DNS replication blocked?

[programatix]

Hi,

I'm having issue with DNS replication using "named". Basically, I configured "named" as slave DNS (IP: 192.168.1.3) to retrieve the zones from a master DNS (IP: 192.168.1.2). cfs is installed on the slave DNS (IP: 192.168.1.3).

When I execute "named", the log indicates that the IP 192.168.1.2#53 is unreachable. If I stop csf on the slave DNS, then it replicates fine.

I tried adding the following in csf.allow but it doesn't seems to help.

Code: Select all

192.168.1.0/24
udp|out|d=1024_65535|d=192.168.1.2
udp|out|d=1024_65535|d=192.168.1.3

Btw, I've checked "message" and could not see any dropped connections.

Any help would be greatly appreciated.

[ForumAdmin]

The first line should allow all traffic for the subnet. You should make sure that you do not have the BOGON blocklist enabled and that you restarted csf and then lfd after making any changes to /etc/csf/csf.allow. Also, check that there are no other blocks in csf:

Code: Select all

csf -g 192.168.1

[programatix]

Hi,

Thanks for the heads up.

It turns out that the following line in csf.redirect is the cause of the issue.

Code: Select all

#60.1.1.1|53|192.168.1.2|53|tcp
#60.1.1.1|53|192.168.1.2|53|udp

The 60.1.1.1 (not the real IP) is the external IP. When added, csf generate a FORWARD from * to 192.168.1.2 for port 53. May I know why? I supposed it should only FORWARD from 60.1.1.1 and not *.

Thanks.