Tinu Patel wrote: > Hello all.... > > I have a RH 7.1 DNS server.The server is working fine and resolving > names without any problems from external requests. I am also using IP > chains to shut all ports except 22 and 53.My problem is that when I > try to do anslookup from that box, it gives me the following error: > > $ nslookup yahoo.com > > Note:nslookup is deprecated and may be removed from future releases. > > Consider using the `dig' or `host' programs instead.Run nslookup with > > the `-sil[ent]' option to prevent this message from appearing. > > ;; connection timed out; no servers could be reached > > My Ipchains are as follows: > > Chain input (policy DENY): > > targetprot optsourcedestinationports > > ACCEPTtcp------anywherednsany ->ssh > > ACCEPTudp------anywherednsany ->domain > > ACCEPTtcp------anywherednsany ->domain > > Chain forward (policy DENY): > > Chain output (policy DENY): > > targetprot optsourcedestinationports > > ACCEPTtcp------dnsanywheressh ->any > > ACCEPTudp------dnsanywheredomain ->any > > ACCEPTtcp------dnsanywheredomain ->any > > but it is able to respond to external requests (meaning when I set my > machine to use this DNS server, it does name resolutions without any > problems). > > I know it is something to do with IP chains coz when I flush all my > rules and set the default to accept all then the nslookup runs fine. > > Do I need to open another port to be able to do internal queries > within the box?I'm confused....... >
ipchains -A input -i lo -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT _______________________________________________ Seawolf-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/seawolf-list
