You can't see outside nameservers

[arky_]

I replaced the router (mikrotik) to which Proxmox is connected and vm with directadmin on it. The settings on the router are the same as on the previous router. The directadmin settings are also the same as they were.
The problem is that all of a sudden my nameservers are not visible even though I can ping them from the outside, and my websites and mail servers stopped working. All Direcadmin services are working, nameservers as well.
I don't know where to look for the problem anymore, please help.
Regards.

 

[Richard G]

Since you replaced the router, most likely the MAC address is changed if you did not clone it.
Could it be your internet ip has changed for that reason?

 

[arky_]

The IP address has not changed. However, the macaddress may have changed. How to check it in Direcadmin and possibly replace it with the correct one?

 

[zEitEr]

Hello,

the macaddress may have changed

that's not the reason I'd rather say. Do you use NAT to proxy traffic from outside to your server? How do you manage traffic routing?

 

[arky_]

The IP address (176.115.253.10) is a public address and is not behind NAT.
I have a direct forwarding from a public address to a private address in directadmin on my router.

 

[zEitEr]

DNS uses UDP 53. Is it still forwarded?

 

[arky_]

Yes, it uses UDP port 53.

 

[zEitEr]

The question is "Is traffic to UDP 53 still forwarded?"

We don't know your setup, and can only guess.

 

[Richard G]

I've just seen you're using another ip for your own nameservers which caused the confustion on my side so I deleted my message.
Port 25 and 53 are not reachable from outside for your own nameservers. So should be some firewalling or forwarding issue somewhere, I don't know.

 

[arky_]

The question is "Is traffic to UDP 53 still forwarded?"

We don't know your setup, and can only guess.

Sorry, yes it is forwarded.

 

[Richard G]

Ports are open from outside, but totally not answering.
Maybe some proxmox firewall or something else with NAT which is blocking access.

 

[zEitEr]

Then you should check your forwarding setup, it is working wrong. From here it is no possible to identify on which point it fails. It can be either your router or dns server. You might try and:

1. disable firewall on a directadmin server to see whether you have any changes
2. use tcpdump on a directadmin server to see whether DNS traffic hits your Directadmin server and how it responds.
3. get someone to check it for you from inside.

 

[arky_]

Thank you very much for directing me with tcpdump. In fact, there was no traffic on port 53 at all. I corrected the redirects on one router earlier and the traffic started going. As I understand now it takes some time for my nameservers to be Visible?

 

[Richard G]

As I understand now it takes some time for my nameservers to be Visible?

Not if they were known with the same name's and ip's before. In that case they should be visible instantly.

But it seems they were not at least I can not reach them yet... so then it might take 4-24 hours.

 

[arky_]

Already started, thanks for your help.