DNS problem if csf enable

unit · Post by **unit** » 12 Apr 2024, 18:01

Hello!

I have a problem if csf enable.
for example:

CSF ENABLE

dig @8.8.8.8 ns1.besthost.az

; <<>> DiG 9.18.18-0ubuntu0.22.04.2-Ubuntu <<>> @8.8.8.8 ns1.besthost.az
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 16066
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
; EDE: 22 (No Reachable Authority): (At delegation besthost.az for ns1.besthost.az/a)
;; QUESTION SECTION:
;ns1.besthost.az.               IN      A

;; Query time: 3095 msec
;; SERVER: 8.8.8.8#53(8.8.8.8) (UDP)
;; WHEN: Fri Apr 12 20:34:33 +04 2024
;; MSG SIZE  rcvd: 97

CSF DSABLE

Code: Select all

 dig @8.8.8.8 ns1.besthost.az

; <<>> DiG 9.18.18-0ubuntu0.22.04.2-Ubuntu <<>> @8.8.8.8 ns1.besthost.az
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6346
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;ns1.besthost.az.               IN      A

;; ANSWER SECTION:
ns1.besthost.az.        14400   IN      A       213.136.94.86

;; Query time: 251 msec
;; SERVER: 8.8.8.8#53(8.8.8.8) (UDP)
;; WHEN: Fri Apr 12 20:37:15 +04 2024
;; MSG SIZE  rcvd: 60

Sometimes I can get error like this: ;; communications error to 8.8.8.8#53: timed out

Code: Select all

 dig ns roadlink.az  
;; communications error to 8.8.8.8#53: timed out
; <<>> DiG 9.18.18-0ubuntu0.22.04.2-Ubuntu <<>> ns roadlink.az
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55712
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;roadlink.az.                   IN      NS

;; ANSWER SECTION:
roadlink.az.            14963   IN      NS      ns2.besthost.az.
roadlink.az.            14963   IN      NS      ns1.besthost.az.

;; Query time: 203 msec
;; SERVER: 8.8.8.8#53(8.8.8.8) (UDP)
;; WHEN: Fri Apr 12 20:58:51 +04 2024
;; MSG SIZE  rcvd: 85

for example I get error like "couldn't get address for 'ns2.besthost.az': failure" when run dig +trace iyde.az if csf enable
but if disable I didin;t get ant error.

FROM /etc/csf/csf.conf

Code: Select all

#        query-source port 53;
# This will force incoming DNS traffic only through port 53
TCP_IN = "53"
TCP_OUT = "53"
UDP_IN = "53"
UDP_OUT = "53"
#        query-source-v6 port 53;
UDP6_IN = "53"
UDP6_OUT = "53"
# port;protocol,port;protocol,... For example, "53;udp,53;tcp"
PORTS_bind = "53;udp,53;tcp"