Paul Heinlein wrote:
On Thu, 23 Aug 2007, Feizhou wrote:
You only need the tcp rule if you plan on serving up zone
transfers, not if plan on only requesting them.
Well, very rare but answers that are over 512 bytes will have to be
sent over tcp since the rfc 1035 mandates maximum 512 by
You only need the tcp rule if you plan on serving up zone transfers,
not if plan on only requesting them.
Well, very rare but answers that are over 512 bytes will have
to be sent
over tcp since the rfc 1035 mandates maximum 512 bytes for the udp
payload. So tcp is not just for zone transfers
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Feizhou
> Sent: Thursday, August 23, 2007 11:02 AM
> To: CentOS mailing list
> Subject: Re: [CentOS] BIND issues, server not responding
>
>
> > You only need the tcp
On Thu, 23 Aug 2007, Feizhou wrote:
You only need the tcp rule if you plan on serving up zone
transfers, not if plan on only requesting them.
Well, very rare but answers that are over 512 bytes will have to be
sent over tcp since the rfc 1035 mandates maximum 512 bytes for the
udp paylo
Chain RH-Firewall-1-INPUT (2 references)
ugh. I absolutely detest the tool behind this.
This is what I do.
Trusted interfaces like lo and networks go first and then packets
belonging to established connections are shorted which leaves connection
requests to be branched out into tcp, udp an
You only need the tcp rule if you plan on serving up zone transfers,
not if plan on only requesting them.
Well, very rare but answers that are over 512 bytes will have to be sent
over tcp since the rfc 1035 mandates maximum 512 bytes for the udp
payload. So tcp is not just for zone transfer
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Ray Leventhal
> Sent: Thursday, August 23, 2007 10:23 AM
> To: CentOS mailing list
> Subject: Re: [CentOS] BIND issues, server not responding
>
>
> Michel van Deventer wrot
Michel van Deventer wrote:
> >From what I see you have iptables 'in the way'.
> Try to add the following rule to iptables and then try again :)
> iptables -I RH-Firewall-1-INPUT -j ACCEPT -p udp --dport 53
>
> If you like to have zone transfers or large queries done as well then you also
> need
>From what I see you have iptables 'in the way'.
Try to add the following rule to iptables and then try again :)
iptables -I RH-Firewall-1-INPUT -j ACCEPT -p udp --dport 53
If you like to have zone transfers or large queries done as well then you also
need to open a port for tcp/53
iptables -I R
>
> not certain if you intend it to be, but your 64.135.16.15 machine is
> not reachable from "outside". an attempt to telnet to port 53 (or 25)
> gets me "no route to host" and a traceroute ends with:
>
> 8 ge2-0.cr1.bct.fl.host.net (64.135.1.9) 34.779ms 35.102ms 35.413ms
> 9 ge6-1.er8.bct.fl
Feizhou wrote:
> Hello Ray,
>
>> Appears to be listening how I expected it to be, unless I'm not reading
>> this right.
>
> Running 'dig www.swhi.net @64.135.16.15'
>
> ; <<>> DiG 9.2.4 <<>> www.swhi.net @64.135.16.15
> ; (1 server found)
> ;; global options: printcmd
> ;; connection timed out; no
Hello Ray,
Appears to be listening how I expected it to be, unless I'm not reading
this right.
Running 'dig www.swhi.net @64.135.16.15'
; <<>> DiG 9.2.4 <<>> www.swhi.net @64.135.16.15
; (1 server found)
;; global options: printcmd
;; connection timed out; no servers could be reached
Robert
>>
> Do a netstat -na|grep 53
>
> Lets be really sure.
>
>
Hi Robert,
Thanks for the reply.
as requested:
[EMAIL PROTECTED] ray]# netstat -na|grep 53
tcp0 0 64.135.16.15:53
0.0.0.0:* LISTEN
tcp0 0 127.0.0.1:53
0.0.0.0:*
Ray Leventhal wrote:
Hi all,
My CentOS 5 nameserver is seemingly unable to be queried by anything but
itself (localhost, 127.0.0.1). From any other machine, including the
primary which *does* transfer zone files correctly to this machine
(which is secondary), requests time out.
I've put SELinu
Ray Leventhal wrote:
> [EMAIL PROTECTED] wrote:
>
>> first, if you turn query logging on you'll likely get some more hints.
>>
>>
> Rick, I did miss that comment before I posted. I'll do that and
> query...will report the log here this evening.
>
> Kind regards,
> ~Ray
> ___
[EMAIL PROTECTED] wrote:
> first, if you turn query logging on you'll likely get some more hints.
>
Rick, I did miss that comment before I posted. I'll do that and
query...will report the log here this evening.
Kind regards,
~Ray
___
CentOS mailing l
[EMAIL PROTECTED] wrote:
> first, if you turn query logging on you'll likely get some more hints.
>
> do you have a:
>
>allow-query {
> localhost;
> ;
> };
>
> directive in the top options section? i think the server defaults to
> "all" if you don't have one, but i
Ray Leventhal wrote:
Hi all,
My CentOS 5 nameserver is seemingly unable to be queried by anything but
itself (localhost, 127.0.0.1). From any other machine, including the
primary which *does* transfer zone files correctly to this machine
(which is secondary), requests time out.
I've put SELinu
18 matches
Mail list logo