On Fri, May 03, 2002 at 11:00:29AM -0700, Dan Crooks wrote: > I recently started running my own DNS server since my ISP was charging me > for my domain names to be listed on their DNS server. Since installing my > DNS I have been unable to execute the command > # iptables -L.
Note that this could be completely unrelated to you running your own DNS server, a little more information is required. Is your DNS server on the host you're running iptables -L on? Does # iptables -L -n work? Which hosts does the firewall query for DNS information? What does /etc/resolv.conf say? > I added the following to the allow-service-all section of my firewall: > $IPT -A INPUT -p 6 -s 0/0 -d 0/0 --dport 53 -j ACCEPT > and that didn't help anything. I presume this is to allow hosts to talk to the DNS server on your firewall, considering vulnerabilities in BIND ( which I'd expect you're using ) this is probably a bad idea. <snip> Have you tried adding a rule at the end of the relevant chain to log all dropped or rejected packets? Use that to show which packets aren't being passed. -- FunkyJesus System Administration Team
