Public DNS (nsd4) is not running ([Errno 111] Connection refused; port 53)

I recently started getting this error on our box. I tried updating by re-running install script but it did not help. I have not modified the box in any way and it had previously successfully ran our email for ~4months with no issues. Any advice on what I should do to fix this?

Is there an upstream firewall blocking and/or not routing port 53?

Have you checked if nsd is running?

service nsd start
1 Like

That fixed it - thank you!

Now, I always have this error. Even if I run

service nsd start

the message

Public DNS (nsd4) is not running ([Errno 111] Connection refused; port 53).

still persists in the admin panel. Any other ideas how to fix this?

Thank you!

Thank you Josh. I have checked the status page, re-ran setup, and rebooted the box. Have also ran:

sudo service nsd start

but still can’t clear this message. The only thing custom I have done to this box is I did change the SSH port to a custom port but it is definitely not port 53 so I doubt it can cause this issue.

Is the box still working correctly otherwise? Can you share the box’s primary domain name?

The box is working but flaky and a bit slow. We have about 40 email accounts on the box and it is hosted on dedicated xeon server hardware in OVH datacenter in Canada.

I use Postbox email client and typical problem is message I receive below:

Sending of message failed.
The message could not be sent because the connection to SMTP server timed out. Try again or contact your network administrator. Additionally, verify that your firewall or antivirus program is not preventing Postbox from sending email.

Usually, if I continue trying, the email goes through. This might be due to Chinese great firewall or maybe it is due to the DNS issue. I’m not sure and just trying to clear this error code to trouble shoot it.

Thanks again.

A timeout suggests the DNS is actually working but that your box may need more resources to keep up, or that there are other connection issues between you and it. I’m not sure what the nsd issue is then.

FYI to follow up, I finally cleared this error by adding:

listen-on port 53 { any; };

into the /etc/bind/named.conf.options file.

Not sure of the long term outcome this may cause but for now it finally has my DNS server running and so I can input a new A record which we need.

I have been getting the same error on a different port (8893) and was wondering if you @smewp have any updates to your fix since it’s been a little while since you’ve implemented it.

@smewp, mailinabox runs two resolvers: nsd listening on the public port, and bind listening on localhost. That way nsd is the authoritative server for your domain, and bind is just a caching recursive resolver for the processes running on the box.

If you tell bind to listen on all addresses, and it takes over your public IP before nsd, you’re not going to have an authoritative server for your domain.

If you’re handling your own DNS, that’s fine. But if you want mailinabox to take care of DNS (which I sure do), then there’s a good chance you’re going to have problems.

@uca, sounds like a problem with your opendmarc process? Did rebooting the box or running setup again fix it?

i will go find out how to start opendmarc service. i am handing my dns through route53 because it is mandatory that I am able to use sendy for my newsletter. I know i must have something messed up because (although we are 10/10 on mail-tester for both the box and sendy, we are getting some rejected emails and some not delivered. and we’re probably getting caught in spam sometimes too.).

We absolutey do NOT send any spam so figure it probably relates to our spf,dkim and stuff. here are all my settings on both the box and in route 53. everything is on separate servers instances. dedicated vultr magnetic HDD server instance because we want lots of storage. aws instance elastic beanstalk instances

any suggestions?

Unfortunately this doesn’t solve my issue :(.
Any other thing to help this resolve?

I had the exact same problem, and this saved me! Thanks!