I've got a cheap openvz Ubuntu vps and i'm trying to run my own dns server on it for learning purpose.
The dns server works fine in localhost (on the vps through ssh), i can query it using dig google.com @127.0.0.1 and i get the expected result (which is not the IP of google.com but a custom one).
When i try to query the dns server from outside the vps, using the same command, I do get a reply but the IP is not what I expect (it's an actual google.com IP).
After further investigation I found out my dns server is not receiving/sending packets when the query is done from outside the vps. So the answer is sent by something else, it seems like inbound packets with destination port 53 are deviated, they do not even reach my dns server.
I tried to query my dns server, still from outside, but this time while the VPS was SHUTDOWN. Magically i got a reply from god knows who.
Changing port from 53 to 54 everything works perfectly. The problem is i need it to use port 53.
I don't have iptables rules nor any other firewall doing something related to port 53
I also tried to query some other random vps, from different hosting providers, seems like everyone has a dns server running! Why does everyone reply?
Of course i asked technical support, that's what they said:
Hello, Sorry but we don't do "software" technical support on VPS. We deliver the hosting and the operating systems, customers that order VPS are their own admins, and have to know how to manage a linux server. We don't block any port on our side. Best regards, Support
Problem solved, it's my ISP intercepting and replying to dns queries. I can do
dig google.com @1.2.3.4and i get a reply :DWho wants to know more about this:
ISP Intercepting DNS Lookups