I see some problems related to internal name resolution. My nethserver manages all the network, including DNS. I have some internal servers working, and they interact with each other with their respective FQDN which is configured in nethserver. For example: the server “server1.intdomain.corp” sends daily backups to “backupserver.intdomain.corp”.
Recently I installed DPI to prevent access to bitorrent network, and my servers started to fail. I think the problem is that, for some reason, nethserver treats the DNS queries of my internal servers as if they were destined to external DNS servers, which should be blocked by the firewall.
I take this conclusion because of what I see in the firewall logs, and because the “dig” and “nslookup” commands takes too long to process or fail.
firewall.log is filled with this:
Jul 31 11:12:23 gate kernel: Shorewall:em2_mac:DROP:IN=em2 OUT= MAC=00:26:b9:86:1f:e4:00:1e:67:52:54:4a:08:00 SRC=192.168.1.47 DST=192.168.1.1 LEN=68 TOS=0x00 PREC=0x00 TTL=64 ID=24869 DF PROTO=UDP SPT=39019 DPT=53 LEN=48
Jul 31 11:12:23 gate kernel: Shorewall:em2_mac:DROP:IN=em2 OUT= MAC=00:26:b9:86:1f:e4:00:1e:67:52:54:4a:08:00 SRC=192.168.1.47 DST=192.168.1.1 LEN=68 TOS=0x00 PREC=0x00 TTL=64 ID=24870 DF PROTO=UDP SPT=39019 DPT=53 LEN=48
Jul 31 11:12:28 gate kernel: Shorewall:em2_mac:DROP:IN=em2 OUT= MAC=00:26:b9:86:1f:e4:00:1e:67:52:54:4a:08:00 SRC=192.168.1.47 DST=192.168.1.1 LEN=68 TOS=0x00 PREC=0x00 TTL=64 ID=25622 DF PROTO=UDP SPT=39019 DPT=53 LEN=48
Jul 31 11:12:28 gate kernel: Shorewall:em2_mac:DROP:IN=em2 OUT= MAC=00:26:b9:86:1f:e4:00:1e:67:52:54:4a:08:00 SRC=192.168.1.47 DST=192.168.1.1 LEN=68 TOS=0x00 PREC=0x00 TTL=64 ID=25623 DF PROTO=UDP SPT=39019 DPT=53 LEN=48
And the “dig” command sometimes fails:
root@nube:~# dig respaldo.fmorales.vfmsa
; <<>> DiG 9.9.5-3ubuntu0.15-Ubuntu <<>> respaldo.fmorales.vfmsa
;; global options: +cmd
;; connection timed out; no servers could be reached
All my internal devices (servers, phones, desktops, etc) are configured statically with the DNS pointing to 192.168.1.1 (my nethserver). I don’t see why the nethserver is blocking these DNS queries.
I think this problem is not DPI’s fault. I think this is very old problem I have in my system, because before I enabled DPI I saw the same problem when the internet went off. But now that external DNS queries are effectively blocked and I have the issue all the time.
Can someone take a look at this? tell me if the problem is with nethserver or something in my network.
Thank you.