:~#
