I've configured a dnsmasq service into my servers network. I can query it correctly from local server and "brothers" servers in the network.
root@yyy ~# nslookup google.com 172.25.x.xxx
Server: 172.25.x.xxx
Address: 172.25.x.xxx#53
Non-authoritative answer:
Name: google.com
Address: 216.58.210.174
However when I try to query it from my dev machine (range 172.144.x.x) I get no response. Ports are correctly open (tested with nmap and telnet).
$ nmap -p 53 172.25.x.xxx -Pn
Starting Nmap 7.01 ( https://nmap.org ) at 2017-04-12 17:54 CEST
Nmap scan report for 172.25.x.xxx
Host is up (0.0018s latency).
PORT STATE SERVICE
53/tcp open domain
Nmap done: 1 IP address (1 host up) scanned in 0.05 seconds
$ nslookup google.com 172.25.x.xxx
connection timed out; no servers could be reached
It seems like the flag –local-service is enabled however I've set interface and listen-address variables
interface=eth0
listen-address=127.0.0.1,172.25.x.xxx
I've saw that –local-service is enabled by default but not when using "interface" and "listen-address". Is there any way to check in is still active?
edit
Seems it could be a udp/tcp related issue. This query works from my dev network
$ dig +tcp +short cnn.com @172.25.7.110
151.101.129.67
151.101.193.67
It seems strange because dev and server machines can "talk" udp. (tested with "netcat -u -l -p 53" on server and "netcat -u 172.25.x.xxx 53" on dev machine)
Best Answer
The firewall rules is the culprit it seems. Check the
nmap
list:53/tcp
. Make sure UDP is allowed as well.