[colug-432] CentOS 7 weird DNS network oddity...

Rick Hornsby richardjhornsby at gmail.com
Sat Feb 21 22:05:36 EST 2015

Joshua Kramer wrote:
> Hello Everyone,
> I have a really weird problem here.  For reference, the client is my 
> laptop, which is running CentOS 7.  The server is also running CentOS 7.
> The server is basically a KVM host, though it also runs NFS and DNS.  
> I have a virtual network set up that is routed and connected to my 
> primary enp2s0.
> The primary address of the physical server is
> The virtual network address of the server is
> My laptop is on a 192.168.3 subnet.
> I can ssh from my laptop to the physical server at its .4.1 address.  
> I can also ssh from my laptop to virtual machines running in the 
> server, for example, at .4.10.  I can even telnet to .4.1 on port 53 
> from my laptop and it will connect and then close the connection.
> Virtual machines running on the server can use the DNS server no 
> problem, to resolve both internet-bound names and names of other 
> virtual machines on that internal network.
> My laptop cannot use the DNS server!  I notice when I telnet to the 
> dns port from one of the virtual machines, the connection opens and 
> stays open.  If I telnet to the dns port from my laptop, it opens then 
> immediately closes.
Sorry I don't have much in the way of help with your problem directly, 
but this might help your troubleshooting -

DNS queries are usually over UDP.  TCP is usually reserved for zone 
transfers, not for standard queries.  If you're using telnet, then 
you're using TCP.

If you want to talk to something over UDP, I'd recommend using netcat 
(nc).  Because UDP is stateless and there is no established connection, 
you'll probably want to try to form a DNS query to send so that you can 
get a reply to confirm the message made it.

If you're trying to diagnose the network (as opposed to the DNS server 
itself) you could shut down the DNS server and bind a netcat listener 
using UDP on the server to make it a little easier.  You can send any 
string you want (doesn't have be a proper DNS query) and it should show 
up on the other side.

> Relevant named.conf lines are:
> listen-on port 53 {;; };
> allow-query     { localhost; 192.168/16; };
> recursion yes;
> allow-recursion { 192.168/16; };
> I've made sure the selinux contexts are correct for the files, and 
> I've used firewall-cmd to allow DNS queries through.  Where should I 
> look next?
> Thanks!
> -JK
> _______________________________________________
> colug-432 mailing list
> colug-432 at colug.net
> http://lists.colug.net/mailman/listinfo/colug-432


More information about the colug-432 mailing list