I installed Hestia as usual but after installation I added users and domains but in my case user domains cant load successfully.
Is there anything after install to customize just to make DNS work properly?
I installed Hestia as usual but after installation I added users and domains but in my case user domains cant load successfully.
Is there anything after install to customize just to make DNS work properly?
Problem is that DNS is not responding from outside, port 53 is not blocked in firewall but what to do to make DNS work?
named.conf.options
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
//forwarders {
// 8.8.8.8;
// 8.8.4.4;
// };
//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See https://www.isc.org/bind-keys
//========================================================================
dnssec-validation auto;
auth-nxdomain no;
allow-recursion { any; };
allow-transfer {"none";};
hostname none;
listen-on-v6 { none; };
server-id none;
version none;
};
resolv.conf
nameserver 192.168.0.1
network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
source /etc/network/interfaces.d/*
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
allow-hotplug eno1
iface eno1 inet dhcp
dns-nameservers 8.8.8.8 8.8.4.4
Check if bind/named is listening on port 53 (tcp and udp):
lsof -Pn +c0 -i:53
Also check the firewall rules:
iptables -S | grep ' 53 '
I forgot to say that you shouldn’t allow recursion to any client, that’s a security risk.
Hestia’s default value is allow-recursion { 127.0.0.1; ::1; };
so you have modified it.
@server:~# lsof -Pn +c0 -i:53
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
named 150464 bind 41u IPv4 392143 0t0 UDP 127.0.0.1:53
named 150464 bind 42u IPv4 392144 0t0 UDP 127.0.0.1:53
named 150464 bind 43u IPv4 392145 0t0 UDP 127.0.0.1:53
named 150464 bind 44u IPv4 392146 0t0 UDP 127.0.0.1:53
named 150464 bind 45u IPv4 394308 0t0 TCP 127.0.0.1:53 (LISTEN)
named 150464 bind 46u IPv4 394309 0t0 TCP 127.0.0.1:53 (LISTEN)
named 150464 bind 47u IPv4 394310 0t0 TCP 127.0.0.1:53 (LISTEN)
named 150464 bind 50u IPv4 394311 0t0 TCP 127.0.0.1:53 (LISTEN)
named 150464 bind 53u IPv4 394312 0t0 UDP 192.168.0.150:53
named 150464 bind 54u IPv4 394313 0t0 UDP 192.168.0.150:53
named 150464 bind 55u IPv4 394314 0t0 UDP 192.168.0.150:53
named 150464 bind 56u IPv4 394315 0t0 UDP 192.168.0.150:53
named 150464 bind 57u IPv4 394316 0t0 TCP 192.168.0.150:53 (LISTEN)
named 150464 bind 58u IPv4 394317 0t0 TCP 192.168.0.150:53 (LISTEN)
named 150464 bind 59u IPv4 394318 0t0 TCP 192.168.0.150:53 (LISTEN)
named 150464 bind 60u IPv4 394319 0t0 TCP 192.168.0.150:53 (LISTEN)
@server:~# iptables -S | grep ' 53 '
-A INPUT -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
That looks fine.
Are you sure you are forwarding requests to tcp and udp port 53 to your server?
server cant resolve user domain - still not work
Share you domain or ip so I can check whether the ports are open.