<div dir="ltr">Recently set up PowerDNS Authoritative Server (v 4.4.X) on 3 Ubuntu 20.04 LTS name servers using MySQL 8 replication as a backend. My master name server (<a href="http://ns1.opensourceserver.io">ns1.opensourceserver.io</a>) and one of the slaves (<a href="http://ns3.opensourceserver.io">ns3.opensourceserver.io</a>) are performing well, but the other slave (<a href="http://ns2.opensourceserver.io">ns2.opensourceserver.io</a>) cannot even be found.<br><br>I am wondering if it might be because of this unexpected result:<br><br><blockquote style="margin:0 0 0 40px;border:none;padding:0px"><font face="monospace"># netstat -alnp4 | grep pdns<br></font><font face="monospace">tcp 0 0 <a href="http://0.0.0.0:53">0.0.0.0:53</a> 0.0.0.0:* LISTEN 53992/pdns_server<br></font><font face="monospace">tcp 0 0 <a href="http://127.0.0.1:59010">127.0.0.1:59010</a> <a href="http://127.0.0.1:3306">127.0.0.1:3306</a> ESTABLISHED 53992/pdns_server<br></font><font face="monospace">tcp 0 0 <a href="http://127.0.0.1:59008">127.0.0.1:59008</a> <a href="http://127.0.0.1:3306">127.0.0.1:3306</a> ESTABLISHED 53992/pdns_server<br></font><font face="monospace">tcp 0 0 <a href="http://127.0.0.1:59012">127.0.0.1:59012</a> <a href="http://127.0.0.1:3306">127.0.0.1:3306</a> ESTABLISHED 53992/pdns_server<br></font><font face="monospace">tcp 0 0 <a href="http://127.0.0.1:59014">127.0.0.1:59014</a> <a href="http://127.0.0.1:3306">127.0.0.1:3306</a> ESTABLISHED 53992/pdns_server<br></font><font face="monospace">udp 0 0 <a href="http://0.0.0.0:53">0.0.0.0:53</a> 0.0.0.0:* 53992/pdns_server</font></blockquote><br>where I was more expecting it just to be:<br><br><blockquote style="margin:0 0 0 40px;border:none;padding:0px"><font face="monospace"># netstat -alnp4 | grep pdns<br></font><font face="monospace">tcp 0 0 <a href="http://0.0.0.0:53">0.0.0.0:53</a> 0.0.0.0:* LISTEN 53992/pdns_server<br></font><font face="monospace">udp 0 0 <a href="http://0.0.0.0:53">0.0.0.0:53</a> 0.0.0.0:* 53992/pdns_server</font></blockquote><br>Those extra 4 port 3306 (MySQL) lines do not go away if I stop and start PDNS:<br><br><blockquote style="margin:0 0 0 40px;border:none;padding:0px"><font face="monospace"># systemctl stop pdns.service<br></font><font face="monospace"># systemctl start pdns.service</font><font face="monospace"><br></font><font face="monospace"># systemctl status pdns.service
</font><font face="monospace">● pdns.service - PowerDNS Authoritative Server<br></font><font face="monospace"> Loaded: loaded (/lib/systemd/system/pdns.service; enabled; vendor preset: enabled)<br></font><font face="monospace"> Active: active (running) since Thu 2021-05-13 18:26:06 CDT; 2h 2min ago<br></font><font face="monospace"> Docs: man:pdns_server(1)<br></font><font face="monospace"> man:pdns_control(1)<br></font><font face="monospace"> <a href="https://doc.powerdns.com">https://doc.powerdns.com</a><br></font><font face="monospace"> Main PID: 53992 (pdns_server)<br></font><font face="monospace"> Tasks: 8 (limit: 18956)<br></font><font face="monospace"> Memory: 43.0M<br></font><font face="monospace"> CGroup: /system.slice/pdns.service<br></font><font face="monospace"> └─53992 /usr/sbin/pdns_server --guardian=no --daemon=no --disable-syslog --log-timestamp=no --write-pid=no</font><font face="monospace"><br></font><font face="monospace">May 13 18:26:05 <a href="http://ns2.opensourceserver.io">ns2.opensourceserver.io</a> pdns_server[53992]: PowerDNS Authoritative Server 4.4.1 (C) 2001-2020 PowerDNS.COM BV<br></font><font face="monospace">May 13 18:26:05 <a href="http://ns2.opensourceserver.io">ns2.opensourceserver.io</a> pdns_server[53992]: Using 64-bits mode. Built using gcc 9.3.0 on Feb 7 2021 00:37:15 by root@97b66fbfd27e.<br></font><font face="monospace">May 13 18:26:05 <a href="http://ns2.opensourceserver.io">ns2.opensourceserver.io</a> pdns_server[53992]: PowerDNS comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it according to the terms ><br></font><font face="monospace">May 13 18:26:06 <a href="http://ns2.opensourceserver.io">ns2.opensourceserver.io</a> pdns_server[53992]: Polled security status of version 4.4.1 at startup, no known issues reported: OK<br></font><font face="monospace">May 13 18:26:06 <a href="http://ns2.opensourceserver.io">ns2.opensourceserver.io</a> pdns_server[53992]: Creating backend connection for TCP<br></font><font face="monospace">May 13 18:26:06 <a href="http://ns2.opensourceserver.io">ns2.opensourceserver.io</a> pdns_server[53992]: [bindbackend] Parsing 0 domain(s), will report when done<br></font><font face="monospace">May 13 18:26:06 <a href="http://ns2.opensourceserver.io">ns2.opensourceserver.io</a> pdns_server[53992]: [bindbackend] Done parsing domains, 0 rejected, 0 new, 0 removed<br></font><font face="monospace">May 13 18:26:06 <a href="http://ns2.opensourceserver.io">ns2.opensourceserver.io</a> systemd[1]: Started PowerDNS Authoritative Server.<br></font><font face="monospace">May 13 18:26:06 <a href="http://ns2.opensourceserver.io">ns2.opensourceserver.io</a> pdns_server[53992]: About to create 3 backend threads for UDP<br></font><font face="monospace">May 13 18:26:06 <a href="http://ns2.opensourceserver.io">ns2.opensourceserver.io</a> pdns_server[53992]: Done launching threads, ready to distribute questions</font></blockquote><br>So when I check into this dns server from the public Internet, no servers can be reached:<br><br><blockquote style="margin:0 0 0 40px;border:none;padding:0px"><font face="monospace">dig <a href="http://opensourceserver.io">opensourceserver.io</a> @<a href="http://ns2.opensourceserver.io">ns2.opensourceserver.io</a></font><font face="monospace"><br></font><font face="monospace">; <<>> DiG 9.10.6 <<>> <a href="http://opensourceserver.io">opensourceserver.io</a> @<a href="http://ns2.opensourceserver.io">ns2.opensourceserver.io</a><br></font><font face="monospace">;; global options: +cmd<br></font><font face="monospace">;; connection timed out; no servers could be reached</font></blockquote><br>Yet when I do a port scan, port 53 is open:<br><br><blockquote style="margin:0 0 0 40px;border:none;padding:0px"><font face="monospace"># sudo nmap -sTU -O <a href="http://ns2.opensourceserver.io">ns2.opensourceserver.io</a><br></font><font face="monospace">Starting Nmap 7.80 ( <a href="https://nmap.org">https://nmap.org</a> ) at 2021-05-13 20:37 CDT<br></font><font face="monospace">Nmap scan report for <a href="http://ns2.opensourceserver.io">ns2.opensourceserver.io</a> (207.177.51.156)<br></font><font face="monospace">Host is up (0.0069s latency).<br></font><font face="monospace">Not shown: 1989 closed ports<br></font><font face="monospace">PORT STATE SERVICE<br></font><font face="monospace">22/tcp filtered ssh<br></font><font face="monospace">53/tcp open domain<br></font><font face="monospace">80/tcp open http<br></font><font face="monospace">443/tcp open https<br></font><font face="monospace">2000/tcp open cisco-sccp<br></font><font face="monospace">3306/tcp open mysql<br></font><font face="monospace">5900/tcp open vnc<br></font><font face="monospace">8291/tcp open unknown<br></font><font face="monospace">53/udp open domain<br></font><font face="monospace">67/udp open|filtered dhcps<br></font><font face="monospace">161/udp filtered snmp<br></font><font face="monospace">Aggressive OS guesses: Linux 4.4 (91%), Linux 3.10 - 4.11 (90%), Linux 3.2 - 4.9 (89%), Android 4.1.1 (89%), Android 4.2.2 (Linux 3.4) (89%), HP P2000 G3 NAS device (88%), Linux 2.6.32 - 3.13 (88%), Linux 3.16 - 4.6 (87%), Linux 3.18 (OpenWrt) (87%), Linux 2.6.31 - 2.6.35 (87%)<br></font><font face="monospace">No exact OS matches for host (test conditions non-ideal).<br></font><font face="monospace">Network Distance: 11 hops</font><font face="monospace"><br></font><font face="monospace">OS detection performed. Please report any incorrect results at <a href="https://nmap.org/submit/">https://nmap.org/submit/</a> .<br></font><font face="monospace">Nmap done: 1 IP address (1 host up) scanned in 13.36 seconds</font></blockquote><div><br></div>And PDNS responds to dig queries on localhost:<div><br></div><blockquote style="margin:0 0 0 40px;border:none;padding:0px"><div><font face="monospace"># dig <a href="http://opensourceserver.io">opensourceserver.io</a> @localhost</font></div><div><font face="monospace"><br></font></div><div><font face="monospace">; <<>> DiG 9.16.1-Ubuntu <<>> <a href="http://opensourceserver.io">opensourceserver.io</a> @localhost</font></div><div><font face="monospace">;; global options: +cmd</font></div><div><font face="monospace">;; Got answer:</font></div><div><font face="monospace">;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50845</font></div><div><font face="monospace">;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1</font></div><div><font face="monospace">;; WARNING: recursion requested but not available</font></div><div><font face="monospace"><br></font></div><div><font face="monospace">;; OPT PSEUDOSECTION:</font></div><div><font face="monospace">; EDNS: version: 0, flags:; udp: 1232</font></div><div><font face="monospace">;; QUESTION SECTION:</font></div><div><font face="monospace">;<a href="http://opensourceserver.io">opensourceserver.io</a>. IN A</font></div><div><font face="monospace"><br></font></div><div><font face="monospace">;; ANSWER SECTION:</font></div><div><font face="monospace"><a href="http://opensourceserver.io">opensourceserver.io</a>. 120 IN A 76.76.238.10</font></div><div><font face="monospace"><br></font></div><div><font face="monospace">;; Query time: 0 msec</font></div><div><font face="monospace">;; SERVER: 127.0.0.1#53(127.0.0.1)</font></div><div><font face="monospace">;; WHEN: Thu May 13 20:52:17 CDT 2021</font></div><div><font face="monospace">;; MSG SIZE rcvd: 64</font></div></blockquote><div><br></div><div><div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div style="font-size:small"><div style="font-family:arial">The router connecting <a href="http://ns2.opensourceserver.io">ns2.opensourceserver.io</a>'s 207.177.51.156 public IP address to the PDNS server's 192.168.1.2 private IP address is RouterOS 6.42.12, NAT/port forwarded: </div><div style="font-family:arial"><br></div></div></div></div></div></div></div></div></div></div><blockquote style="margin:0 0 0 40px;border:none;padding:0px"><div><div><div class="gmail_signature" data-smartmail="gmail_signature"><div><div><div><div><div><div style="font-size:small"><div style=""><font face="monospace">/ip firewall nat</font></div></div></div></div></div></div></div></div></div></div><div><div><div class="gmail_signature" data-smartmail="gmail_signature"><div><div><div><div><div><div style="font-size:small"><div style=""><font face="monospace">add action=masquerade chain=srcnat src-address=<a href="http://192.168.1.0/24">192.168.1.0/24</a></font></div></div></div></div></div></div></div></div></div></div><div><div><div class="gmail_signature" data-smartmail="gmail_signature"><div><div><div><div><div><div style="font-size:small"><div style=""><font face="monospace">....</font></div></div></div></div></div></div></div></div></div></div><div><div class="gmail_signature" data-smartmail="gmail_signature"><div><div><div><div><div><div style="font-size:small"><div style=""><font face="monospace">add action=dst-nat chain=dstnat comment=DNS dst-port=53 in-interface=ether1 protocol=tcp to-addresses=192.168.1.2 to-ports=53</font></div></div></div></div></div></div></div></div></div><div><div class="gmail_signature" data-smartmail="gmail_signature"><div><div><div><div><div><div style="font-size:small"><div style=""><font face="monospace">add action=dst-nat chain=dstnat comment=DNS dst-port=53 in-interface=ether1 protocol=udp to-addresses=192.168.1.2 to-ports=53</font></div></div></div></div></div></div></div></div></div><div><div class="gmail_signature" data-smartmail="gmail_signature"><div><div><div><div><div><div style="font-size:small"><div style=""><font face="monospace">...</font></div></div></div></div></div></div></div></div></div><div><div class="gmail_signature" data-smartmail="gmail_signature"><div><div><div><div><div><div style="font-size:small"><div style=""><font face="monospace">add action=masquerade chain=srcnat out-interface=ether1</font></div></div></div></div></div></div></div></div></div></blockquote><div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div style="font-size:small"><div style="font-family:arial"><br></div><div style="font-family:arial">Any help would be appreciated.</div><div style="font-family:arial"><br></div><div style="font-family:arial"><br></div><div style="font-family:arial">Steve Garner</div><div style="font-family:arial">+1 302 364 0325<br></div><div style="font-family:arial"><a href="mailto:stevenjgarner@gmail.com">stevenjgarner@gmail.com</a></div></div></div></div></div></div></div></div></div></div>