[Pdns-users] Can't access remotely: "connection timed out; no servers could be reached"
leen at wirehub.nl
Tue Jan 20 21:33:01 UTC 2009
On Tue, Jan 20, 2009 at 01:30:22PM -0700, JK E-Lists wrote:
> I have a fresh PowerDNS install with some test records in the database.
> CentOS 5 (all updates)
> Latest PowerDNS RPM
> I can query successfully when logged into the name server, e.g.
> [me at ns1 ~] $ host foo.test.com 127.0.0.1
> However, when I try to query the from my workstation, it fails.
> [me at work ~] $ host foo.test.com xxx.xxx.xxx.xxx
> ;; connection timed out; no servers could be reached
> I believe that I have the firewall set up correctly.
> /etc/sysconfig/iptables has the following:
> -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 53 -j ACCEPT
> -A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 53 -j ACCEPT
> which I believe will accept incoming connection for DNS.
> What else should I check?
I've read somewhere not all host-commands are created equal, so I wouldn't suggest
to use that, try dig.
If it's just a test-machine and doesn't get all kinds of traffic, a simple way of
testing your firewall might be to use iptables -Z to zero the counters.
with iptables -nvL you can see what rules are actually matched.
personally I just use:
# tcpdump -npti ethX host work and not tcp port ssh # the machine I'm on, but without the ssh-port
to see the packets.
hope that helps.
you can also turn on more logging in the pdns-configuration-file.
More information about the Pdns-users