[Pdns-users] PDNS working on localhost but not publicly

Steven Garner stevenjgarner at gmail.com
Fri May 14 01:55:31 UTC 2021


Recently set up PowerDNS Authoritative Server (v 4.4.X) on 3 Ubuntu 20.04
LTS name servers using MySQL 8 replication as a backend.  My master name
server (ns1.opensourceserver.io) and one of the slaves (
ns3.opensourceserver.io) are performing well, but the other slave (
ns2.opensourceserver.io) cannot even be found.

I am wondering if it might be because of this unexpected result:

# netstat -alnp4 | grep pdns
tcp        0      0 0.0.0.0:53              0.0.0.0:*               LISTEN
     53992/pdns_server
tcp        0      0 127.0.0.1:59010         127.0.0.1:3306
 ESTABLISHED 53992/pdns_server
tcp        0      0 127.0.0.1:59008         127.0.0.1:3306
 ESTABLISHED 53992/pdns_server
tcp        0      0 127.0.0.1:59012         127.0.0.1:3306
 ESTABLISHED 53992/pdns_server
tcp        0      0 127.0.0.1:59014         127.0.0.1:3306
 ESTABLISHED 53992/pdns_server
udp        0      0 0.0.0.0:53              0.0.0.0:*
    53992/pdns_server


where I was more expecting it just to be:

# netstat -alnp4 | grep pdns
tcp        0      0 0.0.0.0:53              0.0.0.0:*               LISTEN
     53992/pdns_server
udp        0      0 0.0.0.0:53              0.0.0.0:*
    53992/pdns_server


Those extra 4 port 3306 (MySQL) lines do not go away if I stop and start
PDNS:

# systemctl stop pdns.service
# systemctl start pdns.service
# systemctl status pdns.service ● pdns.service - PowerDNS Authoritative
Server
     Loaded: loaded (/lib/systemd/system/pdns.service; enabled; vendor
preset: enabled)
     Active: active (running) since Thu 2021-05-13 18:26:06 CDT; 2h 2min ago
       Docs: man:pdns_server(1)
             man:pdns_control(1)
             https://doc.powerdns.com
   Main PID: 53992 (pdns_server)
      Tasks: 8 (limit: 18956)
     Memory: 43.0M
     CGroup: /system.slice/pdns.service
             └─53992 /usr/sbin/pdns_server --guardian=no --daemon=no
--disable-syslog --log-timestamp=no --write-pid=no
May 13 18:26:05 ns2.opensourceserver.io pdns_server[53992]: PowerDNS
Authoritative Server 4.4.1 (C) 2001-2020 PowerDNS.COM BV
May 13 18:26:05 ns2.opensourceserver.io pdns_server[53992]: Using 64-bits
mode. Built using gcc 9.3.0 on Feb  7 2021 00:37:15 by root at 97b66fbfd27e.
May 13 18:26:05 ns2.opensourceserver.io pdns_server[53992]: PowerDNS comes
with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to
redistribute it according to the terms >
May 13 18:26:06 ns2.opensourceserver.io pdns_server[53992]: Polled security
status of version 4.4.1 at startup, no known issues reported: OK
May 13 18:26:06 ns2.opensourceserver.io pdns_server[53992]: Creating
backend connection for TCP
May 13 18:26:06 ns2.opensourceserver.io pdns_server[53992]: [bindbackend]
Parsing 0 domain(s), will report when done
May 13 18:26:06 ns2.opensourceserver.io pdns_server[53992]: [bindbackend]
Done parsing domains, 0 rejected, 0 new, 0 removed
May 13 18:26:06 ns2.opensourceserver.io systemd[1]: Started PowerDNS
Authoritative Server.
May 13 18:26:06 ns2.opensourceserver.io pdns_server[53992]: About to create
3 backend threads for UDP
May 13 18:26:06 ns2.opensourceserver.io pdns_server[53992]: Done launching
threads, ready to distribute questions


So when I check into this dns server from the public Internet, no servers
can be reached:

dig opensourceserver.io @ns2.opensourceserver.io
; <<>> DiG 9.10.6 <<>> opensourceserver.io @ns2.opensourceserver.io
;; global options: +cmd
;; connection timed out; no servers could be reached


Yet when I do a port scan, port 53 is open:

# sudo nmap -sTU -O ns2.opensourceserver.io
Starting Nmap 7.80 ( https://nmap.org ) at 2021-05-13 20:37 CDT
Nmap scan report for ns2.opensourceserver.io (207.177.51.156)
Host is up (0.0069s latency).
Not shown: 1989 closed ports
PORT     STATE         SERVICE
22/tcp   filtered      ssh
53/tcp   open          domain
80/tcp   open          http
443/tcp  open          https
2000/tcp open          cisco-sccp
3306/tcp open          mysql
5900/tcp open          vnc
8291/tcp open          unknown
53/udp   open          domain
67/udp   open|filtered dhcps
161/udp  filtered      snmp
Aggressive OS guesses: Linux 4.4 (91%), Linux 3.10 - 4.11 (90%), Linux 3.2
- 4.9 (89%), Android 4.1.1 (89%), Android 4.2.2 (Linux 3.4) (89%), HP P2000
G3 NAS device (88%), Linux 2.6.32 - 3.13 (88%), Linux 3.16 - 4.6 (87%),
Linux 3.18 (OpenWrt) (87%), Linux 2.6.31 - 2.6.35 (87%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 11 hops
OS detection performed. Please report any incorrect results at
https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 13.36 seconds


And PDNS responds to dig queries on localhost:

# dig opensourceserver.io @localhost

; <<>> DiG 9.16.1-Ubuntu <<>> opensourceserver.io @localhost
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50845
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;opensourceserver.io.           IN      A

;; ANSWER SECTION:
opensourceserver.io.    120     IN      A       76.76.238.10

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu May 13 20:52:17 CDT 2021
;; MSG SIZE  rcvd: 64


The router connecting ns2.opensourceserver.io's 207.177.51.156 public IP
address to the PDNS server's 192.168.1.2 private IP address is RouterOS
6.42.12, NAT/port forwarded:

/ip firewall nat
add action=masquerade chain=srcnat src-address=192.168.1.0/24
....
add action=dst-nat chain=dstnat comment=DNS dst-port=53 in-interface=ether1
protocol=tcp to-addresses=192.168.1.2 to-ports=53
add action=dst-nat chain=dstnat comment=DNS dst-port=53 in-interface=ether1
protocol=udp to-addresses=192.168.1.2 to-ports=53
...
add action=masquerade chain=srcnat out-interface=ether1


Any help would be appreciated.


Steve Garner
+1 302 364 0325
stevenjgarner at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20210513/ce68735d/attachment.htm>


More information about the Pdns-users mailing list