Bind: Connection Timed Out

Issues related to configuring your network
Post Reply
ilikefishdou
Posts: 4
Joined: 2018/01/31 01:10:47

Bind: Connection Timed Out

Post by ilikefishdou » 2018/01/31 01:32:20

I'm pulling my hair out wondering why this isn't working! I've built a caching/forwarding only server using bind on centos 7. Whenever I try to run a query against it from a client (a mac) I get connection timed out, no servers could be reached. I am able to resolve everything from the server itself, and I have that server pointed to itself in its DNS settings.

It's on a Minimal install of CentOS 7, so there's no IPTables running on it to block it.

I've confirmed that the IP address is open on 53 with Netstat:

Code: Select all

[root@ns1 ~]# netstat -lnp | grep named
tcp        0      0 192.168.254.250:53      0.0.0.0:*               LISTEN      1741/named          
tcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN      1741/named          
tcp6       0      0 ::1:953                 :::*                    LISTEN      1741/named          
udp        0      0 192.168.254.250:53      0.0.0.0:*                           1741/named 
I've gone through and paired down the named.conf to just about nothing:

Code: Select all

[root@ns1 ~]# cat /etc/named.conf

options {
	listen-on port 53 { 192.168.254.250; };
	directory 	"/var/named";
	dump-file 	"/var/named/data/cache_dump.db";
	statistics-file "/var/named/data/named_stats.txt";
	memstatistics-file "/var/named/data/named_mem_stats.txt";
	forwarders { 8.8.8.8; };
	forward only;

        dnssec-enable yes;
        dnssec-validation yes;

	/* Path to ISC DLV key */
	bindkeys-file "/etc/named.iscdlv.key";

	managed-keys-directory "/var/named/dynamic";

	pid-file "/run/named/named.pid";
	session-keyfile "/run/named/session.key";
};

logging {
	category lame-servers
	{
		null;
	};

	channel named_file
	{
		file "/var/log/bind/named.log" versions 99 size 10m;
		print-time yes;			        
		print-category yes;
		print-severity yes;
	};

	channel log_requests
	{
		file "/var/log/bind/queries.log" versions 99 size 30m;
		print-time yes;
		print-category yes;
		print-severity yes;
	};

	category queries
	{
		log_requests;
	};

	category default
	{
		named_file;
	};

};

zone "." IN {
	type hint;
	file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
include "/etc/named.conf.local";
I've created the conf.local and db files for the zones, even though I don't need any zones since I only want this to be a forwarding/caching server

Code: Select all

[root@ns1 ~]# cat /etc/named.conf.local 
zone "name-gst.com" {
	type master;
	file "/var/named/db.name-gst.com";
};

zone "168.192.in-addr.arpa" {
	type master;
	file "/var/named/db.168.192";
};

Code: Select all

[root@ns1 ~]# cat /var/named/db.name-gst.com 
$TTL	604800
@	IN	SOA	ns1.name-gst.com. root.name-gst.com. (
		3		; Serial
		604800		; Refresh
		86400		; Retry
		2419200		; Expire
		604800 ) 	; Negative Cache TTL

; name servers - NS records
@	IN	NS	ns1

; name server - A records

ns1	IN	A	192.168.254.250


; generic A records

gateway	IN	A	192.168.0.1

Code: Select all

[root@ns1 ~]# cat /var/named/db.168.192 
$TTL	604800
@	IN	SOA	ns1.name-gst.com. root.name-gst.com. (
		3		; Serial
		604800		; Refresh
		86400		; Retry
		2419200		; Expire
		604800	)	; Negative Cache TTL

; name servers - NS records
@	IN	NS	ns1.

; PTR records
250.254	IN	PTR	ns1.		; 192.168.254.250
I have confirmed with tcpdump that the client is getting to the host:

Code: Select all

[root@ns1 ~]# tcpdump -vvv -s 0 -l -n port 53 -i ens160 | grep www.msn.com
tcpdump: listening on ens160, link-type EN10MB (Ethernet), capture size 262144 bytes
    192.168.130.220.55463 > 192.168.254.250.domain: [udp sum ok] 10956+ A? www.msn.com. (29)
    192.168.130.220.55463 > 192.168.254.250.domain: [udp sum ok] 10956+ A? www.msn.com. (29)
    192.168.130.220.55463 > 192.168.254.250.domain: [udp sum ok] 10956+ A? www.msn.com. (29)
I just don't know what else to do to get this thing to answer clients.

I originally had:
allow-query { any; };
allow-recursion { any; };

but it didn't seem to make a difference.

Thanks!

User avatar
TrevorH
Forum Moderator
Posts: 23644
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Bind: Connection Timed Out

Post by TrevorH » 2018/01/31 01:39:08

Opened tcp and udp ports 53 on the firewall? If using firewalld then use firewall-cmd --add-service=DNS or use iptables to add rules if not using firewalld.
CentOS 5 died in March 2017 - migrate NOW!
Full time Geek, part time moderator. Use the FAQ Luke

Devourer
Posts: 12
Joined: 2018/01/29 10:15:59

Re: Bind: Connection Timed Out

Post by Devourer » 2018/01/31 08:26:34

What bind logs looks like ?
Netstat isn't providing full view. Do telnet xx.bb.ccc.zzz 53 from client to server, you can use nc for that too, also try same from server ---> to outside world.
Worth to run tcpdump on server with host ip.addr.xx.xx flag and see if it is receiving query from client.

ilikefishdou
Posts: 4
Joined: 2018/01/31 01:10:47

Re: Bind: Connection Timed Out

Post by ilikefishdou » 2018/01/31 17:32:01

Son of a b! I didn't even think about firewalld running. I was looking for iptables, and since it was a minimal install of centos I figured it didn't have anything installed.

I stopped firewalld and low and behold, a result!

Thanks for the suggestions everyone!

Post Reply