CSF Configuration

[youds]

Hi

It would appear that my name servers are responding adequately however none of the packets are getting through to the server due to CSF Configuration error.

$ dig youds.com @164.132.200.239 

; <<>> DiG 9.8.3-P1 <<>> youds.com @164.132.200.239
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38379
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;youds.com.			IN	A

;; ANSWER SECTION:
youds.com.		14400	IN	A	164.132.200.239

;; AUTHORITY SECTION:
youds.com.		14400	IN	NS	ns1.youds.com.
youds.com.		14400	IN	NS	ns2.youds.com.

;; ADDITIONAL SECTION:
ns1.youds.com.		14400	IN	A	164.132.200.239
ns2.youds.com.		14400	IN	A	178.32.50.141

;; Query time: 21 msec
;; SERVER: 164.132.200.239#53(164.132.200.239)
;; WHEN: Fri Sep  2 03:45:07 2016
;; MSG SIZE  rcvd: 111

However the name servers still aren't working; here's an output of /var/log/messages

tail -10 /var/log/messages
Sep  2 04:44:01 neptune systemd: Starting Session c88603 of user root.
Sep  2 04:44:25 neptune kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=9c:5c:8e:51:70:c3:00:ff:ff:ff:ff:fd:08:00 SRC=218.92.147.81 DST=164.132.200.239 LEN=40 TOS=0x00 PREC=0x00 TTL=104 ID=256 PROTO=TCP SPT=6000 DPT=1433 WINDOW=16384 RES=0x00 SYN URGP=0 
Sep  2 04:45:01 neptune systemd: Started Session c88604 of user root.
Sep  2 04:45:01 neptune systemd: Starting Session c88604 of user root.
Sep  2 04:45:01 neptune systemd: Started Session c88605 of user root.
Sep  2 04:45:01 neptune systemd: Starting Session c88605 of user root.
Sep  2 04:45:01 neptune systemd: Started Session c88606 of user root.
Sep  2 04:45:01 neptune systemd: Starting Session c88606 of user root.
Sep  2 04:45:04 neptune kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=9c:5c:8e:51:70:c3:00:ff:ff:ff:ff:fe:08:00 SRC=88.250.172.39 DST=164.132.200.239 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=42408 PROTO=TCP SPT=48555 DPT=23 WINDOW=6147 RES=0x00 SYN URGP=0 
Sep  2 04:45:47 neptune kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=9c:5c:8e:51:70:c3:00:ff:ff:ff:ff:fd:08:00 SRC=87.236.194.161 DST=178.32.50.141 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=36135 PROTO=TCP SPT=65535 DPT=8545 WINDOW=1024 RES=0x00 SYN URGP=0

But these ports are set to open in CSF. Any ideas?

 

[Richard G]

That piece of log has nothing to do with bind c.q. your nameservers. And it does not show anything about the working status of named/bind.
For example: port 23 is telnet and is not used for nameservers. That port should not be opened in the firewall.
Neither are the other ports.

So I wonder why you think it's a CSF configuration error. For nameservers to be used, port 53 UDP (not tcp) both incoming and outgoing need to be opened in CSF. These are normally already opened by default during installation.

Check if those ports are open. If yes, please check if no other instances of your firewall or iptables is running.

 

[youds]

Richard, thanks for the reply.

I've sacked CSF in place of APF+BFD. Too many forum posts against CSF in these forums, even the how to says not to use it.

 

[truenegative]

Richard, thanks for the reply.

I've sacked CSF in place of APF+BFD. Too many forum posts against CSF in these forums, even the how to says not to use it.

I've had nothing but good luck using CSF on our directadmin servers. Very easy to configure, and extremely customizable.

 

[Richard G]

Richard, thanks for the reply.

You're welcome.
However I don't know anything of any how to saying not to use CSF.
I dropped APF+BFD years ago in benefit of CSF/LFD which is way better and has more options and possibilities. On all my servers including a cpanel server.
IMHO in 99% of the cases, complaints about csf are caused by wrong configuration and/or lack of knowledge. They also have a good support forum.

But if you get things working correctly with APF+BFD it's solved either way.