I compared the iptables.conf file between the ZEN and the ISO/Cluster install, and they are exactly the same. They both allow DNS inbound via these entries:
:input-internal-vlan-if - [0:0] # DNS -A input-internal-vlan-if --protocol tcp --match tcp --dport 53 --jump ACCEPT -A input-internal-vlan-if --protocol udp --match udp --dport 53 --jump ACCEPT I discovered that DNS only fails in a cluster in certain scenarios. I tested it by performing a lookup from a client in the registration network while specifying the DNS server IP to use (e.g. nslookup pf1.emu.edu 10.9.0.2) iptables running on pf1 only Pf1: succeeds Pf2: succeeds Pf3: failed Pfcluster: succeeded iptables running on pf2 only Pf1: failed Pf2: succeeded Pf3: failed Pfcluster: failed iptables running on pf3 only Pf1: succeeded Pf2: failed Pf3: failed Pfcluster: succeeded I'm baffled. Has anyone else experienced this? Should I report this as an issue on GitHub? (Version 13.1, fresh install from PacketFence ISO) _______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users