On 20/04/2021 09:25, Jack Craig wrote:
On Mon, Apr 19, 2021 at 5:27 PM Ed Greshko <ed.greshko@xxxxxxxxxxx <mailto:ed.greshko@xxxxxxxxxxx>> wrote:
On 20/04/2021 07:31, Jack Craig wrote:
>
>
> On Mon, Apr 19, 2021 at 3:11 PM Ed Greshko <ed.greshko@xxxxxxxxxxx <mailto:ed.greshko@xxxxxxxxxxx> <mailto:ed.greshko@xxxxxxxxxxx <mailto:ed.greshko@xxxxxxxxxxx>>> wrote:
>
> On 19/04/2021 03:18, Jack Craig wrote:
> >
> > On Fri, Apr 16, 2021, at 10:56 AM, Ed Greshko wrote:
> > > On 16/04/2021 17:19, Ed Greshko wrote:
> > > > On 16/04/2021 10:35, Jack Craig wrote:
> > > >> First I get my static IP from AT&T actually a block of eight addresses of which only the first do they agree to pass through.
> > > >>
> > > >
> > > > BTW, if you are hosting the DNS server and if your DNS server has the IP address of 108.220.213.121 then
> > > > this could be a problem.
> >
> > *
> > *
> > *would you expand on this comment? i think this is an issue,... thx..*
>
> I should have mentioned you should check your named.conf. By default it contains
>
> options {
> listen-on port 53 { 127.0.0.1; };
I had the external IP number listed here as well and was listening on both localhost and public IP
so I've changed the content to be as you've indicated here listening only on local host
?????? Why would you want to listen only on localhost? I never indicated that that would be a
go idea. I said it was the "default".
I think you'd be best served having
listen-on port 53 { 127.0.0.1; 10.0.0.1; 108.220.213.121; };
Here I am assuming your "internal" IP address is 10.0.0.1.
>
>
> i had listen to localhost & external ip, trimmed to just localhost
>
> listen-on-v6 port 53 { ::1; };
I had this turned off but I might as well get it up and running now as the IP4 stuff starting to come together
ultimately we want to have both covered
Well, you only have to be concerned with IPv6 if you've been assigned IPv6 addresses.
>
> meaning it only is listening on the loopback interface.
>
>
> i have uncovered some ns info issues with my ip provider, att, dns config issues...
> working them out; you guys are a god-and tho! ;) thx!!!
>
Maybe you're not yet up and running, but FWIW, port 53 continues to show as
closed for both TCP and UDP at 108.220.213.121.
*curious, may i ask how you reach that observation?*
*i see, ...*
*
*
*netstat -tapnl | grep named
tcp 0 0 127.0.0.1:53 <http://127.0.0.1:53> 0.0.0.0:* LISTEN 1088294/named
tcp 0 0 127.0.0.1:953 <http://127.0.0.1:953> 0.0.0.0:* LISTEN 1088294/named *
That indicates named/bind is *ONLY* listening on the loopback/localhost IP address!!
That will result in a "closed" status for the port from External systems.
I run.....
nmap -A -T4 -p53 108.220.213.121 and/or
nmap -A -T4 -sU -p53 108.220.213.121
from here....a system *external* to you.
I've bold-ed another important part of *my* configuration that *doesn't *apply to yours, below.
Also, FWIW, I just installed bind on a F33 test VM and changed named.conf to contain
options {
listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { 2001:b030:112f:2::53; ::1; };
*The VM is accessible via IPv6 but not IPv4.* And then running nmap from an external system.
PORT STATE SERVICE VERSION
53/tcp open domain (generic dns response: NOTIMP)
| fingerprint-strings:
| DNSVersionBindReqTCP:
| version
|_ bind
--
Remind me to ignore comments which aren't germane to the thread.
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
