Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DNS server stop working

    Scheduled Pinned Locked Moved DHCP and DNS
    8 Posts 3 Posters 2.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      limws1
      last edited by

      Hi,

      I setup Tiny dns as an authoritative dns for my domain. DNS server is setup with IP 127.0.0.1. Interface to listen is WAN. I have a 1:1 NAT setup to point the public IP of my dns to 127.0.0.1. All SOA, MX, and A records are setup. DNS server was able to resolve hostname for my domain on the Internet. Lately, the DNS server just stop working. When I view the DNS server log, there are no entries found. The only change I made is setting up OpenVPN.

      Can anyone advise?

      Rdgs

      1 Reply Last reply Reply Quote 0
      • D
        doktornotor Banned
        last edited by

        Leaving the utterly pointless 1:1 NAT aside, is the server running at all? (Like, ps / netstat output). I'd go to ask your ISP. Other than that, won't touch DJBware with a 10ft pole otherwise, so… maybe someone else.

        1 Reply Last reply Reply Quote 0
        • johnpozJ
          johnpoz LAYER 8 Global Moderator
          last edited by

          ^ agreed most likely your isp blocked unless your on a business connection because of all the dns amplification attacks of late.

          Why you would serve up authoritative dns off your firewall to the public net is another question ;)

          But I am curious – why would anyone do this??  If you need more dns features than say your registrars free dns provides, or the other free providers for like $30 a year you can have a company that all they do is DNS..  They have multiple servers across the globe, anycast, etc. etc.. etc..  Why would you host something that clearly you "need" to work off your "firewall" - where is your secondary server for your domain hosted?

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.8, 24.11

          1 Reply Last reply Reply Quote 0
          • L
            limws1
            last edited by

            @doktornotor:

            Leaving the utterly pointless 1:1 NAT aside, is the server running at all? (Like, ps / netstat output). Other than that, Won't touch DJBware with a 10ft pole otherwise, so… maybe someone else.

            If you mean the DNS Server, yes it is running. So is svscan service as shown in pfsense –> Status --> Services

            netstat result:

            [2.1.1-RELEASE][admin@]/root(1): netstat -an |grep 53
            tcp4      0      0 192.168.90.101.53      .                    LISTEN
            tcp4      0      0 127.0.0.1.53          .                    LISTEN
            udp4      0      0 192.168.90.101.53      .
            udp4      0      0 127.0.0.1.53          .

            Not sure if I am seeing right, is udp 53 not listening?

            What should I ps for to tell the dns server is running? Just running ps -ef give this result:

            [2.1.1-RELEASE][admin@]/root(2): ps -ef
            ps: Process environment requires procfs(5)
              PID  TT  STAT      TIME COMMAND
              100  v0- SN    0:04.56  /bin/sh /var/db/rrd/updaterrd.sh
            60650  v0  Is+    0:00.00  /usr/libexec/getty Pc ttyv0
            18788  0  R+    0:00.00  ps -ef
            90777  0  Is    0:00.01  /bin/sh /etc/rc.initial
            99203  0  S      0:00.01  /bin/tcsh

            1 Reply Last reply Reply Quote 0
            • D
              doktornotor Banned
              last edited by

              Go back to your ISP and ask them about blocking. And what johnpoz said, I'd just NOT run a public DNS on my firewall.

              1 Reply Last reply Reply Quote 0
              • L
                limws1
                last edited by

                @johnpoz:

                ^ agreed most likely your isp blocked unless your on a business connection because of all the dns amplification attacks of late.

                Why you would serve up authoritative dns off your firewall to the public net is another question ;)

                But I am curious – why would anyone do this??  If you need more dns features than say your registrars free dns provides, or the other free providers for like $30 a year you can have a company that all they do is DNS..  They have multiple servers across the globe, anycast, etc. etc.. etc..  Why would you host something that clearly you "need" to work off your "firewall" - where is your secondary server for your domain hosted?

                We own our domain. The domain name registrar requires us to provide two name servers. That is why I need an authoritative DNS. How else would the Internet resolve our domain name then?

                1 Reply Last reply Reply Quote 0
                • D
                  doktornotor Banned
                  last edited by

                  If your domain registrar does NOT provide DNS servers, you should just run…. run like hell from them. Other than that, if you really insist on using such lame registrar, you can have 50 domains hosted here: https://dns.he.net/ (5 different DNS servers, anycasted, for free.)

                  1 Reply Last reply Reply Quote 0
                  • johnpozJ
                    johnpoz LAYER 8 Global Moderator
                    last edited by

                    ^ exactly!!!

                    I agree if you have a domain name, you need at min 2 servers that will respond authoritatively for your domain..  What does that have to do with running it on your own?

                    Unless your a dns provider – or you serving up dns to your users for your local domain.. Leave public dns to the companies that do it for a living.  If the FREE ones don't suit your fancy or provide you what you need/want..  Then for like $30 a year you can do it a enterprise class service with 5 9's uptime.

                    Shit your time alone in having to even look at why its not working has most likely cost more than 3x the cost of hosting dns with an actual dns company for a whole year ;)

                    I can tell you if I charged my normal billing rate - the time in me reading your question and responding would of cost more than hosting your dns for a whole year!!

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    SG-4860 24.11 | Lab VMs 2.8, 24.11

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.