On 01/17/2013 04:05 PM, Michael Lambert wrote:
On 17 Jan 2013, at 06:44, lilit-aibolit wrote:
On 01/17/2013 11:27 AM, Vadim Zhukov wrote:
At first, find where the flow gets stopped: enable debug logging on resolver and add
"match log (matches) to port 53" rule as first one in your firewall. Then
probably you'll see the problem yourself.
match log on $ext_if inet proto udp to port 53
Don't you want:
match log on $ext_if inet proto {tcp, udp} to port 53
Michael
.
done. but this didn't help me.
I also see incoming request from Internet and request from my server to
provider's DNS forwarders.
I'm sure that named running on all my interfaces:
# netstat -na | grep .53
tcp 0 0 ext.ip.53 *.* LISTEN
tcp 0 0 127.0.0.1.953 *.* LISTEN
tcp 0 0 192.168.55.254.53 *.* LISTEN
tcp 0 0 192.168.5.254.53 *.* LISTEN
tcp 0 0 127.0.0.1.53 *.* LISTEN
udp 0 0 ext.ip.53 *.*
udp 0 0 192.168.55.254.53 *.*
udp 0 0 192.168.5.254.53 *.*
udp 0 0 127.0.0.1.53 *.*
# fstat | grep internet | grep named
named named 21647 20* internet stream tcp 0xd89db198 127.0.0.1:53
named named 21647 21* internet stream tcp 0xd89db000
192.168.5.254:53
named named 21647 22* internet stream tcp 0xd89db330
192.168.55.254:53
named named 21647 23* internet stream tcp 0xd89db4c8 127.0.0.1:953
named named 21647 25* internet stream tcp 0xd88a17fc ext.ip:53
named named 21647 512* internet dgram udp 127.0.0.1:53
named named 21647 513* internet dgram udp 192.168.5.254:53
named named 21647 514* internet dgram udp 192.168.55.254:53
named named 21647 515* internet dgram udp *:13169
named named 21647 516* internet dgram udp ext.ip:53
