Trying to propagate my domain--getting 'unreachable - admin prohibited'

Net Llama! netllama
Mon Jun 27 23:21:58 PDT 2005 

On 06/27/2005 09:02 PM, John King wrote:
> I am trying to get my nameserver to propagate my domain to Internet but its 
> just not happening. I can see the requests coming in using tcpdump, but each 
> request is met with "unreachable - admin prohibited":
> 
> 20:33:49.504131 IP 202.188.0.181.36949 > 192.168.100.3.domain: 17223 A? 
> mydomain.com <http://mydomain.com>. (24)
> 20:33:49.504242 IP 192.168.100.3 <http://192.168.100.3> >
> 202.188.0.181<http://202.188.0.181>:
> icmp 60: host 192.168.100.3 <http://192.168.100.3> unreachable - admin 
> prohibited
> 
> 
> I have the server behind a linksys router. The external IP of the router is 
> what the registrar was instructed to send requests to (nameserver) and I 
> have the linksys router rigged to forward all port 53 traffic to the server 
> (192.168.100.3 <http://192.168.100.3>).
> 
> Port 53 is indeed open on the server (portscanned from the LAN):
> 
> Starting nmap V. 3.00 ( www.insecure.org/nmap/<http://www.insecure.org/nmap/>)
> Interesting ports on
> dsl081-053-098.sfo1.dsl.speakeasy.net<http://dsl081-053-098.sfo1.dsl.speakeasy.net>(
> 64.81.53.98 <http://64.81.53.98>):
> (The 1596 ports scanned but not shown below are in state: filtered)
> Port State Service
> 21/tcp open ftp
> 22/tcp open ssh
> 53/tcp open domain
> 80/tcp open http
> 10000/tcp open snet-sensor-mgmt
> 
> Nmap run completed -- 1 IP address (1 host up) scanned in 189 seconds
> 
> and 53 is open to Internet on the router (portscanned from another server 
> out on Internet)
> 
> (The 1596 ports scanned but not shown below are in state: filtered)
> Port State Service
> 21/tcp open ftp
> 22/tcp open ssh
> 53/tcp open domain
> 80/tcp open http
> 
> As far as the server is concerned--named is running just peachy:
> 
> named 424 1 0 Jun25 ? 00:00:00 /usr/sbin/named -u named -t /var/named/chroot
> 
> and the zone file appears to be fine:
> 
> $TTL 180s
> @ IN SOA ns4.mydomain.com <http://ns4.mydomain.com>.
> webmaster.mydomain.com<http://webmaster.mydomain.com>.
> (
> 2005062602 ; Serial
> 180s ; Refresh Slaves
> 1H ; Retry
> 1W ; Expiry
> 1D ) ; Minimum
> ;
> 
> mydomain.com <http://mydomain.com>. IN NS
> ns4.mydomain.com<http://ns4.mydomain.com>
> .
> mydomain.com <http://mydomain.com>. IN NS
> ns5.mydomain.com<http://ns5.mydomain.com>
> .
> 
> mydomain.com <http://mydomain.com>. IN A 123.123.123.123<http://123.123.123.123>
> 
> localhost.mydomain.com <http://localhost.mydomain.com>. IN A
> 127.0.0.1<http://127.0.0.1>
> 
> mydomain.com <http://mydomain.com>. IN MX 0 mydomain.com<http://mydomain.com>
> .
> 
> mail IN CNAME mydomain.com <http://mydomain.com>.
> www IN CNAME mydomain.com <http://mydomain.com>.
> ftp IN CNAME mydomain.com <http://mydomain.com>.
> 
> So--the question is--why can't I propagate my domain name?
>  Thanks in advance--John

I'm pretty sure that DNS uses udp not tcp.

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
L. Friedman                       	       netllama at linux-sxs.org
LlamaLand		 		http://netllama.linux-sxs.org

  21:55:01 up 77 days,  8:13,  1 user,  load average: 0.29, 0.38, 0.36

More information about the Linux-users mailing list