DNS lookup doesn't work after update

Albros · Post by **Albros** » Wed Nov 23, 2016 6:24 am

Hi everybody! It is seems that after update of Vesta CP, DNS lookup doesn't work anymore. Probably Iptables blocks all DNS outer requests from system (CentOS 6). As result Wordpress can't update plugins, some tools doesn't work:

Code: Select all

/etc/sysconfig$ ping -c 1 api.wordpress.org
ping: unknown host api.wordpress.org

If I ping an IP - all is Ok:

Code: Select all

/etc/sysconfig$ ping -c 1 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=60 time=0.272 ms
--- 8.8.8.8 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.272/0.272/0.272/0.000 ms

This is certainly connected with rules in Iptables. If I switch Iptables off, everything works as supposed. Below is rules, which was qualified as "stateless" by some engineers at other forums:

Code: Select all

/etc/sysconfig$ iptables -L -n -v
Chain INPUT (policy DROP 9 packets, 1033 bytes)
 pkts bytes target     prot opt in     out     source               destination         
  305 2334K ACCEPT     all  --  *      *       212.*******        0.0.0.0/0           
    0     0 ACCEPT     all  --  *      *       127.0.0.1            0.0.0.0/0           
   51  8156 ACCEPT     tcp  --  *      *       87.******      0.0.0.0/0           multiport dports 22,3978 
  188 13015 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           multiport dports 80,443 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:53 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           multiport dports 25,465,587,2525 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           multiport dports 110,995 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           multiport dports 3306,5432 
   10   453 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:8083 
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 728 packets, 2833K bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain vesta (0 references)
 pkts bytes target     prot opt in     out     source               destination

As I newbie in Linux systems, could you please give me an advice - what command needed to unblock DNS requests. Many thanks in advance.

Additionally my /etc/resolv.conf has below content (I already tried different configs here and restarted server):

Code: Select all

# Generated by NetworkManager
search uaservers.net
options timeout:3 attempts:3
nameserver 8.8.8.8
DNS1=8.8.8.8
DNS2=8.8.4.4

mike08 · Post by **mike08** » Thu Nov 24, 2016 1:47 pm

Try this:

http://forum.vestacp.com/viewtopic.php? ... 471#p29471

Albros · Post by **Albros** » Fri Nov 25, 2016 6:14 am

mike08 wrote:Try this:

http://forum.vestacp.com/viewtopic.php? ... 471#p29471

Sorry, this solution doesn't work. Moreover it is connected with WHOIS protocol (port 43), but I need resolve problem with DNS (port 53) . Now I looking for way how to permit outgoing DNS connections.

Albros · Post by **Albros** » Fri Nov 25, 2016 7:30 am

It is seems that I found command for outer DNS requests

Code: Select all

iptables -I INPUT 3 --proto udp --sport 53 -j ACCEPT

But it is erased each time as I restart iptables. Is there any possibility in VestaCP firewall rules add OUTGOING rules or prohibit erasing outgoing rules from iptables?

sareak · Post by **sareak** » Fri Dec 02, 2016 5:38 pm

Same question is it posible to save rules permanently?

Post by **skurudo** » Thu Mar 02, 2017 6:57 pm

Did you try iptables-save ?

Vesta Control Panel - Forum