0

I just set up a DNS server today, and it is responding to a remote dig (Off network) with NOERROR yet my browser from the same machine it timing out: ERR_CONNECTION_TIMED_OUT

## EDIT ## I think it is worth mentioning that # curl mywebsite times out as well.

My dig returns the following: (keep in mind that 10.2.6.60 is the DNS server and 10.2.6.80 is the WEB server)

# dig mywebsite.com 53

; <<>> DiG 9.10.3-P4-Ubuntu <<>> mywebsite.com 53
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36878
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;mywebsite.com.     IN  A

;; ANSWER SECTION:
mywebsite.com.  38399   IN  A   10.2.6.80

;; Query time: 119 msec
;; SERVER: 127.0.1.1#53(127.0.1.1)
;; WHEN: Fri Feb 10 15:52:16 PST 2017
;; MSG SIZE  rcvd: 61

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 46751
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;53.                IN  A

;; AUTHORITY SECTION:
.           63934   IN  SOA a.root-servers.net. nstld.verisign-grs.com. 2017021000 1800 900 604800 86400

;; Query time: 35 msec
;; SERVER: 127.0.1.1#53(127.0.1.1)
;; WHEN: Fri Feb 10 15:52:16 PST 2017
;; MSG SIZE  rcvd: 106

And on the DNS Server my tcpdump reads: 

#  sudo tcpdump -n -nn -tttt -i ens32 port 53

2017-02-10 17:52:16.885021 IP 74.125.80.81.40072 > 10.2.6.60.53: 15104 [1au] A? mywebsite.com. (56)
2017-02-10 17:52:16.885550 IP 10.2.6.60.53 > 74.125.80.81.40072: 15104*- 1/1/1 A 10.2.6.80 (95)

Apparently I have a configuration issue? I ran the config test, and there are no errors. But just in case, here is my config:

/etc/bind/named.conf.local

 zone "mywebsite.com" {
        type master;
        file "/var/lib/bind/mywebsite.com.hosts";
        };

zone "6.2.10.in-addr.arpa" {
  type master;
  file "/etc/bind/db.mywebsite.com";
 };

/var/lib/bind/mywebsite.com.hosts

$ttl 38400
mywebsite.com.       IN      SOA     ns1.mydnssite.com. mydnsemail.gmail.com. (
                        1486765992
                        10800
                        3600
                        604800
                        38400 )
mywebsite.com.       IN      NS      ns1.mydnssite.com.
mywebsite.com.       IN      A       10.2.6.80
www.mywebsite.com.   IN      A       10.2.6.80

etc/bind/db.mywebsite.com

$TTL    604800
@       IN      SOA     localhost. root.localhost. (
                              1         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
@       IN      NS      localhost.
1.0.0   IN      PTR     localhost.

Can anyone find any glaring errors as to why it would work with a remote dig, but the browser times out? I initially thought it was UDP, but you can clearly see in the dig response that's not the case .. I am stumped!

Zak
  • 345
  • 3
  • 16
  • 2
    `my browser from the same machine it timing out: ERR_CONNECTION_TIMED_OUT` that isn't a DNS related error message. Why do you think the problem is related to DNS, and not something to do with the service you are trying to access with curl or your web browser? Are you sure the service you are trying to access is listening on the port you are connecting to? Are you sure it is permitted through the firewall? – Zoredache Feb 11 '17 at 00:33
  • I can access the public IP address for `10.2.6.80` and get my **default** web page -- So I know Apache is listening on port 80 and responding correctly. I can also access sites that are mapped directly to the IP and not through DNS. – Zak Feb 11 '17 at 00:56
  • does curl timeout from the remote machine as well? – pete Feb 11 '17 at 01:34
  • It does.. And it's worth mentioning that `curl public_ipaddress` also returns the default page successfully – Zak Feb 11 '17 at 01:54
  • Are you sure Apache is listening on the 10.2.6.80 IP address? Look at the output of `netstat -nltp`. – Zoredache Feb 11 '17 at 06:13
  • flush your DNS cache, or try from another machine/network – Orphans Feb 11 '17 at 12:29
  • @Zoredache -- I saw your comment, and it got me to thinking. `10.2.6.80` is the internal IP address. both x.60 and x.80 are on the same LAN. So I had .60 (DNS server) point to the `PUBLIC` ip address of x.80, and it worked. Is this the preferred method, or is there is misconfiguration where I can't send the DNS traffic internally? -- Also it's worth mentioning Apache is listening on `*:80` – Zak Feb 13 '17 at 15:30

0 Answers0