NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
DNS port forward
Hello all
I seem to be having trouble forwarding DNS to my server.
I have setup port forwarding 53 TCP/UDP to my server IP, but when I test it I only get a responce from TCP. To test I se...
> Read my second post, it does tell you what I did to test.
I don't have an account with BuddyNS, so I assume that I can't use
their "a test service within there consol", and "UDP queries ERROR"
doesn't tell me much, either. I'm far from an authority, but my dim
impression was that UDP was used for DNS much more than TCP, so that if
UDP port forwarding was bad, hardly anything would work. (And, as I
said, "I haven't noticed any problems" around here, but I don't know how
to reproduce your test(s).)
> Although it doesn't say [...]
No, it does say. As I said, I was looking for a way to compare the
behavior of your server with that of mine from an outside-world
location. And, as I complained before, "I have also used several other
internet based DNS test services" was less than helpful.
> I changed my firmware to tomotoUSB [...] I'm thinking of ditching the
> router as this is the obvious problem [...]
You think that the _hardware_ is the problem? That wouldn't be my
first guess.
Prerequisits:
A hosted domain (domain.tld)
Ability to assign custom domain servers to that domain.
Point the primary NS server to ns1.domain.tld along with the IP. This is your external (Internet) IP. This should be static.
Point the secondary NS server to ns2.domain.tld with the buddydns server IP you have selected.
Install Bind9 (named) on a machine on your LAN. I installed it on a debian9 server.
Setup the domain (domain.tld) on bind as a master (authoritive)
Setup delegation and domain transfer as per the instructions on buddydns.
Ensure you have port forwarding setup on your router with port 53 UDT/TCP pointing to the IP of the machine with bind on it.
You will need to ensure any firewall in operation on the machine with bind on it is allowing port 53
Note: When you change the DNS settings with your provider it can take up to 48 hours to propogate.
When you make changes on your bind server the changes take effect immediately, but can take up to 48 hours to propogate to all servers.
your hosted domain (domain.tld) is often refered to as FQDN.
Google is your friend when locating a DNS testing service.
I'm currently investigating changing the firmware to some other third party firmware to see of that will resolve the issue. And the router isn't under warranty, so if I brick it I'll simply upgrade to the X10.
Regards
Fred
> Prerequisits:
> [...]
Thanks for the lecture. I have a domain and a DNS server under my
control.
> Google is your friend when locating a DNS testing service.
Google does not tell me how you tested your DNS server, which, as you
may recall, is what I asked. My goal was not to waste my time trying to
guess how to replicate your tests and/or results. It still is.
antinode wrote:
> Prerequisits:
> [...]
Thanks for the lecture. I have a domain and a DNS server under my
control.
> Google is your friend when locating a DNS testing service.
Google does not tell me how you tested your DNS server, which, as you
may recall, is what I asked. My goal was not to waste my time trying to
guess how to replicate your tests and/or results. It still is.Read my second post, it does tell you what I did to test. Although it doesn't say I did the nc command tests from another server on my LAN.
I changed my firmware to tomotoUSB in an attempt to resolve this, but that didn't work for me, so I switched back to the factory firmware. I'm thinking of ditching the router as this is the obvious problem and I'm simply not skilled enough to resolve the problem myself.
Regards
Fred
> Read my second post, it does tell you what I did to test.
I don't have an account with BuddyNS, so I assume that I can't use
their "a test service within there consol", and "UDP queries ERROR"
doesn't tell me much, either. I'm far from an authority, but my dim
impression was that UDP was used for DNS much more than TCP, so that if
UDP port forwarding was bad, hardly anything would work. (And, as I
said, "I haven't noticed any problems" around here, but I don't know how
to reproduce your test(s).)
> Although it doesn't say [...]
No, it does say. As I said, I was looking for a way to compare the
behavior of your server with that of mine from an outside-world
location. And, as I complained before, "I have also used several other
internet based DNS test services" was less than helpful.
> I changed my firmware to tomotoUSB [...] I'm thinking of ditching the
> router as this is the obvious problem [...]
You think that the _hardware_ is the problem? That wouldn't be my
first guess.I have mananged to resolve the issue.
I went back to a smoothwall firewall and simply attached my router to it as an AP. Now the router does nothing but connect wireless clients and the smoothwall does all the internet management.
Port 53 UDP has security issues, so I'm assuming netgear have setup security so hard for my router that it blocks it completely. As I understand it, port 53 TCP is used prodominently for basic DNS requests, where port 53 UDP for the most part is used for delegation/transfer etc requests.
Regards
Fred