2

I have setup a bind9 dns server on virtualmin and created dns zone for following domain with following nameservers.

domain = thecrystalsms.com Name Server ns5.crystalhost.net ns6.crystalhost.net

Both ns5 and ns6 are resolving correctly to 182.93.78.27

And in my server when I run following command

host -t ns thecrystalsms.com

it shows

thecrystalsms.com name server ns6.crystalhost.net.
thecrystalsms.com name server ns5.crystalhost.net.

But when I query dns fro thecrystalsms.com from outside it fails.

Following is my dns zone entries

$ttl 38400
@   IN  SOA ns5.crystalhost.net. root.ns5.crystalhost.net. (
            1559739241
            10800
            3600
            604800
            38400 )
@   IN  NS  ns5.crystalhost.net.
@   IN  NS  ns6.crystalhost.net.
thecrystalsms.com.  IN  A   182.93.78.27
www.thecrystalsms.com.  IN  A   182.93.78.27
ftp.thecrystalsms.com.  IN  A   182.93.78.27
m.thecrystalsms.com.    IN  A   182.93.78.27
localhost.thecrystalsms.com.    IN  A   127.0.0.1
webmail.thecrystalsms.com.  IN  A   182.93.78.27
admin.thecrystalsms.com.    IN  A   182.93.78.27
mail.thecrystalsms.com. IN  A   182.93.78.27
thecrystalsms.com.  IN  MX  5 mail.thecrystalsms.com.
thecrystalsms.com.  IN  TXT "v=spf1 a mx a:thecrystalsms.com ip4:182.93.78.27 ip4:182.93.78.27 ip6:fe80::250:56ff:fe8c:d4ad -all"
_dmarc.thecrystalsms.com.   IN  TXT "v=DMARC1; pct=100; ruf=mailto:postmaster@thecrystalsms.com; rua=mailto:postmaster@thecrystalsms.com; p=reject"

Could not understand what is the issue.

Restarted server for multiple times too.

Output of netstat -an|grep :53 gives

tcp        0      0 182.93.78.27:53         0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN
tcp6       0      0 :::53                   :::*                    LISTEN
udp        0      0 182.93.78.27:53         0.0.0.0:*
udp        0      0 127.0.0.1:53            0.0.0.0:*
udp6       0      0 :::53                   :::*

Port Scanner Results

Not shown: 840 closed ports, 142 filtered ports
PORT      STATE SERVICE
21/tcp    open  ftp
22/tcp    open  ssh
25/tcp    open  smtp
53/tcp    open  domain
80/tcp    open  http
110/tcp   open  pop3
143/tcp   open  imap
443/tcp   open  https
465/tcp   open  smtps
587/tcp   open  submission
993/tcp   open  imaps
995/tcp   open  pop3s
2222/tcp  open  unknown
8000/tcp  open  http-alt
8001/tcp  open  unknown
8002/tcp  open  teradataordbms
10000/tcp open  snet-sensor-mgmt
20000/tcp open  unknown
Nmap done: 1 IP address (1 host up) scanned in 20.40 seconds

I ran zenmap tool and found following result

nmap -sS -sU -T4 -A -v thecrystalsms.com
Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-11 12:02 Nepal Standard Time

NSE: Loaded 148 scripts for scanning.

NSE: Script Pre-scanning.

Initiating NSE at 12:02

Completed NSE at 12:02, 0.00s elapsed

Initiating NSE at 12:02

Completed NSE at 12:02, 0.00s elapsed

Initiating Ping Scan at 12:02

Scanning thecrystalsms.com (182.93.78.27) [4 ports]

Completed Ping Scan at 12:02, 0.75s elapsed (1 total hosts)

Initiating Parallel DNS resolution of 1 host. at 12:02

Completed Parallel DNS resolution of 1 host. at 12:02, 0.01s elapsed

Initiating SYN Stealth Scan at 12:02

Scanning thecrystalsms.com (182.93.78.27) [1000 ports]

Discovered open port 443/tcp on 182.93.78.27

Discovered open port 995/tcp on 182.93.78.27

Discovered open port 80/tcp on 182.93.78.27

Discovered open port 21/tcp on 182.93.78.27

Discovered open port 53/tcp on 182.93.78.27

Discovered open port 143/tcp on 182.93.78.27

Discovered open port 993/tcp on 182.93.78.27

Discovered open port 587/tcp on 182.93.78.27

Discovered open port 22/tcp on 182.93.78.27

Discovered open port 110/tcp on 182.93.78.27

Discovered open port 10000/tcp on 182.93.78.27

Discovered open port 20000/tcp on 182.93.78.27

Discovered open port 8007/tcp on 182.93.78.27

Discovered open port 465/tcp on 182.93.78.27

Discovered open port 8002/tcp on 182.93.78.27

Discovered open port 8000/tcp on 182.93.78.27

Discovered open port 2222/tcp on 182.93.78.27

Completed SYN Stealth Scan at 12:02, 2.04s elapsed (1000 total ports)

Initiating UDP Scan at 12:02

Scanning thecrystalsms.com (182.93.78.27) [1000 ports]

Discovered open port 53/udp on 182.93.78.27

Increasing send delay for 182.93.78.27 from 0 to 50 due to max_successful_tryno increase to 5

Increasing send delay for 182.93.78.27 from 50 to 100 due to max_successful_tryno increase to 6

Warning: 182.93.78.27 giving up on port because retransmission cap hit (6).

UDP Scan Timing: About 31.30% done; ETC: 12:04 (0:01:08 remaining)

UDP Scan Timing: About 37.70% done; ETC: 12:05 (0:01:41 remaining)

Seem my server has udp port open too. Also, when I lookup ns via command line it shows following result

nslookup thecrystalsms.com 182.93.78.27

Server:  UnKnown
Address:  182.93.78.27

Name:    thecrystalsms.com
Address:  182.93.78.27

But when I run nslookup thecrystalsms.com 8.8.8.8 the response is

DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  192.93.78.27

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
*** Request to UnKnown timed-out

Couldn't figure out problem with bind9 or somewhere else.

Roshan Budhathoki
  • 31
  • 5
  • 1
    DNS usually listen to port 53, not 93. And what is the result of command `netstat -an|grep :53` – Romeo Ninov Jun 05 '19 at 13:31
  • The command netstat -an|grep :53 shows following `tcp 0 0 182.93.78.27:53 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN tcp6 0 0 :::53 :::* LISTEN udp 0 0 182.93.78.27:53 0.0.0.0:* udp 0 0 127.0.0.1:53 0.0.0.0:* udp6 0 0 :::53 :::* ` – Roshan Budhathoki Jun 05 '19 at 13:35
  • Check with your domain registrant about DNS servers, bind to your domain. – Romeo Ninov Jun 05 '19 at 13:40
  • Its looks okay, when I point the domain to another dns servers it works correctly but when the domain is pointed to ns5.crystalhost.net and ns6.crystalhost.net, the dns query does not gets resolved. – Roshan Budhathoki Jun 05 '19 at 13:42
  • 1
    Your portscan only shows TCP. DNS uses UDP. – Gerald Schneider Jun 05 '19 at 13:47
  • it seems issue with webadmin, Please re-check webadmin -IP configuration and DNS configuration – sanjayparmar Jun 05 '19 at 14:14
  • An online checking tool such as DNSviz clearly shows the nameservers not replying to UDP DNS queries: http://dnsviz.net/d/thecrystalsms.com/dnssec/ Also having two nameservers names resolving to the same IP is counter productive, as you experience it yourself here: any problem renders your domain off the grid. You should instead use your registrar or webhosting company as secondary namserver. – Patrick Mevzek Jun 09 '19 at 05:34
  • @GeraldSchneider the port 53 is open on udp too still no luck. Also, I have added additional information in the question, please have a look. – Roshan Budhathoki Jun 11 '19 at 06:22
  • @RoshanBudhathoki, have you find any solution? I am having same issue :( – Siddhpura Amit Oct 08 '21 at 10:49

1 Answers1

2

If I query your nameserver by UDP, there is a timeout:

triss:~> dig @ns6.crystalhost.net. thecrystalsms.com soa

; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_6 <<>> @ns6.crystalhost.net. thecrystalsms.com soa
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached

If I query using TCP it works:

triss:~> dig @ns6.crystalhost.net. thecrystalsms.com soa +tcp

; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_6 <<>> @ns6.crystalhost.net. thecrystalsms.com soa +tcp
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52568
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;thecrystalsms.com.             IN      SOA

;; ANSWER SECTION:
thecrystalsms.com.      38400   IN      SOA     ns5.crystalhost.net. root.ns5.crystalhost.net. 1559739241 10800 3600 604800 38400

;; AUTHORITY SECTION:
thecrystalsms.com.      38400   IN      NS      ns5.crystalhost.net.
thecrystalsms.com.      38400   IN      NS      ns6.crystalhost.net.

;; Query time: 218 msec
;; SERVER: 182.93.78.27#53(182.93.78.27)
;; WHEN: wto cze 11 09:07:34 CEST 2019
;; MSG SIZE  rcvd: 138

Clearly someone is blocking your DNS UDP port. The fact the port is open is orthogonal to the fact it may be blocked: either at your host by firewall or someone on the network towards your host. Please check you firewall first and if this is not a culprit - work with your ISP to figure out if they are blocking access to DNS UDP port - some may do just that to prevent DNS amplification attacks.

Tomek
  • 2,950
  • 1
  • 15
  • 9