Firewall still blocking port 53 despite listing otherwise?

domain-name-system firewall iptables

I notice that zero packets have actually reached your iptables ACCEPT rules for DNS. I think it is likely that your iptables rules are specifying an inconsistent combination of conditions that never match incoming DNS queries.

In your case, your DNS ACCEPT rules specify that the incoming interface must be eth1, and the destination IP address must resolve to ns.node1.com. You should check whether incoming DNS queries to ns.node1.com can ever arrive over the eth1 network interface.

Another possibility is that you have another packet filter somewhere between your test client and your server that is blocking DNS packets.


Likely to tcp port is blocked by another firewall. Use tcpdump/Wireshark to debug problem.

From me:

nmap -sV -p 53 x.x.x.x

Starting Nmap 5.00 ( http://nmap.org ) at 2011-02-25 02:32 YEKT
Interesting ports on x.x.x.x:
PORT   STATE SERVICE VERSION
53/tcp open  domain  ISC BIND Not available

Related

New network design from a noob. VLANS, IP's, hardware, etc. Any comments please
Moving ESXi installation to USB key
Migrating puppet clients to new puppetmaster
Python/Django/WSGI/Apache - "ImportError: No module named site"
Windows Security (In windows 7) keeps asking for my credentials, and won't "Remember my credentials"
BIND9 forwarders not working. Internal DNS resolves but doesn't forward requests it can't process
Cannot connect to SSTP VPN - Unable to check revocation because revocation server was offline
Tomcat: possible to exclude jars during app deployment?
Linux disable disk cache for a single command
How do I determine what application is leaking nonpaged memory?
Is there a programmatic interface to nginx configuration?
How are UDP source ports selected?