Running Iodine behind BIND9

[Anime4000]

I successfully configure and running BIND9 on VPS.

However, I tried to run Iodine in same server, so run Iodine at port 5353.

I configure /etc/bind/named.conf.local

zone "i.domain.org" {
	type forward;
	forward only;
	forwarders {
		127.0.0.1 port 5353;
	};
};

Iodine tell me: .Got NXDOMAIN as reply: domain does not exist

when I try using iptable
iptables -t nat -A PREROUTING -i eth0 -p udp --dport 53 -j DNAT --to :5353
cause BIND9 not responding.

You have any idea?

[frekky]

Hi Anime4000!
I haven't had time to test the DNS forwarding component so there is a good chance that it doesn't work properly. If you run wireshark on the same machine (if you only have a console such as over SSH, you can use tshark or try wireshark capture over SSH and make sure that iodine is forwarding valid DNS packets to the BIND9 server. You should be able to see both the original query sent (ie. to port 53) and the forwarded query sent by iodine (to port 5353). Note that the forward queries and responses (between iodine and BIND9) might be on the local loopback interface (something like lo0 on Debian if I remember correctly.)
If it looks like iodine is sending weird or invalid forwarded queries then let me know, otherwise you may be able to use Wireshark to debug your firewall configuration and make sure that BIND9 is configured correctly.
Good luck!

[Anime4000]

Hi @frekky

I configure different way which is works.

1. Configure BIND9 to use port OPTIONS="-u bind -4 -p 5353"
2. Configure Iodine to forward non Iodine to BIND9 via 5353 -b 5353

this config not recommended, for first time to cache DNS, it take sometime to get a reply.

I try to analyze what cause BIND9 forward not working

[Anime4000]

I tried iodine without sub-domain and BIND9.
simply run iodine/d with example.com (no sub-domain) and works much faster!

Just need domain hosting to point nameserver to iodined server