Recently set up PowerDNS Authoritative Server (v 4.4.X) on 3 Ubuntu 20.04 LTS name servers using MySQL 8 replication as a backend. My master name server (ns1.opensourceserver.io) and one of the slaves ( ns3.opensourceserver.io) are performing well, but the other slave ( ns2.opensourceserver.io) cannot even be found.
I am wondering if it might be because of this unexpected result: # netstat -alnp4 | grep pdns tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN 53992/pdns_server tcp 0 0 127.0.0.1:59010 127.0.0.1:3306 ESTABLISHED 53992/pdns_server tcp 0 0 127.0.0.1:59008 127.0.0.1:3306 ESTABLISHED 53992/pdns_server tcp 0 0 127.0.0.1:59012 127.0.0.1:3306 ESTABLISHED 53992/pdns_server tcp 0 0 127.0.0.1:59014 127.0.0.1:3306 ESTABLISHED 53992/pdns_server udp 0 0 0.0.0.0:53 0.0.0.0:* 53992/pdns_server where I was more expecting it just to be: # netstat -alnp4 | grep pdns tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN 53992/pdns_server udp 0 0 0.0.0.0:53 0.0.0.0:* 53992/pdns_server Those extra 4 port 3306 (MySQL) lines do not go away if I stop and start PDNS: # systemctl stop pdns.service # systemctl start pdns.service # systemctl status pdns.service ● pdns.service - PowerDNS Authoritative Server Loaded: loaded (/lib/systemd/system/pdns.service; enabled; vendor preset: enabled) Active: active (running) since Thu 2021-05-13 18:26:06 CDT; 2h 2min ago Docs: man:pdns_server(1) man:pdns_control(1) https://doc.powerdns.com Main PID: 53992 (pdns_server) Tasks: 8 (limit: 18956) Memory: 43.0M CGroup: /system.slice/pdns.service └─53992 /usr/sbin/pdns_server --guardian=no --daemon=no --disable-syslog --log-timestamp=no --write-pid=no May 13 18:26:05 ns2.opensourceserver.io pdns_server[53992]: PowerDNS Authoritative Server 4.4.1 (C) 2001-2020 PowerDNS.COM BV May 13 18:26:05 ns2.opensourceserver.io pdns_server[53992]: Using 64-bits mode. Built using gcc 9.3.0 on Feb 7 2021 00:37:15 by root@97b66fbfd27e. May 13 18:26:05 ns2.opensourceserver.io pdns_server[53992]: PowerDNS comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it according to the terms > May 13 18:26:06 ns2.opensourceserver.io pdns_server[53992]: Polled security status of version 4.4.1 at startup, no known issues reported: OK May 13 18:26:06 ns2.opensourceserver.io pdns_server[53992]: Creating backend connection for TCP May 13 18:26:06 ns2.opensourceserver.io pdns_server[53992]: [bindbackend] Parsing 0 domain(s), will report when done May 13 18:26:06 ns2.opensourceserver.io pdns_server[53992]: [bindbackend] Done parsing domains, 0 rejected, 0 new, 0 removed May 13 18:26:06 ns2.opensourceserver.io systemd[1]: Started PowerDNS Authoritative Server. May 13 18:26:06 ns2.opensourceserver.io pdns_server[53992]: About to create 3 backend threads for UDP May 13 18:26:06 ns2.opensourceserver.io pdns_server[53992]: Done launching threads, ready to distribute questions So when I check into this dns server from the public Internet, no servers can be reached: dig opensourceserver.io @ns2.opensourceserver.io ; <<>> DiG 9.10.6 <<>> opensourceserver.io @ns2.opensourceserver.io ;; global options: +cmd ;; connection timed out; no servers could be reached Yet when I do a port scan, port 53 is open: # sudo nmap -sTU -O ns2.opensourceserver.io Starting Nmap 7.80 ( https://nmap.org ) at 2021-05-13 20:37 CDT Nmap scan report for ns2.opensourceserver.io (207.177.51.156) Host is up (0.0069s latency). Not shown: 1989 closed ports PORT STATE SERVICE 22/tcp filtered ssh 53/tcp open domain 80/tcp open http 443/tcp open https 2000/tcp open cisco-sccp 3306/tcp open mysql 5900/tcp open vnc 8291/tcp open unknown 53/udp open domain 67/udp open|filtered dhcps 161/udp filtered snmp Aggressive OS guesses: Linux 4.4 (91%), Linux 3.10 - 4.11 (90%), Linux 3.2 - 4.9 (89%), Android 4.1.1 (89%), Android 4.2.2 (Linux 3.4) (89%), HP P2000 G3 NAS device (88%), Linux 2.6.32 - 3.13 (88%), Linux 3.16 - 4.6 (87%), Linux 3.18 (OpenWrt) (87%), Linux 2.6.31 - 2.6.35 (87%) No exact OS matches for host (test conditions non-ideal). Network Distance: 11 hops OS detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 13.36 seconds And PDNS responds to dig queries on localhost: # dig opensourceserver.io @localhost ; <<>> DiG 9.16.1-Ubuntu <<>> opensourceserver.io @localhost ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50845 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ;; QUESTION SECTION: ;opensourceserver.io. IN A ;; ANSWER SECTION: opensourceserver.io. 120 IN A 76.76.238.10 ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Thu May 13 20:52:17 CDT 2021 ;; MSG SIZE rcvd: 64 The router connecting ns2.opensourceserver.io's 207.177.51.156 public IP address to the PDNS server's 192.168.1.2 private IP address is RouterOS 6.42.12, NAT/port forwarded: /ip firewall nat add action=masquerade chain=srcnat src-address=192.168.1.0/24 .... add action=dst-nat chain=dstnat comment=DNS dst-port=53 in-interface=ether1 protocol=tcp to-addresses=192.168.1.2 to-ports=53 add action=dst-nat chain=dstnat comment=DNS dst-port=53 in-interface=ether1 protocol=udp to-addresses=192.168.1.2 to-ports=53 ... add action=masquerade chain=srcnat out-interface=ether1 Any help would be appreciated. Steve Garner +1 302 364 0325 stevenjgar...@gmail.com
_______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users