|
Hello all…. I have a RH 7.1 DNS server.
The server is working fine and resolving names without any problems from
external requests. I am also using IP
chains to shut all ports except 22 and 53.
My problem is that when I try to do a nslookup from that box, it gives me the following error: $ nslookup
yahoo.com Note: nslookup is deprecated and may be removed from future
releases. Consider using the `dig' or `host' programs instead. Run nslookup with the `-sil[ent]' option to prevent this
message from appearing. ;; connection timed
out; no servers could be reached My Ipchains are as follows: Chain input (policy DENY): target prot opt source destination ports ACCEPT tcp ------
anywhere dns any
-> ssh ACCEPT udp ------
anywhere dns any
-> domain ACCEPT tcp ------
anywhere dns any -> domain Chain forward (policy DENY): Chain output (policy DENY): target prot opt source destination ports ACCEPT tcp ------
dns anywhere ssh
-> any ACCEPT udp ------
dns
anywhere domain
-> any ACCEPT tcp ------
dns anywhere domain -> any but it is able
to respond to external requests (meaning when I set my machine to use this DNS
server, it does name resolutions without any problems). I know it is something to do with IP chains coz when I flush
all my rules and set the default to accept all then the nslookup
runs fine. Do I need to open another port to be able to do internal
queries within the box? I’m
confused……. |
