[Pdns-users] PDNS working on localhost but not publicly
Steven Garner
stevenjgarner at gmail.com
Fri May 14 01:55:31 UTC 2021
Recently set up PowerDNS Authoritative Server (v 4.4.X) on 3 Ubuntu 20.04
LTS name servers using MySQL 8 replication as a backend. My master name
server (ns1.opensourceserver.io) and one of the slaves (
ns3.opensourceserver.io) are performing well, but the other slave (
ns2.opensourceserver.io) cannot even be found.
I am wondering if it might be because of this unexpected result:
# netstat -alnp4 | grep pdns
tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN
53992/pdns_server
tcp 0 0 127.0.0.1:59010 127.0.0.1:3306
ESTABLISHED 53992/pdns_server
tcp 0 0 127.0.0.1:59008 127.0.0.1:3306
ESTABLISHED 53992/pdns_server
tcp 0 0 127.0.0.1:59012 127.0.0.1:3306
ESTABLISHED 53992/pdns_server
tcp 0 0 127.0.0.1:59014 127.0.0.1:3306
ESTABLISHED 53992/pdns_server
udp 0 0 0.0.0.0:53 0.0.0.0:*
53992/pdns_server
where I was more expecting it just to be:
# netstat -alnp4 | grep pdns
tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN
53992/pdns_server
udp 0 0 0.0.0.0:53 0.0.0.0:*
53992/pdns_server
Those extra 4 port 3306 (MySQL) lines do not go away if I stop and start
PDNS:
# systemctl stop pdns.service
# systemctl start pdns.service
# systemctl status pdns.service ● pdns.service - PowerDNS Authoritative
Server
Loaded: loaded (/lib/systemd/system/pdns.service; enabled; vendor
preset: enabled)
Active: active (running) since Thu 2021-05-13 18:26:06 CDT; 2h 2min ago
Docs: man:pdns_server(1)
man:pdns_control(1)
https://doc.powerdns.com
Main PID: 53992 (pdns_server)
Tasks: 8 (limit: 18956)
Memory: 43.0M
CGroup: /system.slice/pdns.service
└─53992 /usr/sbin/pdns_server --guardian=no --daemon=no
--disable-syslog --log-timestamp=no --write-pid=no
May 13 18:26:05 ns2.opensourceserver.io pdns_server[53992]: PowerDNS
Authoritative Server 4.4.1 (C) 2001-2020 PowerDNS.COM BV
May 13 18:26:05 ns2.opensourceserver.io pdns_server[53992]: Using 64-bits
mode. Built using gcc 9.3.0 on Feb 7 2021 00:37:15 by root at 97b66fbfd27e.
May 13 18:26:05 ns2.opensourceserver.io pdns_server[53992]: PowerDNS comes
with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to
redistribute it according to the terms >
May 13 18:26:06 ns2.opensourceserver.io pdns_server[53992]: Polled security
status of version 4.4.1 at startup, no known issues reported: OK
May 13 18:26:06 ns2.opensourceserver.io pdns_server[53992]: Creating
backend connection for TCP
May 13 18:26:06 ns2.opensourceserver.io pdns_server[53992]: [bindbackend]
Parsing 0 domain(s), will report when done
May 13 18:26:06 ns2.opensourceserver.io pdns_server[53992]: [bindbackend]
Done parsing domains, 0 rejected, 0 new, 0 removed
May 13 18:26:06 ns2.opensourceserver.io systemd[1]: Started PowerDNS
Authoritative Server.
May 13 18:26:06 ns2.opensourceserver.io pdns_server[53992]: About to create
3 backend threads for UDP
May 13 18:26:06 ns2.opensourceserver.io pdns_server[53992]: Done launching
threads, ready to distribute questions
So when I check into this dns server from the public Internet, no servers
can be reached:
dig opensourceserver.io @ns2.opensourceserver.io
; <<>> DiG 9.10.6 <<>> opensourceserver.io @ns2.opensourceserver.io
;; global options: +cmd
;; connection timed out; no servers could be reached
Yet when I do a port scan, port 53 is open:
# sudo nmap -sTU -O ns2.opensourceserver.io
Starting Nmap 7.80 ( https://nmap.org ) at 2021-05-13 20:37 CDT
Nmap scan report for ns2.opensourceserver.io (207.177.51.156)
Host is up (0.0069s latency).
Not shown: 1989 closed ports
PORT STATE SERVICE
22/tcp filtered ssh
53/tcp open domain
80/tcp open http
443/tcp open https
2000/tcp open cisco-sccp
3306/tcp open mysql
5900/tcp open vnc
8291/tcp open unknown
53/udp open domain
67/udp open|filtered dhcps
161/udp filtered snmp
Aggressive OS guesses: Linux 4.4 (91%), Linux 3.10 - 4.11 (90%), Linux 3.2
- 4.9 (89%), Android 4.1.1 (89%), Android 4.2.2 (Linux 3.4) (89%), HP P2000
G3 NAS device (88%), Linux 2.6.32 - 3.13 (88%), Linux 3.16 - 4.6 (87%),
Linux 3.18 (OpenWrt) (87%), Linux 2.6.31 - 2.6.35 (87%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 11 hops
OS detection performed. Please report any incorrect results at
https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 13.36 seconds
And PDNS responds to dig queries on localhost:
# dig opensourceserver.io @localhost
; <<>> DiG 9.16.1-Ubuntu <<>> opensourceserver.io @localhost
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50845
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;opensourceserver.io. IN A
;; ANSWER SECTION:
opensourceserver.io. 120 IN A 76.76.238.10
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu May 13 20:52:17 CDT 2021
;; MSG SIZE rcvd: 64
The router connecting ns2.opensourceserver.io's 207.177.51.156 public IP
address to the PDNS server's 192.168.1.2 private IP address is RouterOS
6.42.12, NAT/port forwarded:
/ip firewall nat
add action=masquerade chain=srcnat src-address=192.168.1.0/24
....
add action=dst-nat chain=dstnat comment=DNS dst-port=53 in-interface=ether1
protocol=tcp to-addresses=192.168.1.2 to-ports=53
add action=dst-nat chain=dstnat comment=DNS dst-port=53 in-interface=ether1
protocol=udp to-addresses=192.168.1.2 to-ports=53
...
add action=masquerade chain=srcnat out-interface=ether1
Any help would be appreciated.
Steve Garner
+1 302 364 0325
stevenjgarner at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20210513/ce68735d/attachment.htm>
More information about the Pdns-users
mailing list