Solved ZeroTier and Bind

stacksofplates

Anyone done ZT with a Bind server? I can't get responses from the ZT address.

scottalanmiller

Can you ping it?

stacksofplates

@scottalanmiller said in ZeroTier and Bind:

Can you ping it?

Ya I can ping and ssh over that interface.

scottalanmiller

What does netstat -tulpn tell you about the BIND listening port?

stacksofplates

@scottalanmiller said in ZeroTier and Bind:

What does netstat -tulpn tell you about the BIND listening port?

Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 127.0.0.1:9993          0.0.0.0:*               LISTEN      -                   
tcp        0      0 10.0.0.7:53             0.0.0.0:*               LISTEN      -                   
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      -                   
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      -                   
tcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN      -                   
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      -                   
udp        0      0 0.0.0.0:9993            0.0.0.0:*                           -                   
udp        0      0 0.0.0.0:49994           0.0.0.0:*                           -                   
udp        0      0 10.0.0.7:53             0.0.0.0:*                           -                   
udp        0      0 127.0.0.1:53            0.0.0.0:*                           -                   
udp6       0      0 :::9993                 :::*                                - 

So it's only showing up on the eth0 interface and LO. I did an nmap scan of the ZT address and both port 53 and the DNS service showed up. I didn't specify any listening addresses in the Bind config, just so it would use everything. Do you think this has to do with the ZT interface being a TUN/TAP and not a "real" interface?

I wonder how to get Bind to listen on 0.0.0.0:53 like SSH?

Edit: cut out some stuff that didn't have to do with ZT or DNS.

scottalanmiller

Could be but seems unlikely. Maybe it is just binding to the first interface that it sees?

dafyre

Check and make sure the firewall ports are open for the ZT0 interface?

stacksofplates

@scottalanmiller said in ZeroTier and Bind:

Could be but seems unlikely. Maybe it is just binding to the first interface that it sees?

I'll see if specifying the ZT IP as the listening address in that zone fixes it.

stacksofplates

@dafyre said in ZeroTier and Bind:

Check and make sure the firewall ports are open for the ZT0 interface?

Does it have separate firewall settings than the device it's using? I checked to see what firewalld zone it was in, but it says it's not in one. I don't know how to add a TUN/TAP interface to a zone since it doesn't have a normal ifcfg file.

stacksofplates

So as is with most things. I actually did set an address for Bind in named.conf. I just needed to add the ip address to listen on and add the zone for recursion and it's working now. Thanks!