It's on a Minimal install of CentOS 7, so there's no IPTables running on it to block it.
I've confirmed that the IP address is open on 53 with Netstat:
Code: Select all
[root@ns1 ~]# netstat -lnp | grep named
tcp 0 0 192.168.254.250:53 0.0.0.0:* LISTEN 1741/named
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 1741/named
tcp6 0 0 ::1:953 :::* LISTEN 1741/named
udp 0 0 192.168.254.250:53 0.0.0.0:* 1741/named
Code: Select all
[root@ns1 ~]# cat /etc/named.conf
options {
listen-on port 53 { 192.168.254.250; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
forwarders { 8.8.8.8; };
forward only;
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
category lame-servers
{
null;
};
channel named_file
{
file "/var/log/bind/named.log" versions 99 size 10m;
print-time yes;
print-category yes;
print-severity yes;
};
channel log_requests
{
file "/var/log/bind/queries.log" versions 99 size 30m;
print-time yes;
print-category yes;
print-severity yes;
};
category queries
{
log_requests;
};
category default
{
named_file;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
include "/etc/named.conf.local";
Code: Select all
[root@ns1 ~]# cat /etc/named.conf.local
zone "name-gst.com" {
type master;
file "/var/named/db.name-gst.com";
};
zone "168.192.in-addr.arpa" {
type master;
file "/var/named/db.168.192";
};
Code: Select all
[root@ns1 ~]# cat /var/named/db.name-gst.com
$TTL 604800
@ IN SOA ns1.name-gst.com. root.name-gst.com. (
3 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
; name servers - NS records
@ IN NS ns1
; name server - A records
ns1 IN A 192.168.254.250
; generic A records
gateway IN A 192.168.0.1
Code: Select all
[root@ns1 ~]# cat /var/named/db.168.192
$TTL 604800
@ IN SOA ns1.name-gst.com. root.name-gst.com. (
3 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
; name servers - NS records
@ IN NS ns1.
; PTR records
250.254 IN PTR ns1. ; 192.168.254.250
Code: Select all
[root@ns1 ~]# tcpdump -vvv -s 0 -l -n port 53 -i ens160 | grep www.msn.com
tcpdump: listening on ens160, link-type EN10MB (Ethernet), capture size 262144 bytes
192.168.130.220.55463 > 192.168.254.250.domain: [udp sum ok] 10956+ A? www.msn.com. (29)
192.168.130.220.55463 > 192.168.254.250.domain: [udp sum ok] 10956+ A? www.msn.com. (29)
192.168.130.220.55463 > 192.168.254.250.domain: [udp sum ok] 10956+ A? www.msn.com. (29)
I originally had:
allow-query { any; };
allow-recursion { any; };
but it didn't seem to make a difference.
Thanks!