[ale] Can't connect to port 53

Jim Lynch ale_nospam at fayettedigital.com
Fri Jan 18 14:33:43 EST 2013


On 01/18/2013 11:48 AM, Michael H. Warfield wrote:
> On Fri, 2013-01-18 at 09:38 -0500, Jim Lynch wrote:
>> Hi, Mike,
>> Thanks.  I hate to admit it here 'cause I know general consensus here
>> about webmin and gui's in general, but I was trying to generate a zone
>> using webmin/dns.  It obviously didn't do what I thought it should.  As
>> I said before I gotta do a bit more digging so I understand this stuff a
>> bit better.  You're example helps a lot.  Thanks for that.
> Ok...  That tells me a couple of important things.
>
> If you are generating a zone file, you must be setting up an
> authoritative name server.
I guess.  The free dns servers seem to be drying up and going to a paid 
model.  I find it hard to pay as much for dns services as I do the 
systems themselves, so I'm digging into running my own dns servers.  I 
actually have 3 different VPS systems to play with and figured I'd run 
dns servers on at least two of them to serve everyone.  I'm just 
starting my investigation.
>
> Even if you set up a proper zone file and have that configured
> correctly, you still must configure the name server itself to listen on
> the network.  That's not in the zone file at all.  That's part of the
> global named.conf configuration.
I am vaguely aware of that requirement.  One advantage I have is that 
two of the three servers have (I think) working dns servers configured 
properly (virtualmin generated).  I was trying, step by step, to 
duplicate using webmin.  I know I can just copy the config files over 
from another working system, make changes specific to that system and it 
should work, however for educational value I'm trying to see what webmin 
is doing.  I now know I didn't go far enough.
>
> Since you are able to telnet to localhost on port 53 you're obviously on
> the machine hosting the nameserver so you should be able to
> edit /etc/named.conf and inspect its content.
>
> I should also point out as well that telnet to port 53 is TCP where as
> most DNS is going to operate over UDP with TCP as a fallback for larger
> transfers like zone transfers.  The name server will listen on both TCP
> and UDP sockets for the same addresses but also be sure your firewall
> rules are consistent for TCP and UDP.
OK good info.  I turned off the firewall for testing.
>
> AFA nslookup goes...  Another poster was correct in that nslookup
> deprecated and discouraged by the original authors (ISC - Internet
> Systems Consortium).
>
> The reason for this is that nslookup uses its own peculiar internal
> resolver and operates differently from "host" and "dig" as well as
> normal name resolution lookups.  It may present results which are
> inconsistent with the behavior of those two supported tools and other
> applications doing name lookups.  It may work perfectly fine in most
> simple cases but it has been stated that its behavior can be
> "inconsistent" (due to its use of that internal resolver).  It hasn't
> been updated in ages and may not support some of the newer DNS features,
> either.
>
>  From ISC:
>
> http://www.isc.org/software/bind/documentation/arm95#id2547410
>
OK so it's time to come out of the '90s.  I do move slowly as I approach 
ancient age.  (No not capitalized so no whiskey here)

Thanks again,
Jim.



More information about the Ale mailing list