ConfigServer Community Forum

Peer support forums for ConfigServer Scripts
https://mail.forum.configserver.com/

DNS replication blocked?

https://mail.forum.configserver.com/viewtopic.php?t=6754

Page 1 of 1

DNS replication blocked?

Posted: 12 Jul 2013, 15:21
by programatix
Hi,

I'm having issue with DNS replication using "named". Basically, I configured "named" as slave DNS (IP: 192.168.1.3) to retrieve the zones from a master DNS (IP: 192.168.1.2). cfs is installed on the slave DNS (IP: 192.168.1.3).

When I execute "named", the log indicates that the IP 192.168.1.2#53 is unreachable. If I stop csf on the slave DNS, then it replicates fine.

I tried adding the following in csf.allow but it doesn't seems to help.

Code: Select all

192.168.1.0/24
udp|out|d=1024_65535|d=192.168.1.2
udp|out|d=1024_65535|d=192.168.1.3
Btw, I've checked "message" and could not see any dropped connections.

Any help would be greatly appreciated.

Re: DNS replication blocked?

Posted: 12 Jul 2013, 15:40
by ForumAdmin
The first line should allow all traffic for the subnet. You should make sure that you do not have the BOGON blocklist enabled and that you restarted csf and then lfd after making any changes to /etc/csf/csf.allow. Also, check that there are no other blocks in csf:

Code: Select all

csf -g 192.168.1

Re: DNS replication blocked?

Posted: 12 Jul 2013, 16:42
by programatix
Hi,

Thanks for the heads up.

It turns out that the following line in csf.redirect is the cause of the issue.

Code: Select all

#60.1.1.1|53|192.168.1.2|53|tcp
#60.1.1.1|53|192.168.1.2|53|udp
The 60.1.1.1 (not the real IP) is the external IP. When added, csf generate a FORWARD from * to 192.168.1.2 for port 53. May I know why? I supposed it should only FORWARD from 60.1.1.1 and not *.

Thanks.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited