How I can setup dns role from cmd?


(Zimny) #1

Hi there,

How I can setup dns role from cmd?
Looks like this is missing with the latest dnsmsg update.

Thanks


(Markus Neuberger) #2

Hi @zimny,

this should set some default settings:

config set dns configuration NameServers 212.83.32.201,212.83.33.2,8.8.8.8
config set dnsmasq service CacheSize 4000 TCPPort 53 UDPPorts 53,67,69 access green dhcp-boot '' except-interface virbr0 status enabled tftp-status enabled
signal-event nethserver-dnsmasq-update

(Zimny) #3

Hi Markus,

Thanks for the tip.
Looks like after latest dnsmasg update upstream dns section don’t work in NS7


(Markus Neuberger) #4

You’re welcome. What exactly does not work? DNS resolving for clients?


(Zimny) #5

NS7 regardless of setup in “network->dns servers” always resolve queries using my ISP dns servers


(Markus Neuberger) #6

I just have mobile phone at the moment, maybe you find something in the docs:

http://docs.nethserver.org/projects/nethserver-devel/en/v7/dns.html


(Eddie Atherton) #7

Are you saying that clients are always resolving via the ISP servers,or NS itself. If it’s the clients, check here, under DHCP, that the DNS Servers entry is blank:

Cheers.


(Jeroen Visser) #8

I agree there is something funny going on, didnt have time to look yet, but here is some sample output:

[root@gr1 ~]# config getprop dns NameServers
172.16.5.5
[root@gr1 ~]# nslookup ftp.mydomain.com
Server:         127.0.0.1
Address:        127.0.0.1#53

** server can't find ftp.mydomain.com: NXDOMAIN

[root@gr1 ~]# nslookup ftp.mydomain.com 172.16.5.5
Server:         172.16.5.5
Address:        172.16.5.5#53

Name:   ftp.mydomain.com
Address: 172.16.5.15

[root@gr1 ~]# nslookup google.com
Server:         127.0.0.1
Address:        127.0.0.1#53

Non-authoritative answer:
Name:   google.com
Address: 172.217.20.78

[root@gr1 ~]#

ftp.mydomain.com has been defined as DNS record on 172.16.5.5 but can not be resolved from 172.16.5.10 without forcing the use of that nameserver. A public record can be found.

Clients work fine and can resolve both local and public records. Noticed this behaviour 3 days ago but didnt have time to further investigate yet.


(Stéphane de Labrusse) #9

can you post, you can use a gist https://gist.github.com/

[root@ns7dev5 ~]# db hosts show

[root@ns7dev5 ~]# cat /etc/hosts

[root@ns7dev5 ~]# cat /etc/dnsmasq.conf

(Jeroen Visser) #10

Not sure if that request was at me as well, but here is my output just the same :stuck_out_tongue:


(Stéphane de Labrusse) #11

yep nothing bad

I’m the author of the new update of nethserver-hosts & nethserver-dnsmasq. We introduce a feature for a wildcard domains property

eg: sub.domain.com matches domains.com

Of course only if decided by the sysadmin, you can notice the new checkbox and a new property ‘WildcardMode’

in dnsmasq.conf

# redirect all subdomains to : ftp.titi.com
address=/ftp.titi.com/192.168.12.56

As far I see you are not concerned in your gist.


(Jeroen Visser) #12

That was the gist from the mailserver. Here is the one from my DNS server:

The issue is, that on the mailserver I can not resolve ftp.mydomain.com for instance:

[root@mailserver ~]# nslookup ftp.mydomain.com
Server:		127.0.0.1
Address:	127.0.0.1#53

** server can't find ftp.mydomain.com: NXDOMAIN

(Stéphane de Labrusse) #13

I bet your dns server is not up to date, the last version are

nethserver-hosts-1.2.2-1.ns7.noarch
nethserver-dnsmasq-1.6.6-1.ns7.noarch

what is your network architecture, some clues maybe are needed. I’m not sure that the update is the reason of this issue.


(Jeroen Visser) #14

Ugh … now you are forcing me to make vague drawings as I never learned to properly model these things :slight_smile:

You are right on updates, will update and check again


(Jeroen Visser) #15

Output after update, nothing changed:

Network topology:

I am not yet awake enough to draw… let me describe it, itś pretty simple:

Internet is attached to a dedicated firewall with 2 WAN IP’s
The firewall serves 3 LAN segments, 2 of which we will ignore now.
The third segment is the server segment, it houses all servers. (yes, really)
Proxmox is running on one of these servers, and houses all Nethservers.

I have 5 running Nethservers atm.

  1. domainserver: install with just samba AD account provider and DNS
  2. mailserver: install with just SOGo
  3. ftp/file server: install with VSFTPD and Samba shares
  4. alfresco server in the making
  5. webserver (and reverse proxy for other internal sites)

Internally, I expect to always resolve to the internal addresses, given current config.
Externally, I use WAN IP1 for FTP and WEB and WAN IP2 for SOGo

When I specifically tell nslookup to use the internal DNS server, this works fine.

From Windows:

C:\Users\luser>ping alfresco.mydomain.com

Pinging alfresco.mydomain.com [172.16.1.20] with 32 bytes of data:
Reply from 172.16.1.20: bytes=32 time<1ms TTL=64
Reply from 172.16.1.20: bytes=32 time<1ms TTL=64
Reply from 172.16.1.20: bytes=32 time<1ms TTL=64
Reply from 172.16.1.20: bytes=32 time<1ms TTL=64

Ping statistics for 172.16.1.20:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms

C:\Users\luser>ping ftp.mydomain.com

Pinging ftp.mydomain.com [172.16.1.15] with 32 bytes of data:
Reply from 172.16.1.15: bytes=32 time<1ms TTL=64
Reply from 172.16.1.15: bytes=32 time<1ms TTL=64
Reply from 172.16.1.15: bytes=32 time<1ms TTL=64
Reply from 172.16.1.15: bytes=32 time<1ms TTL=64

Ping statistics for 172.16.1.15:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms

C:\Users\luser>ping mail.mydomain.com

Pinging mail.mydomain.com [172.16.1.12] with 32 bytes of data:
Reply from 172.16.1.12: bytes=32 time<1ms TTL=64
Reply from 172.16.1.12: bytes=32 time<1ms TTL=64
Reply from 172.16.1.12: bytes=32 time<1ms TTL=64
Reply from 172.16.1.12: bytes=32 time<1ms TTL=64

Ping statistics for 172.16.1.12:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms

From one of the servers:

[root@mailserver ~]# nslookup ftp.mydomain.com
Server:		127.0.0.1
Address:	127.0.0.1#53

** server can't find ftp.mydomain.com: NXDOMAIN

[root@mailserver ~]# nslookup ftp.mydomain.com 172.16.1.5
Server:		172.16.1.5
Address:	172.16.1.5#53

Name:	ftp.mydomain.com
Address: 172.16.1.15

[root@mailserver ~]# nslookup ftp.mydomain.com 8.8.8.8
Server:		8.8.8.8
Address:	8.8.8.8#53

Non-authoritative answer:
Name:	ftp.mydomain.com
Address: xx.xxx.xxx.xx

[root@mailserver ~]# exit
logout
Connection to 172.16.1.12 closed.

Please let me know if anything remains unclear about the situation.


(Stéphane de Labrusse) #16

on your email server, please

[root@ns7dev5 ~]# cat /etc/resolv.conf
and
[root@ns7dev5 ~]# config show dns


(Stéphane de Labrusse) #17

@planet_jeroen

add in /etc/dnsmasq.conf

#redirect dns queries to /var/log/messages (test purpose)
log-queries

restart dnsmasq

systemctl restart dnsmasq

and take a look, ns7dev9 is resolved by my router at 192.168.xxx.1

[root@ns7dev5 ~]# nslookup ns7dev9
Server:		127.0.0.1
Address:	127.0.0.1#53

Non-authoritative answer:
*** Can't find ns7dev9: No answer

[root@ns7dev5 ~]# nslookup ns7dev9.lan
Server:		127.0.0.1
Address:	127.0.0.1#53

Name:	ns7dev9.lan
Address: 192.168.12.178

check what are the queries in your log, I bet it is not ftp.domains.com

Dec  4 08:07:22 ns7dev5 dnsmasq[4265]: query[A] ns7dev9.nethservertest.org from 127.0.0.1
Dec  4 08:07:22 ns7dev5 dnsmasq[4265]: cached ns7dev9.nethservertest.org is NXDOMAIN
Dec  4 08:07:22 ns7dev5 dnsmasq[4265]: query[A] ns7dev9 from 127.0.0.1
Dec  4 08:07:22 ns7dev5 dnsmasq[4265]: config ns7dev9 is NODATA-IPv4
Dec  4 08:07:25 ns7dev5 dnsmasq[4265]: query[A] ns7dev9.lan from 127.0.0.1
Dec  4 08:07:25 ns7dev5 dnsmasq[4265]: forwarded ns7dev9.lan to 192.168.12.1
Dec  4 08:07:25 ns7dev5 dnsmasq[4265]: reply ns7dev9.lan is 192.168.12.178

in my case I need to comment

# Never forward plain names (without a dot or domain part)
domain-needed

(Jeroen Visser) #18
[root@mailserver ~]# cat /etc/resolv.conf
# ================= DO NOT MODIFY THIS FILE =================
#
# Manual changes will be lost when this file is regenerated.
#
# Please read the developer's guide, which is available
# at NethServer official site: https://www.nethserver.org
#
#
domain finalistsoftware.com
search finalistsoftware.com

# dnsmasq is enabled on this machine:
nameserver 127.0.0.1

[root@mailserver ~]# config show dns
dns=configuration
    NameServers=172.16.1.5
[root@mailserver ~]#

(Jeroen Visser) #19
[root@mailserver ~]# nslookup ftp
Server:         127.0.0.1
Address:        127.0.0.1#53

Non-authoritative answer:
*** Can't find ftp: No answer

[root@mailserver ~]# nslookup ftp.mydomain.com
Server:         127.0.0.1
Address:        127.0.0.1#53

** server can't find ftp.mydomain.com: NXDOMAIN

[root@mailserver ~]#

Dec 10 15:22:09 mailserver systemd: Stopping DNS caching server....
Dec 10 15:22:09 mailserver systemd: Started DNS caching server..
Dec 10 15:22:09 mailserver systemd: Starting DNS caching server....
Dec 10 15:22:09 mailserver dnsmasq[25831]: started, version 2.76 cachesize 4000
Dec 10 15:22:09 mailserver dnsmasq[25831]: compile time options: IPv6 GNU-getopt DBus no-i18n IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth no-DNSSEC loop-detect inotify
Dec 10 15:22:09 mailserver dnsmasq-tftp[25831]: TFTP root is /var/lib/tftpboot
Dec 10 15:22:09 mailserver dnsmasq[25831]: using nameserver 172.16.1.6#53 for domain mydomain.com
Dec 10 15:22:09 mailserver dnsmasq[25831]: using nameserver 127.0.0.1#10053 for domain spamhaus.org
Dec 10 15:22:09 mailserver dnsmasq[25831]: using nameserver 127.0.0.1#10053 for domain dnswl.org
Dec 10 15:22:09 mailserver dnsmasq[25831]: using nameserver 127.0.0.1#10053 for domain uribl.com
Dec 10 15:22:09 mailserver dnsmasq[25831]: using nameserver 172.16.1.5#53
Dec 10 15:22:09 mailserver dnsmasq[25831]: read /etc/hosts - 2 addresses
Dec 10 15:22:30 mailserver dnsmasq[25831]: query[A] ftp.mydomain.com from 127.0.0.1
Dec 10 15:22:30 mailserver dnsmasq[25831]: forwarded ftp.mydomain.com to 172.16.1.6
Dec 10 15:22:30 mailserver dnsmasq[25831]: query[A] ftp from 127.0.0.1
Dec 10 15:22:30 mailserver dnsmasq[25831]: config ftp is NODATA-IPv4
Dec 10 15:22:48 mailserver dnsmasq[25831]: query[A] ftp.mydomain.com from 127.0.0.1
Dec 10 15:22:48 mailserver dnsmasq[25831]: forwarded ftp.mydomain.com to 172.16.1.6
Dec 10 15:22:48 mailserver dnsmasq[25831]: query[A] ftp.mydomain.com.mydomain.com from 127.0.0.1
Dec 10 15:22:48 mailserver dnsmasq[25831]: forwarded ftp.mydomain.com.mydomain.com to 172.16.1.6

(Stéphane de Labrusse) #20

you declare a dns provider 172.16.1.5 and you forward your request to 172.16.1.6

why ?

can you catch server=172.16.1.6 in /etc/dnsmasq.conf