This is from my blackberry so I might not have seen it all, but maybe the listen-on port 53 (127.00.1) is the problem. Shouldn't that ip be the external interface? ----- Sent from my wireless device -----Original Message----- From: tclug-list-bounces at mn-linux.org <tclug-list-bounces at mn-linux.org> To: tclug-list at mn-linux.org <tclug-list at mn-linux.org> Sent: Wed Jul 02 21:40:11 2008 Subject: [tclug-list] DNS connection refused Howdy, I have Fedora 9 installed and would like to use it as the DNS system in the house. The setup is as follows options { listen-on port 53 { 127.0.0.1; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { localhost; }; recursion yes; forwarders { 68.87.77.130; 68.87.72.130; }; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; }; include "/etc/named.rfc1912.zones"; zone "home.local" { type master; file "/var/named/home.local.hosts"; }; zone "1.168.192.in-addr.arpa" { type master; file "1.168.192.in-addr.arpa.zone"; allow-update { key "rndckey"; }; notify yes; I have the files in /var/named setup and configured. From the DNS system I can type nslookup 43p and get the following [root at fc9 named]# vi /etc/named.conf [root at fc9 named]# nslookup 43p Server: 127.0.0.1 Address: 127.0.0.1#53 Name: 43p.home.local Address: 192.168.1.52 From a windows system I get the following C:\Users\dalan>nslookup 43p Server: UnKnown Address: 192.168.1.50:53 *** UnKnown can't find 43p: Query refused From the AIX system I get (43p-aix) [dalan] nslookup 43p *** Can't find server name for address 192.168.1.50:Query refused *** Default servers are not available (43p-aix) [dalan] I have shut off the firewall and SE-Linux on the Fedora system. I'm not sure why the fedora system is blocking/refusing the request coming from another system. I even put the following entries in iptables. SERVER_IP="192.168.1.50" iptables -A INPUT -p udp -s 0/0 --sport 1024:65535 -d $SERVER_IP --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -p udp -s $SERVER_IP --sport 53 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT iptables -A INPUT -p udp -s 0/0 --sport 53 -d $SERVER_IP --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -p udp -s $SERVER_IP --sport 53 -d 0/0 --dport 53 -m state --state ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 -d $SERVER_IP --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -p tcp -s $SERVER_IP --sport 53 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp -s 0/0 --sport 53 -d $SERVER_IP --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -p tcp -s $SERVER_IP --sport 53 -d 0/0 --dport 53 -m state --state ESTABLISHED -j ACCEPT I still have the same effect. Running the following shows that the system is refusing the connection. /usr/sbin/tcpdump -X port 53 [root at fc9 named]# /usr/sbin/tcpdump -X port 53 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes 21:39:38.512926 IP aix.sparish.local.52686 > fc9.sparish.local.domain: 46304+ PTR? 50.1.168.192.in-addr.arpa. (43) 0x0000: 4500 0047 ac22 0000 1e11 6ccd c0a8 0134 E..G."....l....4 0x0010: c0a8 0132 cdce 0035 0033 7c2c b4e0 0100 ...2...5.3|,.... 0x0020: 0001 0000 0000 0000 0235 3001 3103 3136 .........50.1.16 0x0030: 3803 3139 3207 696e 2d61 6464 7204 6172 8.192.in-addr.ar 0x0040: 7061 0000 0c00 01 pa..... 21:39:38.519048 IP fc9.sparish.local.domain > aix.sparish.local.52686: 46304 Refused- 0/0/0 (43) 0x0000: 4500 0047 0000 4000 4011 b6ef c0a8 0132 E..G.. at .@......2 0x0010: c0a8 0134 0035 cdce 0033 fc26 b4e0 8105 ...4.5...3.&.... 0x0020: 0001 0000 0000 0000 0235 3001 3103 3136 .........50.1.16 0x0030: 3803 3139 3207 696e 2d61 6464 7204 6172 8.192.in-addr.ar 0x0040: 7061 0000 0c00 01 pa..... Any help would be welcome Thanks -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mailman.mn-linux.org/pipermail/tclug-list/attachments/20080702/a2ff930a/attachment.htm