A few questions: Is your DNS server run on your firewall or on another server?
Do you have reverse (in.addr.arpa) for all your interfaces? Each of your machines IP addresses that the DNS server is running on (and NAT'd to) needs to be locally known to your DNS server Do you let through both TCP and UDP? ----- Original Message ----- From: <[EMAIL PROTECTED]> To: "Netfilter" <[EMAIL PROTECTED]> Sent: Sunday, May 05, 2002 6:54 PM Subject: Re: DNS Problem > On Fri, May 03, 2002 at 11:00:29AM -0700, Dan Crooks wrote: > > I recently started running my own DNS server since my ISP was charging me > > for my domain names to be listed on their DNS server. Since installing my > > DNS I have been unable to execute the command > > # iptables -L. > > Note that this could be completely unrelated to you running your own DNS > server, a little more information is required. > > Is your DNS server on the host you're running iptables -L on? > > Does > > # iptables -L -n > > work? > > Which hosts does the firewall query for DNS information? What does > /etc/resolv.conf say? > > > I added the following to the allow-service-all section of my firewall: > > $IPT -A INPUT -p 6 -s 0/0 -d 0/0 --dport 53 -j ACCEPT > > and that didn't help anything. > > I presume this is to allow hosts to talk to the DNS server on your firewall, > considering vulnerabilities in BIND ( which I'd expect you're using ) this > is probably a bad idea. > > <snip> > > Have you tried adding a rule at the end of the relevant chain to log all > dropped or rejected packets? Use that to show which packets aren't being > passed. > > -- > FunkyJesus System Administration Team > > >
