nslookup fails on DNS server

nslookup fails on DNS server

Post by Tin » Sun, 02 Dec 2001 02:14:21



Hello all….

I have a RH 7.1 DNS server.  The server is working fine and resolving
names without any problems from external requests.  I am also using IP
chains to shut all ports except 22 and 53.  My problem is that when I
try to do a nslookup from that box, it gives me the following error:

$ nslookup yahoo.com
;; connection timed out; no servers could be reached

My Ipchains are as follows:

Chain input (policy DENY):
target     prot opt     source     destination           ports
ACCEPT     tcp  ------  anywhere     dns            any ->   ssh
ACCEPT     udp  ------  anywhere     dns            any ->   domain
ACCEPT     tcp  ------  anywhere     dns            any ->   domain
Chain forward (policy DENY):
Chain output (policy DENY):
target     prot opt     source     destination           ports
ACCEPT     tcp  ------  dns        anywhere         ssh ->   any
ACCEPT     udp  ------  dns        anywhere         domain ->   any
ACCEPT     tcp  ------  dns        anywhere         domain ->   any

but it is able to respond to external requests (meaning when I set my
machine to use this DNS server, it does name resolutions without any
problems).

I know it is something to do with IP chains coz when I flush all my
rules and set the default to accept all then the nslookup runs fine.

Do I need to open another port to be able to do internal queries
within the box?  Confused…….

 
 
 

nslookup fails on DNS server

Post by Karl Heye » Sun, 02 Dec 2001 05:20:16



> but it is able to respond to external requests (meaning when I set my
> machine to use this DNS server, it does name resolutions without any
> problems).

> I know it is something to do with IP chains coz when I flush all my
> rules and set the default to accept all then the nslookup runs fine.

> Do I need to open another port to be able to do internal queries
> within the box?  Confused…….

The rules you have stated are fine for DNS requests coming but not
going out.

The input/output chain does not have the entries for looking up a DNS, It
needs any port to domain for output and domain to any port for input,
in other the exact flip of your existing rules to work.

karl.

 
 
 

1. Q: nslookup fails - no reverse resolution on ISP's DNS servers

#nslookup
*** Can't find server name for address 206.111.47.3: Non-existent
host/domain
***                                                        206.111.47.4:
*** Default servers are not available
#

How do I resolve this error when my ISP does not have the PTR records for
the DNS servers? - I'd rather not run in.named on this particular box.

Thanks
Rhyder Storm

2. xmclock ver 1.0

3. PLEASE HELP: PING, DNS AND NSLOOKUP - NSLOOKUP GOOD PING BAD

4. PPP Help

5. nslookup works, dns fails?

6. C++ pipes

7. DNS Problem: NSLOOKUP gives default server of all 0.0.0.0's

8. samba and printers

9. nslookup only works for DNS server

10. REPOST - DNS nslookup to NT server

11. __ nslookup working *only* on dns servers to Internet __

12. if DNS server was Windows based what DNS server software is avail?

13. NT dns server request to my LINUX dns server time out