Hestia not resolving user domains

I installed Hestia as usual but after installation I added users and domains but in my case user domains cant load successfully.

Is there anything after install to customize just to make DNS work properly?

Problem is that DNS is not responding from outside, port 53 is not blocked in firewall but what to do to make DNS work?

named.conf.options


options {
        directory "/var/cache/bind";
         // If there is a firewall between you and nameservers you want
        // to talk to, you may need to fix the firewall to allow multiple
        // ports to talk.  See http://www.kb.cert.org/vuls/id/800113
         // If your ISP provided one or more IP addresses for stable
        // nameservers, you probably want to use them as forwarders.
        // Uncomment the following block, and insert the addresses replacing
        // the all-0's placeholder.
        //forwarders {
        //      8.8.8.8;
        //      8.8.4.4;
        // };


         //========================================================================
        // If BIND logs error messages about the root key being expired,
        // you will need to update your keys.  See https://www.isc.org/bind-keys
        //========================================================================
        dnssec-validation auto;
        auth-nxdomain no;
        allow-recursion { any; };
        allow-transfer {"none";};
        hostname none;
        listen-on-v6 { none; };
        server-id none;
        version none;
};

resolv.conf

nameserver 192.168.0.1

network/interfaces


# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
allow-hotplug eno1
iface eno1 inet dhcp
dns-nameservers 8.8.8.8 8.8.4.4


Check if bind/named is listening on port 53 (tcp and udp):

lsof -Pn +c0 -i:53

Also check the firewall rules:

iptables -S | grep ' 53 '
1 Like

I forgot to say that you shouldn’t allow recursion to any client, that’s a security risk.

Hestia’s default value is allow-recursion { 127.0.0.1; ::1; }; so you have modified it.

2 Likes
@server:~# lsof -Pn +c0 -i:53
COMMAND    PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
named   150464 bind   41u  IPv4 392143      0t0  UDP 127.0.0.1:53
named   150464 bind   42u  IPv4 392144      0t0  UDP 127.0.0.1:53
named   150464 bind   43u  IPv4 392145      0t0  UDP 127.0.0.1:53
named   150464 bind   44u  IPv4 392146      0t0  UDP 127.0.0.1:53
named   150464 bind   45u  IPv4 394308      0t0  TCP 127.0.0.1:53 (LISTEN)
named   150464 bind   46u  IPv4 394309      0t0  TCP 127.0.0.1:53 (LISTEN)
named   150464 bind   47u  IPv4 394310      0t0  TCP 127.0.0.1:53 (LISTEN)
named   150464 bind   50u  IPv4 394311      0t0  TCP 127.0.0.1:53 (LISTEN)
named   150464 bind   53u  IPv4 394312      0t0  UDP 192.168.0.150:53
named   150464 bind   54u  IPv4 394313      0t0  UDP 192.168.0.150:53
named   150464 bind   55u  IPv4 394314      0t0  UDP 192.168.0.150:53
named   150464 bind   56u  IPv4 394315      0t0  UDP 192.168.0.150:53
named   150464 bind   57u  IPv4 394316      0t0  TCP 192.168.0.150:53 (LISTEN)
named   150464 bind   58u  IPv4 394317      0t0  TCP 192.168.0.150:53 (LISTEN)
named   150464 bind   59u  IPv4 394318      0t0  TCP 192.168.0.150:53 (LISTEN)
named   150464 bind   60u  IPv4 394319      0t0  TCP 192.168.0.150:53 (LISTEN)

@server:~# iptables -S | grep ' 53 '
-A INPUT -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 53 -j ACCEPT

That looks fine.

Are you sure you are forwarding requests to tcp and udp port 53 to your server?

server cant resolve user domain - still not work

Share you domain or ip so I can check whether the ports are open.