On Sun, 2012-09-02 at 15:49 -0400, Warren Kumari wrote: > On Sep 2, 2012, at 2:29 PM, Mohsen Pahlevanzadeh wrote: > > > On Sun, 2012-09-02 at 13:59 -0400, Barry Margolin wrote: > >> In article <mailman.161.1346605971.11945.bind-us...@lists.isc.org>, > >> Mohsen Pahlevanzadeh <moh...@pahlevanzadeh.org> wrote: > >> > >>> According to result, my bind work truly, But when i the same command on > >>> my machine , i get the following result: > >>> ///////////////////////////////////// > >>> root@debian:/home/mohsen# dig yahoo.com @184.22.226.206 > >>> > >>> ; <<>> DiG 9.8.1-P1 <<>> yahoo.com @184.22.226.206 > >>> ;; global options: +cmd > >>> ;; connection timed out; no servers could be reached > >>> > >>> //////////////////////////////// > >>> > >>> What do i set to solve it? > >> > >> My guess is you need to open TCP and UDP port 53 on a firewall somewhere. > >> > > I think my config has problem because my server is open port and when i > > use iptables -L , i see all of port are open, then i run : > > root@shared:/etc/bind# nmap localhost > > > > Starting Nmap 5.00 ( http://nmap.org ) at 2012-09-02 18:24 UTC > > Warning: Hostname localhost resolves to 2 IPs. Using 127.0.0.1. > > Interesting ports on localhost (127.0.0.1): > You are nmap'ing the loopback interface. Try nmap <your external IP> -- > probably will be the same, bit… > Also, nmap shows you open *TCP* ports, not UDP. > Better than this would be to run netstat (like netstat -aln | grep 53 ) and > see if it is listening on UDP 53. > > > > Not shown: 993 closed ports > > PORT STATE SERVICE > > 22/tcp open ssh > > 25/tcp open smtp > > 53/tcp open domain > > 80/tcp open http > > 111/tcp open rpcbind > > 3128/tcp open squid-http > > 3306/tcp open mysql > > > > Above result equal with : > > root@debian:/home/mohsen# nmap 184.22.226.205 > > > > Starting Nmap 6.00 ( http://nmap.org ) at 2012-09-02 22:52 IRDT > > Nmap scan report for 184-22-226-205.static.hostnoc.net (184.22.226.205) > > Host is up (0.37s latency). > > Not shown: 994 closed ports > > PORT STATE SERVICE > > 22/tcp open ssh > > 25/tcp open smtp > > 53/tcp open domain > > 80/tcp open http > > 111/tcp open rpcbind > > 3128/tcp open squid-http > > > > second nmap is from my machine , not server. > > Then i run telnet from my machine and then i get : > > root@debian:/home/mohsen# telnet 184.22.226.205:53 > > telnet: could not resolve 184.22.226.205:53/telnet: Name or service not Sorry for a BIG AND COMIC MISTAKE....
> > known > > So, Firewall isn't drop my packets. > > Actually that doesn't really show anything about your firewall -- telnet > does't understand the <IP>:<port> syntax, so it tried to resolve the name > "184.22.226.205:53", it doesn't try connect to port 53 on 184.22.226.205. If > you want to try telnet to port 53 on 184.22.226.205, you need "telnet > 184.22.226.205 53" (a space, not a colon). > > W > > > > > --mohsen > > _______________________________________________ > > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > > unsubscribe from this list > > > > bind-users mailing list > > bind-users@lists.isc.org > > https://lists.isc.org/mailman/listinfo/bind-users > > -- > Do not meddle in the affairs of dragons, for you are crunchy and taste good > with ketchup. > > > I added allow-query{any;}; and relaod server via rndc, Now everything is OK....Thank you guys.... --mohsen
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users