Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


cPanel Server port 53 locked - can DNS be resolved on DNS Only?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

cPanel Server port 53 locked - can DNS be resolved on DNS Only?

Sokaris07Sokaris07 Member
edited May 2017 in Help

Hi,
I just want to see if this is possible:
I want to install cPanel on my personal server at home but my ISP has port 53 locked. Can I connect that server to others DNS Only servers to share the DNS and resolve it there? I just want to make sure I won't need port 53 before starting to migrate things.

I want to make full use of cPanel and not have to trouble to configure every DNS entry manually.

Thanks in advance :)

Comments

  • jarjar Patron Provider, Top Host, Veteran
    edited May 2017

    They didn't block 53 completely, probably just force you to use their DNS servers. Set their resolvers up on the server and you should be set. Should be easily found in your router config.

    You absolutely need outbound UDP/53 to work on that server. If for nothing more than reverse lookups performed by web server, SSH, and exim. The last of those three you can't sacrifice without huge loss, in the way of not checking incoming mail for spam.

    Thanked by 1Sokaris07
  • Outbound 53 is clear, only inbound is locked according to them.
    I have pfsense managing my NAT network and even after opening the port I can't connect to it.

  • jarjar Patron Provider, Top Host, Veteran

    Oh inbound. Yeah then you can use a DNS only install elsewhere and make sure that's your nameserver.

    Thanked by 1Sokaris07
  • I've just remembered that I won't be able to change rDNS... Will that affect email a lot? :x

  • jarjar Patron Provider, Top Host, Veteran

    @Sokaris07 said:
    I've just remembered that I won't be able to change rDNS... Will that affect email a lot? :x

    Yeah you'll want to route mail through another server too.

  • Sokaris07Sokaris07 Member
    edited May 2017

    Won't a GRE Tunnel work? Honestly I rather do that since the idea is to keep budget down :b

    Thanks in advance btw :)

  • jarjar Patron Provider, Top Host, Veteran

    I suppose that'd work :)

    Thanked by 1Sokaris07
  • raindog308raindog308 Administrator, Veteran

    Sokaris07 said: ISP has port 53 locked

    I'd consider an ISP forcing me to use only their DNS server to be a deal breaker...you need to either find a new ISP or VPN out.

    If they can force you to use their DNS, then they can also

    (1) block anything they want (torrents, sites critical of that ISP, etc.)

    (2) redirect and impersonate anything

    (3) land you on an obnoxious advertising page if something doesn't resolve

    ...not to mention, it's a fantastic vulnerability if they're ever compromised.

    Etc. It's coercive, unwise, and just wrong.

  • raindog308raindog308 Administrator, Veteran

    Sokaris07 said: install cPanel on my personal server at home

    Are you NATted at home (like 99% of users)? If so, how is cPanel going to activate?

    Maybe things have changed but last time I admin'd cPanel, it expected its IP to be a publicly routable address.

    Thanked by 1netomx
  • @raindog308 I'm not forced to use their DNS. I just can't open port 53 from outside to inside so I can't create a DNS server from the inside but I can connect to others. Actually I'm using Google's DNS right now to unlock some website blocks :P

    I have NAT routing inside my house but according to their documentation 1:1 NAT is already supported (https://documentation.cpanel.net/display/ALD/1:1+NAT) and if I create a GRE Tunnel I think I can set the final IP as the public cPanel IP.

  • netomxnetomx Moderator, Veteran

    I really hope so you are just playing with cpanel. Hosting business in a home connection is just wrong, mate.

  • It's for personal use and friends only don't worry :)

Sign In or Register to comment.