DNS proxy -- ;; connection timed out; no servers could be reached

In below test results:
xxxxxxx = Cloudflare DNS proxy host
yyyyyyy = internal host/dns client

I’ve installed Cloudflare DNS proxy on centOS7 , which works fine when testing from the box:
[[email protected] cloudflared]# dig @127.0.0.1 google.com

; <<>> DiG 9.9.4-RedHat-9.9.4-74.el7_6.2 <<>> @127.0.0.1 google.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27149
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1452
; OPT=12: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 (.) (.) (.) (.) (.) (.) (.) (.) (.) (.) (.) (.) (.) (.) (.) (.) (.) (.) (.) (.) (.) (.) (.) (.) (.) (.) (.) (.) (.) (.) (.) (.) (.) (.) (.) (.) (.) (.) (.) (.) (.) (.) (.) (.) (.) (.) (.) (.) (.) (.) (.) (.) (.) (.) (.) (.) (.) (.) (.) (.) (.) (.) (.) (.) (.) (.) (.) (.) (.)
;; QUESTION SECTION:
;google.com. IN A

;; ANSWER SECTION:
google.com. 282 IN A 172.217.17.46

;; Query time: 5 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Sep 05 06:38:26 UTC 2019
;; MSG SIZE rcvd: 138

[[email protected] cloudflared]#

However, when trying to use the DNS proxy from another DNS client (host yyyyyyy ) , I get timeout error:

[[email protected] ]# dig @ google.com

; <<>> DiG 9.9.4-RedHat-9.9.4-74.el7_6.2 <<>> @ google.com
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached

Both boxes are centOS 7, without firewall running.

When checking with netcat from the client, running tcpdump on the DNS-proxy (xxxxxxx) gives:
07:07:11.848168 IP IP yyyyyyy.45318 xxxxxxx.domain: [|domain]
07:07:11.848210 IP xxxxxxx - IP yyyyyyy: ICMP xxxxxxx udp port domain unreachable, length 37

Thats a local network issue. Probably some sort of firewall on either machine or inbetween.

Best to take that to StackExchange.

On both dns client and server (cloudflared dns proxy):
firewall-cmd --state
not running

On DNS -proxy:
netstat -plunt
udp 0 0 127.0.0.1:53 0.0.0.0:* 948/cloudflared

Cloudflare support helped me out on this one:
added two lines to the config.yml in /etc/cloudflared

proxy-dns-port: 53
proxy-dns-address: -internal IP of the DNS proxy-

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.