Name servers failing to respond

youds

Verified User
Joined
Jul 11, 2008
Messages
490
Location
Lancashire, UK
Hi guys,

Please see https://intodns.com/youds.com and https://dns.google.com/query?name=youds.com&type=ANY&dnssec=true

Here is the result of dig from the server itself:

Code:
[root@saturn ~]# dig youds.com

; <<>> DiG 9.9.4-RedHat-9.9.4-38.el7_3.3 <<>> youds.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45992
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;youds.com.			IN	A

;; ANSWER SECTION:
youds.com.		14400	IN	A	149.202.64.33

;; AUTHORITY SECTION:
youds.com.		14400	IN	NS	ns2.youds.com.
youds.com.		14400	IN	NS	ns1.youds.com.

;; ADDITIONAL SECTION:
ns1.youds.com.		14400	IN	A	149.202.64.33
ns2.youds.com.		14400	IN	A	164.132.221.0

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Jun 16 03:07:17 CEST 2017
;; MSG SIZE  rcvd: 122

Everything seems to be working fine.

However, please see output of following commands from a desktop client:

Code:
Unknown-c4-2c-03-06-f4-b9:~ craigfairhurst$ dig ns1.youds.com @149.202.64.33

; <<>> DiG 9.8.3-P1 <<>> ns1.youds.com @149.202.64.33
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36233
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;ns1.youds.com.			IN	A

;; ANSWER SECTION:
ns1.youds.com.		14400	IN	A	149.202.64.33

;; AUTHORITY SECTION:
youds.com.		14400	IN	NS	ns1.youds.com.
youds.com.		14400	IN	NS	ns2.youds.com.

;; ADDITIONAL SECTION:
ns2.youds.com.		14400	IN	A	164.132.221.0

;; Query time: 19 msec
;; SERVER: 149.202.64.33#53(149.202.64.33)
;; WHEN: Fri Jun 16 02:09:13 2017
;; MSG SIZE  rcvd: 95

Unknown-c4-2c-03-06-f4-b9:~ craigfairhurst$ dig ns2.youds.com @164.132.221.0

; <<>> DiG 9.8.3-P1 <<>> ns2.youds.com @164.132.221.0
;; global options: +cmd
;; connection timed out; no servers could be reached
Unknown-c4-2c-03-06-f4-b9:~ craigfairhurst$ 

Unknown-c4-2c-03-06-f4-b9:~ craigfairhurst$ nslookup youds.com
Server:		192.168.1.254
Address:	192.168.1.254#53

** server can't find youds.com: NXDOMAIN


Here are my config files:

/etc/named.conf
Code:
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html

options {
	//listen-on port 53 { all; };
	//listen-on-v6 port 53 { ::1; };
//listen-on { all; };
allow-recursion { 127.0.0.1; ::1; };
	directory 	"/var/named";
	dump-file 	"/var/named/data/cache_dump.db";
	statistics-file "/var/named/data/named_stats.txt";
	memstatistics-file "/var/named/data/named_mem_stats.txt";
	//allow-query     { localhost; };

	/* 
	 - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
	 - If you are building a RECURSIVE (caching) DNS server, you need to enable 
	   recursion. 
	 - If your recursive DNS server has a public IP address, you MUST enable access 
	   control to limit queries to your legitimate users. Failing to do so will
	   cause your server to become part of large scale DNS amplification 
	   attacks. Implementing BCP38 within your network would greatly
	   reduce such attack surface 
	*/
	//recursion yes;

	dnssec-enable yes;
	dnssec-validation yes;

	/* Path to ISC DLV key */
	bindkeys-file "/etc/named.iscdlv.key";

	managed-keys-directory "/var/named/dynamic";

	pid-file "/run/named/named.pid";
	session-keyfile "/run/named/session.key";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
	type hint;
	file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

zone "saturn.youds.com" { type master; file "/var/named/saturn.youds.com.db"; };
zone "youds.com" { type master; file "/var/named/youds.com.db"; };

/etc/resolv.conf

Code:
nameserver 127.0.0.1
nameserver 149.202.64.33
nameserver 164.132.221.0
search youds.com

/var/named/youds.com.db

Code:
$TTL 14400
@       IN      SOA     ns1.youds.com.      hostmaster.youds.com. (
                                                2017061300
                                                14400
                                                3600
                                                1209600
                                                86400 )

youds.com.	14400	IN	NS	ns1.youds.com.
youds.com.	14400	IN	NS	ns2.youds.com.

@	14400	IN	A	149.202.64.33
ftp	14400	IN	A	149.202.64.33
mail	14400	IN	A	149.202.64.33
ns1	14400	IN	A	149.202.64.33
ns1.youds.com.	14400	IN	A	149.202.64.33
ns2	14400	IN	A	164.132.221.0
ns2.youds.com.	14400	IN	A	164.132.221.0
pop	14400	IN	A	149.202.64.33
smtp	14400	IN	A	149.202.64.33
www	14400	IN	A	149.202.64.33
youds.com.	14400	IN	A	149.202.64.33

youds.com.	14400	IN	MX	10 mail



ownercheck	14400	IN	TXT	6b38f791
youds.com.	14400	IN	TXT	"v=spf1 a mx ip4:149.202.64.33 ~all"

I have followed the following steps in DirectAdmin:
  • Entered IP addresses, with nameservers on 2 IP addresses
  • Reseller level - configured 2 nameservers
  • Administrator settings - configured 2 nameservers
  • Added name server A records for domain name

I have opened the TCP and UDP ports 53 in CSF. (my firewall program)

Can someone point me in the right direction?

Many thanks
 
Last edited:
Can you confirm that the ports are actually open in iptables?
Code:
iptables -nL
Also confirm which IPs named is bound to:
Code:
netstat -lnp | grep named
John
 
Sure, see below.

Code:
[root@saturn ~]# iptables -nL
Chain INPUT (policy DROP)
target     prot opt source               destination         
ACCEPT     tcp  --  164.132.221.0        0.0.0.0/0            tcp dpt:53
ACCEPT     udp  --  164.132.221.0        0.0.0.0/0            udp dpt:53
ACCEPT     tcp  --  164.132.221.0        0.0.0.0/0            tcp spt:53
ACCEPT     udp  --  164.132.221.0        0.0.0.0/0            udp spt:53
LOCALINPUT  all  --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
INVALID    tcp  --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            state NEW tcp dpt:20
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            state NEW tcp dpt:21
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            state NEW tcp dpt:233
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            state NEW tcp dpt:25
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            state NEW tcp dpt:53
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            state NEW tcp dpt:80
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            state NEW tcp dpt:110
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            state NEW tcp dpt:143
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            state NEW tcp dpt:443
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            state NEW tcp dpt:465
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            state NEW tcp dpt:587
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            state NEW tcp dpt:993
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            state NEW tcp dpt:995
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            state NEW tcp dpt:2222
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            state NEW tcp dpt:7777
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            state NEW tcp dpt:27015
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            state NEW tcp dpts:35000:35999
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            state NEW udp dpt:20
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            state NEW udp dpt:21
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            state NEW udp dpt:53
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            state NEW udp dpts:6100:6200
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0            icmptype 8 limit: avg 1/sec burst 5
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0            icmptype 0 limit: avg 1/sec burst 5
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0            icmptype 11
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0            icmptype 3
LOGDROPIN  all  --  0.0.0.0/0            0.0.0.0/0           

Chain FORWARD (policy DROP)
target     prot opt source               destination         

Chain OUTPUT (policy DROP)
target     prot opt source               destination         
ACCEPT     tcp  --  0.0.0.0/0            164.132.221.0        tcp dpt:53
ACCEPT     udp  --  0.0.0.0/0            164.132.221.0        udp dpt:53
ACCEPT     tcp  --  0.0.0.0/0            164.132.221.0        tcp spt:53
ACCEPT     udp  --  0.0.0.0/0            164.132.221.0        udp spt:53
LOCALOUTPUT  all  --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:53
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:53
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp spt:53
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp spt:53
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
INVALID    tcp  --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            state NEW tcp dpt:20
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            state NEW tcp dpt:21
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            state NEW tcp dpt:233
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            state NEW tcp dpt:25
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            state NEW tcp dpt:53
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            state NEW tcp dpt:80
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            state NEW tcp dpt:110
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            state NEW tcp dpt:113
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            state NEW tcp dpt:443
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            state NEW tcp dpt:587
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            state NEW tcp dpt:993
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            state NEW tcp dpt:995
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            state NEW tcp dpt:2222
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            state NEW tcp dpt:7777
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            state NEW tcp dpt:27015
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            state NEW udp dpt:20
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            state NEW udp dpt:21
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            state NEW udp dpt:53
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            state NEW udp dpt:113
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            state NEW udp dpt:123
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            state NEW udp dpts:6100:6200
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0            icmptype 0
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0            icmptype 8
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0            icmptype 11
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0            icmptype 3
LOGDROPOUT  all  --  0.0.0.0/0            0.0.0.0/0           

Chain ALLOWIN (1 references)
target     prot opt source               destination         
ACCEPT     all  --  86.129.103.96        0.0.0.0/0           

Chain ALLOWOUT (1 references)
target     prot opt source               destination         
ACCEPT     all  --  0.0.0.0/0            86.129.103.96       

Chain DENYIN (1 references)
target     prot opt source               destination         
DROP       all  --  91.197.232.109       0.0.0.0/0           
DROP       all  --  91.134.133.251       0.0.0.0/0           
DROP       all  --  104.223.123.98       0.0.0.0/0           
DROP       all  --  217.65.83.102        0.0.0.0/0           
DROP       all  --  58.56.114.26         0.0.0.0/0           
DROP       all  --  200.252.5.210        0.0.0.0/0           
DROP       all  --  91.197.232.107       0.0.0.0/0           
DROP       all  --  185.170.42.18        0.0.0.0/0           
DROP       all  --  60.191.38.78         0.0.0.0/0           
DROP       all  --  182.100.67.119       0.0.0.0/0           
DROP       all  --  211.142.139.12       0.0.0.0/0           
DROP       all  --  109.87.243.163       0.0.0.0/0           
DROP       all  --  80.147.59.28         0.0.0.0/0           
DROP       all  --  185.17.134.85        0.0.0.0/0           
DROP       all  --  103.206.249.57       0.0.0.0/0           
DROP       all  --  153.182.158.50       0.0.0.0/0           
DROP       all  --  114.200.83.2         0.0.0.0/0           
DROP       all  --  218.255.181.88       0.0.0.0/0           
DROP       all  --  218.93.206.232       0.0.0.0/0           
DROP       all  --  218.63.248.173       0.0.0.0/0           
DROP       all  --  35.154.117.84        0.0.0.0/0           
DROP       all  --  186.228.96.208       0.0.0.0/0           
DROP       all  --  182.100.67.120       0.0.0.0/0           
DROP       all  --  218.65.30.61         0.0.0.0/0           
DROP       all  --  24.4.27.91           0.0.0.0/0           
DROP       all  --  121.241.37.45        0.0.0.0/0           
DROP       all  --  208.52.168.215       0.0.0.0/0           
DROP       all  --  85.16.199.82         0.0.0.0/0           
DROP       all  --  91.248.6.238         0.0.0.0/0           
DROP       all  --  37.49.225.124        0.0.0.0/0           
DROP       tcp  --  23.249.163.65        0.0.0.0/0            tcp dpt:110
DROP       tcp  --  23.249.163.65        0.0.0.0/0            tcp dpt:143
DROP       tcp  --  23.249.163.65        0.0.0.0/0            tcp dpt:993
DROP       tcp  --  23.249.163.65        0.0.0.0/0            tcp dpt:995

Chain DENYOUT (1 references)
target     prot opt source               destination         
LOGDROPOUT  all  --  0.0.0.0/0            91.197.232.109      
LOGDROPOUT  all  --  0.0.0.0/0            91.134.133.251      
LOGDROPOUT  all  --  0.0.0.0/0            104.223.123.98      
LOGDROPOUT  all  --  0.0.0.0/0            217.65.83.102       
LOGDROPOUT  all  --  0.0.0.0/0            58.56.114.26        
LOGDROPOUT  all  --  0.0.0.0/0            200.252.5.210       
LOGDROPOUT  all  --  0.0.0.0/0            91.197.232.107      
LOGDROPOUT  all  --  0.0.0.0/0            185.170.42.18       
LOGDROPOUT  all  --  0.0.0.0/0            60.191.38.78        
LOGDROPOUT  all  --  0.0.0.0/0            182.100.67.119      
LOGDROPOUT  all  --  0.0.0.0/0            211.142.139.12      
LOGDROPOUT  all  --  0.0.0.0/0            109.87.243.163      
LOGDROPOUT  all  --  0.0.0.0/0            80.147.59.28        
LOGDROPOUT  all  --  0.0.0.0/0            185.17.134.85       
LOGDROPOUT  all  --  0.0.0.0/0            103.206.249.57      
LOGDROPOUT  all  --  0.0.0.0/0            153.182.158.50      
LOGDROPOUT  all  --  0.0.0.0/0            114.200.83.2        
LOGDROPOUT  all  --  0.0.0.0/0            218.255.181.88      
LOGDROPOUT  all  --  0.0.0.0/0            218.93.206.232      
LOGDROPOUT  all  --  0.0.0.0/0            218.63.248.173      
LOGDROPOUT  all  --  0.0.0.0/0            35.154.117.84       
LOGDROPOUT  all  --  0.0.0.0/0            186.228.96.208      
LOGDROPOUT  all  --  0.0.0.0/0            182.100.67.120      
LOGDROPOUT  all  --  0.0.0.0/0            218.65.30.61        
LOGDROPOUT  all  --  0.0.0.0/0            24.4.27.91          
LOGDROPOUT  all  --  0.0.0.0/0            121.241.37.45       
LOGDROPOUT  all  --  0.0.0.0/0            208.52.168.215      
LOGDROPOUT  all  --  0.0.0.0/0            85.16.199.82        
LOGDROPOUT  all  --  0.0.0.0/0            91.248.6.238        
LOGDROPOUT  all  --  0.0.0.0/0            37.49.225.124       
LOGDROPOUT  tcp  --  0.0.0.0/0            23.249.163.65        tcp dpt:110
LOGDROPOUT  tcp  --  0.0.0.0/0            23.249.163.65        tcp dpt:143
LOGDROPOUT  tcp  --  0.0.0.0/0            23.249.163.65        tcp dpt:993
LOGDROPOUT  tcp  --  0.0.0.0/0            23.249.163.65        tcp dpt:995

Chain INVALID (2 references)
target     prot opt source               destination         
INVDROP    all  --  0.0.0.0/0            0.0.0.0/0            state INVALID
INVDROP    tcp  --  0.0.0.0/0            0.0.0.0/0            tcp flags:0x3F/0x00
INVDROP    tcp  --  0.0.0.0/0            0.0.0.0/0            tcp flags:0x3F/0x3F
INVDROP    tcp  --  0.0.0.0/0            0.0.0.0/0            tcp flags:0x03/0x03
INVDROP    tcp  --  0.0.0.0/0            0.0.0.0/0            tcp flags:0x06/0x06
INVDROP    tcp  --  0.0.0.0/0            0.0.0.0/0            tcp flags:0x05/0x05
INVDROP    tcp  --  0.0.0.0/0            0.0.0.0/0            tcp flags:0x11/0x01
INVDROP    tcp  --  0.0.0.0/0            0.0.0.0/0            tcp flags:0x18/0x08
INVDROP    tcp  --  0.0.0.0/0            0.0.0.0/0            tcp flags:0x30/0x20
INVDROP    tcp  --  0.0.0.0/0            0.0.0.0/0            tcp flags:!0x17/0x02 state NEW

Chain INVDROP (10 references)
target     prot opt source               destination         
DROP       all  --  0.0.0.0/0            0.0.0.0/0           

Chain LOCALINPUT (1 references)
target     prot opt source               destination         
ALLOWIN    all  --  0.0.0.0/0            0.0.0.0/0           
DENYIN     all  --  0.0.0.0/0            0.0.0.0/0           

Chain LOCALOUTPUT (1 references)
target     prot opt source               destination         
ALLOWOUT   all  --  0.0.0.0/0            0.0.0.0/0           
DENYOUT    all  --  0.0.0.0/0            0.0.0.0/0           

Chain LOGDROPIN (1 references)
target     prot opt source               destination         
DROP       tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:23
DROP       udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:23
DROP       tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:67
DROP       udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:67
DROP       tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:68
DROP       udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:68
DROP       tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:111
DROP       udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:111
DROP       tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:113
DROP       udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:113
DROP       tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpts:135:139
DROP       udp  --  0.0.0.0/0            0.0.0.0/0            udp dpts:135:139
DROP       tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:445
DROP       udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:445
DROP       tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:500
DROP       udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:500
DROP       tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:513
DROP       udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:513
DROP       tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:520
DROP       udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:520
LOG        tcp  --  0.0.0.0/0            0.0.0.0/0            limit: avg 30/min burst 5 LOG flags 0 level 4 prefix "Firewall: *TCP_IN Blocked* "
LOG        udp  --  0.0.0.0/0            0.0.0.0/0            limit: avg 30/min burst 5 LOG flags 0 level 4 prefix "Firewall: *UDP_IN Blocked* "
LOG        icmp --  0.0.0.0/0            0.0.0.0/0            limit: avg 30/min burst 5 LOG flags 0 level 4 prefix "Firewall: *ICMP_IN Blocked* "
DROP       all  --  0.0.0.0/0            0.0.0.0/0           

Chain LOGDROPOUT (35 references)
target     prot opt source               destination         
LOG        tcp  --  0.0.0.0/0            0.0.0.0/0            tcp flags:0x17/0x02 limit: avg 30/min burst 5 LOG flags 8 level 4 prefix "Firewall: *TCP_OUT Blocked* "
LOG        udp  --  0.0.0.0/0            0.0.0.0/0            limit: avg 30/min burst 5 LOG flags 8 level 4 prefix "Firewall: *UDP_OUT Blocked* "
LOG        icmp --  0.0.0.0/0            0.0.0.0/0            limit: avg 30/min burst 5 LOG flags 8 level 4 prefix "Firewall: *ICMP_OUT Blocked* "
REJECT     all  --  0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable

Code:
[root@saturn ~]# netstat -lnp | grep named
tcp        0      0 149.202.64.33:53        0.0.0.0:*               LISTEN      12717/named         
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      12717/named         
tcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN      12717/named         
tcp6       0      0 ::1:953                 :::*                    LISTEN      12717/named         
udp        0      0 149.202.64.33:53        0.0.0.0:*                           12717/named         
udp        0      0 127.0.0.1:53            0.0.0.0:*                           12717/named
 
I've got the following results as well:

Code:
$ dig A youds.com @149.202.64.33

; <<>> DiG 9.11.0-P2 <<>> A youds.com @149.202.64.33
;; global options: +cmd
;; connection timed out; no servers could be reached


$ dig A youds.com @164.132.221.0


; <<>> DiG 9.11.0-P2 <<>> A youds.com @164.132.221.0
;; global options: +cmd
;; connection timed out; no servers could be reached

Try and disable CSF/LFD completely with

Code:
csf -x

and see whether or not it helps.

If it does not help then you probably need to check whether or not you use firewall from OVH and whether or not it blocks 53 UDP/TCP.

Another thing, is that a virtual server from OVH or dedicated server with or without virtualization?
 
Hi,

Thanks for your reply.

I tried disabling csf and there was no change and there is no firewall interface/hardware between the server and the outside world. Just Anti-DDoS protection as standard.

Many thanks
 
Is that a virtual server from OVH or dedicated server with or without virtualization?​
 
Yes that is ok.

My first server even can't find it, this is what it looks over here:
Code:
# nslookup ns1.youds.com
;; Got SERVFAIL reply from 213.133.100.100, trying next server
;; connection timed out; trying next origin
;; connection timed out; no servers could be reached

Same for ns2 also on 2 other servers and also on my private home connection.

On a 3rd server I do get the correct reply.
With that server I can also telnet to port 53.
Code:
# telnet ns1.youds.com 53
Trying 149.202.64.33...
Connected to ns1.youds.com (149.202.64.33).
Escape character is '^]'.
quit
Connection closed by foreign host.

So it looks like your nameservers are not propagated around the world yet and therefore not reachable yet.
Just wait 4-24 hours and you should be ok.

If not, ask your datacenter because it might be a routing problem then or something like that.
 
Last edited:
Richard,

That really might be an issue due to a badly configured routing for a virtualization if they use a dedicated server from OVH and created VPS inside of it. For example they tried to configured NAT-based network for VPS or bridged-network to give a real IP and it failed.

The topic starter ignored my questions regarding the matter, so there is nothing else we can do.
 
It seems to be routing issue with your server, I tried to traceroute both IP's and it didn't reach, contact data center to fix it. :)
 
The topic starter ignored my questions regarding the matter, so there is nothing else we can do.
You're quite correct.
They must have made a strange mistake indeed. Very odd that with only 1 dutch server I can reach his ip's and system.
I hope they can fix it for him.
 
Hi all

I found the problem in the "IP" section of the OVH web interface for the additional options of each IP address is the ability to configure a GAME firewall. It appears the problem was on this page.

Many thanks
 
Yep, looks like it works now though. Glad to see you managed to fix it.
But even with this firewall it's odd that 1 of my servers was able to reach your nameserver, so that one server wasn't blocked by the Game firewall.
 
Yes indeed.

This has been a long on running issue due to my laziness mostly but I was very unwell for a lot of the period so I do have my excuses.

So glad to finally get this resolved.

Thanks to all - especially you Richard who helped me with this.
 
Then I don't think you have noticed how much testing you have done. I've not been able to perform enough of my workflow to get the task completed anywhere near to enough so have taken up a lot of your time asking repeat questions lol - so there.

Kind regards
 
Back
Top