Strange DNS behavior

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Strange DNS behavior

Chris Maness-2
I have been running my own DNS for years with glue records and the whole
nine yards.  A couple of days ago (without warning) my DNS server stopped
resolving requests external to my local network.  If I portscan my server
from outside my local network, I see that TCP port 53 is open.  I can use
dig to resolve any host on that server as long as it is local, but if I try
to to use dig from a remote host.  It just times out.  I thought I might
have been hacked or something, but it does not appear that the named.conf
file has been changed since 2015 (according to the stamp).

Any suggestions as to what could be the issue?

Thanks,
Chris Maness
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: Strange DNS behavior

Trond Endrestøl
On Thu, 26 Oct 2017 08:10-0700, Chris Maness wrote:

> I have been running my own DNS for years with glue records and the whole
> nine yards.  A couple of days ago (without warning) my DNS server stopped
> resolving requests external to my local network.  If I portscan my server
> from outside my local network, I see that TCP port 53 is open.  I can use
> dig to resolve any host on that server as long as it is local, but if I try
> to to use dig from a remote host.  It just times out.  I thought I might
> have been hacked or something, but it does not appear that the named.conf
> file has been changed since 2015 (according to the stamp).
>
> Any suggestions as to what could be the issue?

Here are some very basic suggestions.

As you probably know, DNS uses UDP and switches to TCP if it receives
a truncated response or is told to do TCP right from the beginning.

Make sure your ISP hasn't blocked UDP and TCP port 53 in your
direction. Check your own packet filter/firewall just to be safe.

You can restart your DNS server process, you'll lose whatever's in the
cache, but that shouldn't matter too much.

--
Trond.
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[hidden email]"