named doesn't response

G

gate2vn

Verified User
Joined
Nov 9, 2004
Messages
495
Location
Oslo
On a Almalinux 9 server, the named service doesn't response on ipv4, but it answers on ipv6. CSF has been disabled, no other firewall.

The config is just like other servers
allow-transfer { none; };
listen-on port 53 { any; };
listen-on-v6 port 53 { any; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";

querylog yes;
allow-query { any; };
Click to expand...

Error

dig @name-of-dns-server adomain-on-theserver

; <<>> DiG 9.10.6 <<>> @name-of-dns-server adomain-on-theserver
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached
Click to expand...
Any idea why? Thanks.
 
Bash: 
# netstat -ntpl | grep 53
tcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN      47937/named        
tcp        0      0 ipv4-of-theserver:53        0.0.0.0:*               LISTEN      47937/named        
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      47937/named        
tcp6       0      0 ipv6-of-theserver:53  :::*                    LISTEN      47937/named        
tcp6       0      0 ::1:953                 :::*                    LISTEN      47937/named        
tcp6       0      0 fe80::216:3eff:fe50::53 :::*                    LISTEN      47937/named        
tcp6       0      0 ::1:53                  :::*                    LISTEN      47937/named

Bash: 
# systemctl status named
● named.service - Berkeley Internet Name Domain (DNS)
     Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; preset: disabled)
     Active: active (running) since Wed 2025-04-02 12:58:55 +07; 3h 16min ago
    Process: 47933 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; >
    Process: 47936 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=0/SUCCESS)
    Process: 72490 ExecReload=/bin/sh -c if /usr/sbin/rndc null > /dev/null 2>&1; then /usr/sbin/rndc reload; else /bin/kill -HUP $MAINPI>
   Main PID: 47937 (named)
      Tasks: 10 (limit: 15546)
     Memory: 78.8M
        CPU: 4min 18.428s
     CGroup: /system.slice/named.service
             └─47937 /usr/sbin/named -u named -c /etc/named.conf

Apr 02 15:54:47 server-name systemd[1]: Reloaded Berkeley Internet Name Domain (DNS).
Apr 02 16:00:39 server-name systemd[1]: Reloading Berkeley Internet Name Domain (DNS)...
Apr 02 16:00:39 server-name sh[71411]: server reload successful
Apr 02 16:00:39 server-name systemd[1]: Reloaded Berkeley Internet Name Domain (DNS).
Apr 02 16:01:43 server-name systemd[1]: Reloading Berkeley Internet Name Domain (DNS)...
Apr 02 16:01:43 server-name sh[72387]: server reload successful
Apr 02 16:01:43 server-name systemd[1]: Reloaded Berkeley Internet Name Domain (DNS).
Apr 02 16:02:43 server-name systemd[1]: Reloading Berkeley Internet Name Domain (DNS)...
Apr 02 16:02:43 server-name sh[72495]: server reload successful
Apr 02 16:02:43 server-name systemd[1]: Reloaded Berkeley Internet Name Domain (DNS).
 
I found that if I request +tcp, it works. But by default with udp, it doesn't work. Checked with nc, can connect with udp/53

#nc -zvu server-ipv4 53
Connection to server-ipv4 53 port [udp/domain] succeeded!
Click to expand...

Any thing else that I need to check?
 
gate2vn said:
Any thing else that I need to check?
Click to expand...
Is resolving working correctly? Or nameservern name pushed correctly through DNS at the registrar? Did you check from outside (other server or home)?

I'm just wondering because of this:
dig @name-of-dns-server adomain-on-theserver
Click to expand...
this gave a timeout.

#nc -zvu server-ipv4 53
Click to expand...
this (with ip) works. So I don't know if you tested with ip from external server too.
 
You must log in or register to reply here.
Back
Top