Can connect to port 53 but nslookup fails
Trying to get my DNS back up and running after my server was shut down for a week. My issue is that I can ping / telnet port 53 fine from the outside world, and I can nslookup fine from inside the network, but I can't nslookup from outside.
Nslookup from inside network:
> nslookup ve4edj.ca 192.168.1.50
Server: 192.168.1.50
Address: 192.168.1.50#53
Name: ve4edj.ca
Address: 24.77.125.34Telnet from outside world:
> telnet 24.77.125.34 53
Trying 24.77.125.34...
Connected to 24.77.125.34.
Escape character is '^]'.
^]
telnet> q
Connection closed.Nslookup from outside world:
> nslookup ve4edj.ca 24.77.125.34
;; connection timed out; no servers could be reached1 Answer
For completeness sake, as an answer.
I can connect using TCP:
[root@server ~]# dig ve4edj.ca @24.77.125.34 +noedns +tcp
; <<>> DiG 9.11.1 <<>> ve4edj.ca @24.77.125.34 +noedns +tcp
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32111
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;ve4edj.ca. IN A
;; ANSWER SECTION:
ve4edj.ca. 3600 IN A 24.77.125.34
;; Query time: 234 msec
;; SERVER: 24.77.125.34#53(24.77.125.34)
;; WHEN: Tue May 23 20:39:24 CEST 2017
;; MSG SIZE rcvd: 43Nmap reports port 53 UDP as open/filtered (AKA not responding):
[root@server ~]# nmap -p53 -sU -sT -sV 24.77.125.34
Starting Nmap 7.40 ( ) at 2017-05-23 20:35 CEST
Nmap scan report for S01063cce738ef858.wp.shawcable.net (24.77.125.34)
Host is up (0.24s latency).
PORT STATE SERVICE VERSION
53/tcp open domain Microsoft DNS 6.1.7601
53/udp open|filtered domain
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
Service detection performed. Please report any incorrect results at .
Nmap done: 1 IP address (1 host up) scanned in 103.28 secondsA tcpdump analysis further confirms that no responses are received when using UDP.
This means something (like a firewall) along the way isn’t letting the UDP traffic through. Since it’s probably a setup with port forwarding, you might want to take a look at that.
DNS queries are by default sent using UDP. Furthermore, DNS resolvers may not fall back to using TCP.
