[Pdns-users] PDNS working on localhost but not publicly

Brian Candler b.candler at pobox.com
Fri May 14 06:26:54 UTC 2021 

On 14/05/2021 02:55, Steven Garner via Pdns-users wrote:
> The router connecting ns2.opensourceserver.io 
> <http://ns2.opensourceserver.io>'s 207.177.51.156 public IP address to 
> the PDNS server's 192.168.1.2 private IP address is RouterOS 6.42.12, 
> NAT/port forwarded:
>
>     /ip firewall nat
>     add action=masquerade chain=srcnat src-address=192.168.1.0/24
>     <http://192.168.1.0/24>
>     ....
>     add action=dst-nat chain=dstnat comment=DNS dst-port=53
>     in-interface=ether1 protocol=tcp to-addresses=192.168.1.2 to-ports=53
>     add action=dst-nat chain=dstnat comment=DNS dst-port=53
>     in-interface=ether1 protocol=udp to-addresses=192.168.1.2 to-ports=53
>     ...
>     add action=masquerade chain=srcnat out-interface=ether1
>
>
> Any help would be appreciated.

On my home Mikrotik I have:

/ip firewall filter
...
add action=accept chain=forward dst-address-list=ns_auth dst-port=53 
protocol=udp
add action=accept chain=forward dst-address-list=ns_auth dst-port=53 
protocol=tcp
...

/ip firewall nat
add action=masquerade chain=srcnat comment="NAT outbound - external 
links" out-interface-list=all-external \
     src-address-list=internal_v4
...
add action=dst-nat chain=dstnat dst-address-type=local dst-port=53 
in-interface-list=all-external protocol=udp \
     to-addresses=10.12.255.32 to-ports=53
add action=dst-nat chain=dstnat dst-address-type=local dst-port=53 
in-interface-list=all-external protocol=tcp \
     to-addresses=10.12.255.32 to-ports=53

/ip firewall address-list
...
add address=10.12.255.32 list=ns_auth

/interface list
add name=all-external

/interface list member
add interface=pppoe-out2 list=all-external

Looks similar to yours, although I have "dst-address-type=local" on the 
inbount NAT.

You can prove routing is the problem by running tcpdump on ns2, and 
sending a query from outside:

tcpdump -i eth0 -nn -s0 -v udp port 53


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20210514/716acfd0/attachment.htm>

More information about the Pdns-users mailing list