query-source to all

Cathy Almond cathya at isc.org
Mon Aug 10 10:22:43 UTC 2009


Nelson Serafica wrote:
> Is it possible to set query-source to all? I'm using AMAZON EC2 and I
> want to setup a DNS Server. I just notice it was bind to private ip
> address. Since the public ip address was not on the OS ( probably a NAT
> define by AMAZON), I cannot connect to it even just a telnet. When I do
> netstat:
> 
> tcp        0      0 10.252.178.180:53          
> 0.0.0.0:*                   LISTEN      28428/named
> tcp        0      0 127.0.0.1:53               
> 0.0.0.0:*                   LISTEN      28428/named
> tcp        0      0 127.0.0.1:953              
> 0.0.0.0:*                   LISTEN      28428/named
> udp        0      0 10.252.178.180:53          
> 0.0.0.0:*                               28428/named
> udp        0      0 127.0.0.1:53               
> 0.0.0.0:*                               28428/named
> 
> However, when I do nmap to the public ip, port 53 was not open. I
> already open port 53 TCP and UDP but still to no avail. I did
> query-source all port *; on named.conf but still keep on listening to
> 10.252.178.180. My suspect is it keeps on listening to 10.252.178.180
> that's why I cannot connect to it.
> 
> I'm using bind-9.5.0-P2.


It sounds like you need to configure the interfaces on which named
listens for incoming queries rather than the IP address it uses for
sending its own onward lookups?  In that case you should be looking at
the listen-on option rather than query-source.

Whether this will solve your problem or not depends on how your server
is set-up on Amazon EC2.

Cathy



More information about the bind-users mailing list