DNS not available from outside

Maintenance
#1

I have a domain asm0dey.site (and also ns1.box.asm0dey.site etc) at 87.251.76.56

When I’m trying to perform lookup from my machine I get the error:

❯ dig @87.251.76.56 google.com
;; communications error to 87.251.76.56#53: timed out
;; communications error to 87.251.76.56#53: timed out
;; communications error to 87.251.76.56#53: timed out

At the same time lookup from the box itself works fine.

In the ufw port is open, with tcpdump I can see the incoming packages, nsd and named are running

https://intodns.com/debrief.site says that this server is unavailable.

How should I debug and fix it?

Thank you!

#2 
nmap -sTU -p53 87.251.76.56

PORT   STATE         SERVICE
53/tcp open          domain
53/udp open|filtered domain

Looks like Port 53/udp is filtered / not reachable. Does your hosting company provide some kind of firewall / packet filer in front of their servers / VPSs? If so, make sure that traffic from any host, for both TCP and UDP, is allowed to pass on Port 53.

Note: You still won’t be able to resolve third party domains from outside your box, which is normal. However, if port 53/udp is accessible, you should get the following response instead of a timeout:

; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 24654
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; EDE: 20 (Not Authoritative)
;; QUESTION SECTION:
;google.com.			IN	A
1 Like
#3

Thank you, it really was an issue with my VPS provider — they cut 53/udp on AntiDDOS

1 Like
#4

This topic was automatically closed 40 days after the last reply. New replies are no longer allowed.