Hi there,
How I can setup dns role from cmd?
Looks like this is missing with the latest dnsmsg update.
Thanks
Hi @zimny,
this should set some default settings:
config set dns configuration NameServers 212.83.32.201,212.83.33.2,8.8.8.8
config set dnsmasq service CacheSize 4000 TCPPort 53 UDPPorts 53,67,69 access green dhcp-boot '' except-interface virbr0 status enabled tftp-status enabled
signal-event nethserver-dnsmasq-updateHi Markus,
Thanks for the tip.
Looks like after latest dnsmasg update upstream dns section donât work in NS7
Youâre welcome. What exactly does not work? DNS resolving for clients?
NS7 regardless of setup in ânetwork->dns serversâ always resolve queries using my ISP dns servers
I just have mobile phone at the moment, maybe you find something in the docs:
http://docs.nethserver.org/projects/nethserver-devel/en/v7/dns.html
Are you saying that clients are always resolving via the ISP servers,or NS itself. If itâs the clients, check here, under DHCP, that the DNS Servers entry is blank:
Cheers.
1 Like
I agree there is something funny going on, didnt have time to look yet, but here is some sample output:
[root@gr1 ~]# config getprop dns NameServers
172.16.5.5
[root@gr1 ~]# nslookup ftp.mydomain.com
Server: 127.0.0.1
Address: 127.0.0.1#53
** server can't find ftp.mydomain.com: NXDOMAIN
[root@gr1 ~]# nslookup ftp.mydomain.com 172.16.5.5
Server: 172.16.5.5
Address: 172.16.5.5#53
Name: ftp.mydomain.com
Address: 172.16.5.15
[root@gr1 ~]# nslookup google.com
Server: 127.0.0.1
Address: 127.0.0.1#53
Non-authoritative answer:
Name: google.com
Address: 172.217.20.78
[root@gr1 ~]#
ftp.mydomain.com has been defined as DNS record on 172.16.5.5 but can not be resolved from 172.16.5.10 without forcing the use of that nameserver. A public record can be found.
Clients work fine and can resolve both local and public records. Noticed this behaviour 3 days ago but didnt have time to further investigate yet.
can you post, you can use a gist https://gist.github.com/
[root@ns7dev5 ~]# db hosts show
[root@ns7dev5 ~]# cat /etc/hosts
[root@ns7dev5 ~]# cat /etc/dnsmasq.conf
2 Likes
Not sure if that request was at me as well, but here is my output just the same 
yep nothing bad
Iâm the author of the new update of nethserver-hosts & nethserver-dnsmasq. We introduce a feature for a wildcard domains property
eg: sub.domain.com matches domains.com
Of course only if decided by the sysadmin, you can notice the new checkbox and a new property âWildcardModeâ
in dnsmasq.conf
# redirect all subdomains to : ftp.titi.com
address=/ftp.titi.com/192.168.12.56
As far I see you are not concerned in your gist.
That was the gist from the mailserver. Here is the one from my DNS server:
The issue is, that on the mailserver I can not resolve ftp.mydomain.com for instance:
[root@mailserver ~]# nslookup ftp.mydomain.com
Server: 127.0.0.1
Address: 127.0.0.1#53
** server can't find ftp.mydomain.com: NXDOMAINI bet your dns server is not up to date, the last version are
nethserver-hosts-1.2.2-1.ns7.noarch
nethserver-dnsmasq-1.6.6-1.ns7.noarch
what is your network architecture, some clues maybe are needed. Iâm not sure that the update is the reason of this issue.
1 Like
Ugh ⊠now you are forcing me to make vague drawings as I never learned to properly model these things 
You are right on updates, will update and check again
1 Like
Output after update, nothing changed:
Network topology:
I am not yet awake enough to draw⊠let me describe it, itĆ pretty simple:
Internet is attached to a dedicated firewall with 2 WAN IPâs
The firewall serves 3 LAN segments, 2 of which we will ignore now.
The third segment is the server segment, it houses all servers. (yes, really)
Proxmox is running on one of these servers, and houses all Nethservers.
I have 5 running Nethservers atm.
- domainserver: install with just samba AD account provider and DNS
- mailserver: install with just SOGo
- ftp/file server: install with VSFTPD and Samba shares
- alfresco server in the making
- webserver (and reverse proxy for other internal sites)
Internally, I expect to always resolve to the internal addresses, given current config.
Externally, I use WAN IP1 for FTP and WEB and WAN IP2 for SOGo
When I specifically tell nslookup to use the internal DNS server, this works fine.
From Windows:
C:\Users\luser>ping alfresco.mydomain.com
Pinging alfresco.mydomain.com [172.16.1.20] with 32 bytes of data:
Reply from 172.16.1.20: bytes=32 time<1ms TTL=64
Reply from 172.16.1.20: bytes=32 time<1ms TTL=64
Reply from 172.16.1.20: bytes=32 time<1ms TTL=64
Reply from 172.16.1.20: bytes=32 time<1ms TTL=64
Ping statistics for 172.16.1.20:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
C:\Users\luser>ping ftp.mydomain.com
Pinging ftp.mydomain.com [172.16.1.15] with 32 bytes of data:
Reply from 172.16.1.15: bytes=32 time<1ms TTL=64
Reply from 172.16.1.15: bytes=32 time<1ms TTL=64
Reply from 172.16.1.15: bytes=32 time<1ms TTL=64
Reply from 172.16.1.15: bytes=32 time<1ms TTL=64
Ping statistics for 172.16.1.15:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
C:\Users\luser>ping mail.mydomain.com
Pinging mail.mydomain.com [172.16.1.12] with 32 bytes of data:
Reply from 172.16.1.12: bytes=32 time<1ms TTL=64
Reply from 172.16.1.12: bytes=32 time<1ms TTL=64
Reply from 172.16.1.12: bytes=32 time<1ms TTL=64
Reply from 172.16.1.12: bytes=32 time<1ms TTL=64
Ping statistics for 172.16.1.12:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
From one of the servers:
[root@mailserver ~]# nslookup ftp.mydomain.com
Server: 127.0.0.1
Address: 127.0.0.1#53
** server can't find ftp.mydomain.com: NXDOMAIN
[root@mailserver ~]# nslookup ftp.mydomain.com 172.16.1.5
Server: 172.16.1.5
Address: 172.16.1.5#53
Name: ftp.mydomain.com
Address: 172.16.1.15
[root@mailserver ~]# nslookup ftp.mydomain.com 8.8.8.8
Server: 8.8.8.8
Address: 8.8.8.8#53
Non-authoritative answer:
Name: ftp.mydomain.com
Address: xx.xxx.xxx.xx
[root@mailserver ~]# exit
logout
Connection to 172.16.1.12 closed.
Please let me know if anything remains unclear about the situation.
on your email server, please
[root@ns7dev5 ~]# cat /etc/resolv.conf
and
[root@ns7dev5 ~]# config show dns
add in /etc/dnsmasq.conf
#redirect dns queries to /var/log/messages (test purpose)
log-queries
restart dnsmasq
systemctl restart dnsmasq
and take a look, ns7dev9 is resolved by my router at 192.168.xxx.1
[root@ns7dev5 ~]# nslookup ns7dev9
Server: 127.0.0.1
Address: 127.0.0.1#53
Non-authoritative answer:
*** Can't find ns7dev9: No answer
[root@ns7dev5 ~]# nslookup ns7dev9.lan
Server: 127.0.0.1
Address: 127.0.0.1#53
Name: ns7dev9.lan
Address: 192.168.12.178
check what are the queries in your log, I bet it is not ftp.domains.com
Dec 4 08:07:22 ns7dev5 dnsmasq[4265]: query[A] ns7dev9.nethservertest.org from 127.0.0.1
Dec 4 08:07:22 ns7dev5 dnsmasq[4265]: cached ns7dev9.nethservertest.org is NXDOMAIN
Dec 4 08:07:22 ns7dev5 dnsmasq[4265]: query[A] ns7dev9 from 127.0.0.1
Dec 4 08:07:22 ns7dev5 dnsmasq[4265]: config ns7dev9 is NODATA-IPv4
Dec 4 08:07:25 ns7dev5 dnsmasq[4265]: query[A] ns7dev9.lan from 127.0.0.1
Dec 4 08:07:25 ns7dev5 dnsmasq[4265]: forwarded ns7dev9.lan to 192.168.12.1
Dec 4 08:07:25 ns7dev5 dnsmasq[4265]: reply ns7dev9.lan is 192.168.12.178
in my case I need to comment
# Never forward plain names (without a dot or domain part)
domain-needed
1 Like
[root@mailserver ~]# cat /etc/resolv.conf
# ================= DO NOT MODIFY THIS FILE =================
#
# Manual changes will be lost when this file is regenerated.
#
# Please read the developer's guide, which is available
# at NethServer official site: https://www.nethserver.org
#
#
domain finalistsoftware.com
search finalistsoftware.com
# dnsmasq is enabled on this machine:
nameserver 127.0.0.1
[root@mailserver ~]# config show dns
dns=configuration
NameServers=172.16.1.5
[root@mailserver ~]#
[root@mailserver ~]# nslookup ftp
Server: 127.0.0.1
Address: 127.0.0.1#53
Non-authoritative answer:
*** Can't find ftp: No answer
[root@mailserver ~]# nslookup ftp.mydomain.com
Server: 127.0.0.1
Address: 127.0.0.1#53
** server can't find ftp.mydomain.com: NXDOMAIN
[root@mailserver ~]#
Dec 10 15:22:09 mailserver systemd: Stopping DNS caching server....
Dec 10 15:22:09 mailserver systemd: Started DNS caching server..
Dec 10 15:22:09 mailserver systemd: Starting DNS caching server....
Dec 10 15:22:09 mailserver dnsmasq[25831]: started, version 2.76 cachesize 4000
Dec 10 15:22:09 mailserver dnsmasq[25831]: compile time options: IPv6 GNU-getopt DBus no-i18n IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth no-DNSSEC loop-detect inotify
Dec 10 15:22:09 mailserver dnsmasq-tftp[25831]: TFTP root is /var/lib/tftpboot
Dec 10 15:22:09 mailserver dnsmasq[25831]: using nameserver 172.16.1.6#53 for domain mydomain.com
Dec 10 15:22:09 mailserver dnsmasq[25831]: using nameserver 127.0.0.1#10053 for domain spamhaus.org
Dec 10 15:22:09 mailserver dnsmasq[25831]: using nameserver 127.0.0.1#10053 for domain dnswl.org
Dec 10 15:22:09 mailserver dnsmasq[25831]: using nameserver 127.0.0.1#10053 for domain uribl.com
Dec 10 15:22:09 mailserver dnsmasq[25831]: using nameserver 172.16.1.5#53
Dec 10 15:22:09 mailserver dnsmasq[25831]: read /etc/hosts - 2 addresses
Dec 10 15:22:30 mailserver dnsmasq[25831]: query[A] ftp.mydomain.com from 127.0.0.1
Dec 10 15:22:30 mailserver dnsmasq[25831]: forwarded ftp.mydomain.com to 172.16.1.6
Dec 10 15:22:30 mailserver dnsmasq[25831]: query[A] ftp from 127.0.0.1
Dec 10 15:22:30 mailserver dnsmasq[25831]: config ftp is NODATA-IPv4
Dec 10 15:22:48 mailserver dnsmasq[25831]: query[A] ftp.mydomain.com from 127.0.0.1
Dec 10 15:22:48 mailserver dnsmasq[25831]: forwarded ftp.mydomain.com to 172.16.1.6
Dec 10 15:22:48 mailserver dnsmasq[25831]: query[A] ftp.mydomain.com.mydomain.com from 127.0.0.1
Dec 10 15:22:48 mailserver dnsmasq[25831]: forwarded ftp.mydomain.com.mydomain.com to 172.16.1.6
you declare a dns provider 172.16.1.5 and you forward your request to 172.16.1.6
why ?
can you catch server=172.16.1.6 in /etc/dnsmasq.conf