[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] Can't connect to port 53

Subject: [ale] Can't connect to port 53
From: mhw at WittsEnd.com (Michael H. Warfield)
Date: Fri, 18 Jan 2013 11:48:17 -0500
In-reply-to: <[email protected]>
References: <[email protected]> <CAONW3jBPK-hhEp0fz9N7Puk9MmPjTB-p6yUaXb-H-OWbw5cTCw@mail.gmail.com> <[email protected]> <[email protected]> <[email protected]>

On Fri, 2013-01-18 at 09:38 -0500, Jim Lynch wrote:
> Hi, Mike,

> Thanks.  I hate to admit it here 'cause I know general consensus here 
> about webmin and gui's in general, but I was trying to generate a zone 
> using webmin/dns.  It obviously didn't do what I thought it should.  As 
> I said before I gotta do a bit more digging so I understand this stuff a 
> bit better.  You're example helps a lot.  Thanks for that.

Ok...  That tells me a couple of important things.

If you are generating a zone file, you must be setting up an
authoritative name server.

Even if you set up a proper zone file and have that configured
correctly, you still must configure the name server itself to listen on
the network.  That's not in the zone file at all.  That's part of the
global named.conf configuration.

Since you are able to telnet to localhost on port 53 you're obviously on
the machine hosting the nameserver so you should be able to
edit /etc/named.conf and inspect its content.

I should also point out as well that telnet to port 53 is TCP where as
most DNS is going to operate over UDP with TCP as a fallback for larger
transfers like zone transfers.  The name server will listen on both TCP
and UDP sockets for the same addresses but also be sure your firewall
rules are consistent for TCP and UDP.

AFA nslookup goes...  Another poster was correct in that nslookup
deprecated and discouraged by the original authors (ISC - Internet
Systems Consortium).

The reason for this is that nslookup uses its own peculiar internal
resolver and operates differently from "host" and "dig" as well as
normal name resolution lookups.  It may present results which are
inconsistent with the behavior of those two supported tools and other
applications doing name lookups.  It may work perfectly fine in most
simple cases but it has been stated that its behavior can be
"inconsistent" (due to its use of that internal resolver).  It hasn't
been updated in ages and may not support some of the newer DNS features,
either.

Follow-Ups:
- [ale] Can't connect to port 53
  - From: ale_nospam at fayettedigital.com (Jim Lynch)

References:
- [ale] Can't connect to port 53
  - From: ale_nospam at fayettedigital.com (Jim Lynch)
- [ale] Can't connect to port 53
  - From: matt.hessel at gmail.com (Matt Hessel)
- [ale] Can't connect to port 53
  - From: ale_nospam at fayettedigital.com (Jim Lynch)
- [ale] Can't connect to port 53
  - From: mhw at WittsEnd.com (Michael H. Warfield)
- [ale] Can't connect to port 53
  - From: ale_nospam at fayettedigital.com (Jim Lynch)

Prev by Date: [ale] Perl coding style
Next by Date: [ale] Perl coding style
Previous by thread: [ale] Can't connect to port 53
Next by thread: [ale] Can't connect to port 53
Index(es):
- Date
- Thread