2nd IPV6 Nameserver Not Responding

Cheazey

Verified User
Joined
Aug 27, 2016
Messages
16
My 2nd IPV6 nameserver is not responding according to the following report.

http://www.dnsinspect.com/cheazey.net/1473272897

According to the report, it does not have a serial number like the other IP4/IP6 addresses listed as my nameservers. Anyone who can help me fix this? Any help would be very much appreciated.
 

zEitEr

Super Moderator
Joined
Apr 11, 2005
Messages
13,932
Location
GMT +7.00
Hello,

If you want a private assistance please feel to contact me (or other guys who offers server support) via PM or through my web-site (see my signature lines).

If you want to fix it yourself then please provide more information without masquerading anything. What do you see with:

Code:
ifconfig
 

Cheazey

Verified User
Joined
Aug 27, 2016
Messages
16
Thanks for replying. I would like to learn how to fix this myself. I hope you can help me do that. This is what I see:

eth0 Link encap:Ethernet HWaddr 50:E5:49:A9:AE:74
inet addr:69.197.154.42 Bcast:69.197.154.47 Mask:255.255.255.248
inet6 addr: 2604:4300:a:207::/64 Scope:Global
inet6 addr: 2604:4300:a:207::2/64 Scope:Global
inet6 addr: 2604:4300:a:207::3/64 Scope:Global
inet6 addr: 2604:4300:a:207::4/64 Scope:Global
inet6 addr: fe80::52e5:49ff:fea9:ae74/64 Scope:Link
inet6 addr: 2604:4300:a:207::5/64 Scope:Global
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:94495 errors:0 dropped:0 overruns:0 frame:0
TX packets:85970 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:9877299 (9.4 MiB) TX bytes:21702044 (20.6 MiB)

eth0:0 Link encap:Ethernet HWaddr 50:E5:49:A9:AE:74
inet addr:69.197.154.43 Bcast:69.197.154.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

eth0:1 Link encap:Ethernet HWaddr 50:E5:49:A9:AE:74
inet addr:69.197.154.44 Bcast:69.197.154.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

eth0:2 Link encap:Ethernet HWaddr 50:E5:49:A9:AE:74
inet addr:69.197.154.45 Bcast:69.197.154.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

eth0:3 Link encap:Ethernet HWaddr 50:E5:49:A9:AE:74
inet addr:69.197.154.46 Bcast:69.197.154.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:3342 errors:0 dropped:0 overruns:0 frame:0
TX packets:3342 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:523766 (511.4 KiB) TX bytes:523766 (511.4 KiB)
 

zEitEr

Super Moderator
Joined
Apr 11, 2005
Messages
13,932
Location
GMT +7.00
Well... what you have with:

Code:
netstat -ntpl | egrep "named|bind"
and

Code:
iptables-save | grep \ 53
Try

0. restart named
1. disable firewall
3. to add "2604:4300:a:207::1/64" to the interface and move ns1 to 2604:4300:a:207::1.
4. or move ns1/ns2 to another IPv6, currently 2604:4300:a:207::2 and 2604:4300:a:207::3 are responding to DNS queries.
 

Cheazey

Verified User
Joined
Aug 27, 2016
Messages
16
Hello,

Here are the outputs:

netstat -ntpl | egrep "named|bind"

Code:
tcp        0      0 69.197.154.46:53            0.0.0.0:*                   LISTEN      3074/named          
tcp        0      0 69.197.154.45:53            0.0.0.0:*                   LISTEN      3074/named          
tcp        0      0 69.197.154.44:53            0.0.0.0:*                   LISTEN      3074/named          
tcp        0      0 69.197.154.43:53            0.0.0.0:*                   LISTEN      3074/named          
tcp        0      0 69.197.154.42:53            0.0.0.0:*                   LISTEN      3074/named          
tcp        0      0 127.0.0.1:53                0.0.0.0:*                   LISTEN      3074/named          
tcp        0      0 127.0.0.1:953               0.0.0.0:*                   LISTEN      3074/named          
tcp        0      0 :::53                       :::*                        LISTEN      3074/named          
tcp        0      0 ::1:953                     :::*                        LISTEN      3074/named
iptables-save | grep \ 53

Code:
-A INPUT ! -i lo -p tcp -m state --state NEW -m tcp --dport 53 -j ACCEPT 
-A INPUT ! -i lo -p udp -m state --state NEW -m udp --dport 53 -j ACCEPT 
-A OUTPUT ! -o lo -p tcp -m tcp --dport 53 -j ACCEPT 
-A OUTPUT ! -o lo -p udp -m udp --dport 53 -j ACCEPT 
-A OUTPUT ! -o lo -p tcp -m tcp --sport 53 -j ACCEPT 
-A OUTPUT ! -o lo -p udp -m udp --sport 53 -j ACCEPT 
-A OUTPUT ! -o lo -p tcp -m state --state NEW -m tcp --dport 53 -j ACCEPT 
-A OUTPUT ! -o lo -p udp -m state --state NEW -m udp --dport 53 -j ACCEPT
 

Cheazey

Verified User
Joined
Aug 27, 2016
Messages
16
I fixed it as per your advice. Moved the nameserver from 2604:4300:a:207:: to 2604:4300:a:207::3

But may I ask why 2604:4300:a:207:: does not reply to nameserver queries? And how do I do a DNS query for IPV6 in shell for example? Thank you for the help. Very much appreciated!
 

zEitEr

Super Moderator
Joined
Apr 11, 2005
Messages
13,932
Location
GMT +7.00
I don't have answer to your question. I need to investigate the issue myself if you want more details.

As for DNS, read how to use nslookup and dig.
 

Cheazey

Verified User
Joined
Aug 27, 2016
Messages
16
Thank you. I looked it up to learn about it. Off-topic question if you don't mind. Is it better for DA to be installed in CentOS 7 than in CentOS 6? I am currently using CentOS 6.8 and the OpenSSL support is only until 1.0.1e. Is CentOS 7.2 stable to use now and do you know what OpenSSL version it currently supports? Thank you.
 

zEitEr

Super Moderator
Joined
Apr 11, 2005
Messages
13,932
Location
GMT +7.00
DA does not care which OS you run. It's your own choice what OS to choose. If I started a new server now I would definitely choose CentOS 7.0.
 
Top