| Virus-free. www.avast.com |
Ok, what about this (again, run it from the malfunctioning DNS, root is
needed for the second and third command):
dig in a debian.org @127.0.0.1
ss -nplu
iptables-save
> As previously mentioned each server and client has 2 network cards, one
> which provides internet access to the client or server, and the other
> provides internal services that are on the local network after the
> firewall, the DNS server shouldn't be accessible by any clients or servers
> that are on the internet/external side of my router/firewall.
You're talking about inbound connections, but your problem may lie with
the outbound ones.
root@debian:~# dig in a debian.org @127.0.0.1
; <<>> DiG 9.10.3-P4-Debian <<>> in a debian.org @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 22821
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;debian.org. IN A
;; Query time: 336 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat Feb 24 12:38:39 GMT 2018
;; MSG SIZE rcvd: 39
root@debian:~# ss -nplu
State Recv-Q Send-Q Local Address:Port Peer Address:Port
UNCONN 0 0 10.0.2.20:53 *:* users:(("named",pid=1193,fd=515))
UNCONN 0 0 192.168.0.61:53 *:* users:(("named",pid=1193,fd=514))
UNCONN 0 0 127.0.0.1:53 *:* users:(("named",pid=1193,fd=513))
UNCONN 0 0 *:68 *:* users:(("dhclient",pid=456,fd=6))
UNCONN 0 0 :::53 :::* users:(("named",pid=1193,fd=512))
root@debian:~# iptables-save
root@debian:~#