Firewall still blocking port 53 despite listing otherwise?
I notice that zero packets have actually reached your iptables
ACCEPT rules for DNS. I think it is likely that your iptables
rules are specifying an inconsistent combination of conditions that never match incoming DNS queries.
In your case, your DNS ACCEPT rules specify that the incoming interface must be eth1
, and the destination IP address must resolve to ns.node1.com
. You should check whether incoming DNS queries to ns.node1.com
can ever arrive over the eth1
network interface.
Another possibility is that you have another packet filter somewhere between your test client and your server that is blocking DNS packets.
Likely to tcp port is blocked by another firewall. Use tcpdump/Wireshark to debug problem.
From me:
nmap -sV -p 53 x.x.x.x
Starting Nmap 5.00 ( http://nmap.org ) at 2011-02-25 02:32 YEKT
Interesting ports on x.x.x.x:
PORT STATE SERVICE VERSION
53/tcp open domain ISC BIND Not available