[colug-432] CentOS 7 weird DNS network oddity...

Joshua Kramer joskra42.list at gmail.com
Sat Feb 21 22:15:35 EST 2015


Okay, so I forgot one very important command after configuring the firewall:
firewall-cmd --reload

Thanks Greg, your comment about zones made me look at the firewall-cmd man
page (which I should have done to start).  That's where I found out that
changes aren't active until you reload.

On Sat, Feb 21, 2015 at 10:03 PM, Greg Sidelinger <gate at ilive4code.net>
wrote:

> Did you add the DNS service to the right zone with firewall-cmd?  That has
> gotten me more than once.  I do have a tendency to do a iptable -F anytime
> I think it's netfilter.  Granted I think the proper way is to stop the
> firewalld service.
>
>
> On Saturday, February 21, 2015, Joshua Kramer <joskra42.list at gmail.com>
> wrote:
>
>> Hello Everyone,
>>
>> I have a really weird problem here.  For reference, the client is my
>> laptop, which is running CentOS 7.  The server is also running CentOS 7.
>>
>> The server is basically a KVM host, though it also runs NFS and DNS.  I
>> have a virtual network set up that is routed and connected to my primary
>> enp2s0.
>>
>> The primary address of the physical server is 192.168.2.220.
>> The virtual network address of the server is 192.168.4.1.
>> My laptop is on a 192.168.3 subnet.
>>
>> I can ssh from my laptop to the physical server at its .4.1 address.  I
>> can also ssh from my laptop to virtual machines running in the server, for
>> example, at .4.10.  I can even telnet to .4.1 on port 53 from my laptop and
>> it will connect and then close the connection.
>>
>> Virtual machines running on the server can use the DNS server no problem,
>> to resolve both internet-bound names and names of other virtual machines on
>> that internal network.
>>
>> My laptop cannot use the DNS server!  I notice when I telnet to the dns
>> port from one of the virtual machines, the connection opens and stays
>> open.  If I telnet to the dns port from my laptop, it opens then
>> immediately closes.  Relevant named.conf lines are:
>>
>> listen-on port 53 { 127.0.0.1; 192.168.4.1; };
>> allow-query     { localhost; 192.168/16; };
>> recursion yes;
>> allow-recursion { 192.168/16; };
>>
>> I've made sure the selinux contexts are correct for the files, and I've
>> used firewall-cmd to allow DNS queries through.  Where should I look next?
>>
>> Thanks!
>> -JK
>>
>
>
> --
> ------------------------------------------
> Sent from mobile device.... Please ingore my many typos.
>
> _______________________________________________
> colug-432 mailing list
> colug-432 at colug.net
> http://lists.colug.net/mailman/listinfo/colug-432
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.colug.net/pipermail/colug-432/attachments/20150221/b44d5007/attachment.html 


More information about the colug-432 mailing list