From owner-freebsd-questions@freebsd.org Thu Oct 26 16:51:22 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C5EDBE4DFE2 for ; Thu, 26 Oct 2017 16:51:22 +0000 (UTC) (envelope-from trond@fagskolen.gjovik.no) Received: from smtp.fagskolen.gjovik.no (smtp.fagskolen.gjovik.no [IPv6:2001:700:1100:1:200:ff:fe00:b]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "smtp.fagskolen.gjovik.no", Issuer "Fagskolen i Gj??vik" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 5A5BBEE8 for ; Thu, 26 Oct 2017 16:51:22 +0000 (UTC) (envelope-from trond@fagskolen.gjovik.no) Received: from mail.fig.ol.no (localhost [127.0.0.1]) by mail.fig.ol.no (8.15.2/8.15.2) with ESMTPS id v9QGpBLW002870 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Thu, 26 Oct 2017 18:51:11 +0200 (CEST) (envelope-from trond@fagskolen.gjovik.no) Received: from localhost (trond@localhost) by mail.fig.ol.no (8.15.2/8.15.2/Submit) with ESMTP id v9QGpB2D002867; Thu, 26 Oct 2017 18:51:11 +0200 (CEST) (envelope-from trond@fagskolen.gjovik.no) X-Authentication-Warning: mail.fig.ol.no: trond owned process doing -bs Date: Thu, 26 Oct 2017 18:51:11 +0200 (CEST) From: =?ISO-8859-1?Q?Trond_Endrest=F8l?= Sender: Trond.Endrestol@fagskolen.gjovik.no To: Chris Maness cc: "freebsd-questions@freebsd.org" Subject: Re: Strange DNS behavior In-Reply-To: Message-ID: References: User-Agent: Alpine 2.21 (BSF 202 2017-01-01) Organization: Fagskolen Innlandet OpenPGP: url=http://fig.ol.no/~trond/trond.key MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII X-Spam-Status: No, score=-2.2 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00 autolearn=ham autolearn_force=no version=3.4.1 X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on mail.fig.ol.no X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Oct 2017 16:51:22 -0000 On Thu, 26 Oct 2017 08:10-0700, Chris Maness wrote: > I have been running my own DNS for years with glue records and the whole > nine yards. A couple of days ago (without warning) my DNS server stopped > resolving requests external to my local network. If I portscan my server > from outside my local network, I see that TCP port 53 is open. I can use > dig to resolve any host on that server as long as it is local, but if I try > to to use dig from a remote host. It just times out. I thought I might > have been hacked or something, but it does not appear that the named.conf > file has been changed since 2015 (according to the stamp). > > Any suggestions as to what could be the issue? Here are some very basic suggestions. As you probably know, DNS uses UDP and switches to TCP if it receives a truncated response or is told to do TCP right from the beginning. Make sure your ISP hasn't blocked UDP and TCP port 53 in your direction. Check your own packet filter/firewall just to be safe. You can restart your DNS server process, you'll lose whatever's in the cache, but that shouldn't matter too much. -- Trond.