How I can setup dns role from cmd?

Hi there,

How I can setup dns role from cmd?
Looks like this is missing with the latest dnsmsg update.

Thanks

Hi @zimny,

this should set some default settings:

config set dns configuration NameServers 212.83.32.201,212.83.33.2,8.8.8.8
config set dnsmasq service CacheSize 4000 TCPPort 53 UDPPorts 53,67,69 access green dhcp-boot '' except-interface virbr0 status enabled tftp-status enabled
signal-event nethserver-dnsmasq-update

Hi Markus,

Thanks for the tip.
Looks like after latest dnsmasg update upstream dns section don’t work in NS7

You’re welcome. What exactly does not work? DNS resolving for clients?

NS7 regardless of setup in “network->dns servers” always resolve queries using my ISP dns servers

I just have mobile phone at the moment, maybe you find something in the docs:

http://docs.nethserver.org/projects/nethserver-devel/en/v7/dns.html

Are you saying that clients are always resolving via the ISP servers,or NS itself. If it’s the clients, check here, under DHCP, that the DNS Servers entry is blank:

Cheers.

1 Like

I agree there is something funny going on, didnt have time to look yet, but here is some sample output:

[root@gr1 ~]# config getprop dns NameServers
172.16.5.5
[root@gr1 ~]# nslookup ftp.mydomain.com
Server:         127.0.0.1
Address:        127.0.0.1#53

** server can't find ftp.mydomain.com: NXDOMAIN

[root@gr1 ~]# nslookup ftp.mydomain.com 172.16.5.5
Server:         172.16.5.5
Address:        172.16.5.5#53

Name:   ftp.mydomain.com
Address: 172.16.5.15

[root@gr1 ~]# nslookup google.com
Server:         127.0.0.1
Address:        127.0.0.1#53

Non-authoritative answer:
Name:   google.com
Address: 172.217.20.78

[root@gr1 ~]#

ftp.mydomain.com has been defined as DNS record on 172.16.5.5 but can not be resolved from 172.16.5.10 without forcing the use of that nameserver. A public record can be found.

Clients work fine and can resolve both local and public records. Noticed this behaviour 3 days ago but didnt have time to further investigate yet.

can you post, you can use a gist https://gist.github.com/

[root@ns7dev5 ~]# db hosts show

[root@ns7dev5 ~]# cat /etc/hosts

[root@ns7dev5 ~]# cat /etc/dnsmasq.conf
2 Likes

Not sure if that request was at me as well, but here is my output just the same :stuck_out_tongue:

yep nothing bad

I’m the author of the new update of nethserver-hosts & nethserver-dnsmasq. We introduce a feature for a wildcard domains property

eg: sub.domain.com matches domains.com

Of course only if decided by the sysadmin, you can notice the new checkbox and a new property ‘WildcardMode’

in dnsmasq.conf

# redirect all subdomains to : ftp.titi.com
address=/ftp.titi.com/192.168.12.56

As far I see you are not concerned in your gist.

That was the gist from the mailserver. Here is the one from my DNS server:

The issue is, that on the mailserver I can not resolve ftp.mydomain.com for instance:

[root@mailserver ~]# nslookup ftp.mydomain.com
Server:		127.0.0.1
Address:	127.0.0.1#53

** server can't find ftp.mydomain.com: NXDOMAIN

I bet your dns server is not up to date, the last version are

nethserver-hosts-1.2.2-1.ns7.noarch
nethserver-dnsmasq-1.6.6-1.ns7.noarch

what is your network architecture, some clues maybe are needed. I’m not sure that the update is the reason of this issue.

1 Like

Ugh … now you are forcing me to make vague drawings as I never learned to properly model these things :slight_smile:

You are right on updates, will update and check again

1 Like

Output after update, nothing changed:

Network topology:

I am not yet awake enough to draw… let me describe it, itś pretty simple:

Internet is attached to a dedicated firewall with 2 WAN IP’s
The firewall serves 3 LAN segments, 2 of which we will ignore now.
The third segment is the server segment, it houses all servers. (yes, really)
Proxmox is running on one of these servers, and houses all Nethservers.

I have 5 running Nethservers atm.

  1. domainserver: install with just samba AD account provider and DNS
  2. mailserver: install with just SOGo
  3. ftp/file server: install with VSFTPD and Samba shares
  4. alfresco server in the making
  5. webserver (and reverse proxy for other internal sites)

Internally, I expect to always resolve to the internal addresses, given current config.
Externally, I use WAN IP1 for FTP and WEB and WAN IP2 for SOGo

When I specifically tell nslookup to use the internal DNS server, this works fine.

From Windows:

C:\Users\luser>ping alfresco.mydomain.com

Pinging alfresco.mydomain.com [172.16.1.20] with 32 bytes of data:
Reply from 172.16.1.20: bytes=32 time<1ms TTL=64
Reply from 172.16.1.20: bytes=32 time<1ms TTL=64
Reply from 172.16.1.20: bytes=32 time<1ms TTL=64
Reply from 172.16.1.20: bytes=32 time<1ms TTL=64

Ping statistics for 172.16.1.20:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms

C:\Users\luser>ping ftp.mydomain.com

Pinging ftp.mydomain.com [172.16.1.15] with 32 bytes of data:
Reply from 172.16.1.15: bytes=32 time<1ms TTL=64
Reply from 172.16.1.15: bytes=32 time<1ms TTL=64
Reply from 172.16.1.15: bytes=32 time<1ms TTL=64
Reply from 172.16.1.15: bytes=32 time<1ms TTL=64

Ping statistics for 172.16.1.15:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms

C:\Users\luser>ping mail.mydomain.com

Pinging mail.mydomain.com [172.16.1.12] with 32 bytes of data:
Reply from 172.16.1.12: bytes=32 time<1ms TTL=64
Reply from 172.16.1.12: bytes=32 time<1ms TTL=64
Reply from 172.16.1.12: bytes=32 time<1ms TTL=64
Reply from 172.16.1.12: bytes=32 time<1ms TTL=64

Ping statistics for 172.16.1.12:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms

From one of the servers:

[root@mailserver ~]# nslookup ftp.mydomain.com
Server:		127.0.0.1
Address:	127.0.0.1#53

** server can't find ftp.mydomain.com: NXDOMAIN

[root@mailserver ~]# nslookup ftp.mydomain.com 172.16.1.5
Server:		172.16.1.5
Address:	172.16.1.5#53

Name:	ftp.mydomain.com
Address: 172.16.1.15

[root@mailserver ~]# nslookup ftp.mydomain.com 8.8.8.8
Server:		8.8.8.8
Address:	8.8.8.8#53

Non-authoritative answer:
Name:	ftp.mydomain.com
Address: xx.xxx.xxx.xx

[root@mailserver ~]# exit
logout
Connection to 172.16.1.12 closed.

Please let me know if anything remains unclear about the situation.

on your email server, please

[root@ns7dev5 ~]# cat /etc/resolv.conf
and
[root@ns7dev5 ~]# config show dns

@planet_jeroen

add in /etc/dnsmasq.conf

#redirect dns queries to /var/log/messages (test purpose)
log-queries

restart dnsmasq

systemctl restart dnsmasq

and take a look, ns7dev9 is resolved by my router at 192.168.xxx.1

[root@ns7dev5 ~]# nslookup ns7dev9
Server:		127.0.0.1
Address:	127.0.0.1#53

Non-authoritative answer:
*** Can't find ns7dev9: No answer

[root@ns7dev5 ~]# nslookup ns7dev9.lan
Server:		127.0.0.1
Address:	127.0.0.1#53

Name:	ns7dev9.lan
Address: 192.168.12.178

check what are the queries in your log, I bet it is not ftp.domains.com

Dec  4 08:07:22 ns7dev5 dnsmasq[4265]: query[A] ns7dev9.nethservertest.org from 127.0.0.1
Dec  4 08:07:22 ns7dev5 dnsmasq[4265]: cached ns7dev9.nethservertest.org is NXDOMAIN
Dec  4 08:07:22 ns7dev5 dnsmasq[4265]: query[A] ns7dev9 from 127.0.0.1
Dec  4 08:07:22 ns7dev5 dnsmasq[4265]: config ns7dev9 is NODATA-IPv4
Dec  4 08:07:25 ns7dev5 dnsmasq[4265]: query[A] ns7dev9.lan from 127.0.0.1
Dec  4 08:07:25 ns7dev5 dnsmasq[4265]: forwarded ns7dev9.lan to 192.168.12.1
Dec  4 08:07:25 ns7dev5 dnsmasq[4265]: reply ns7dev9.lan is 192.168.12.178

in my case I need to comment

# Never forward plain names (without a dot or domain part)
domain-needed
1 Like
[root@mailserver ~]# cat /etc/resolv.conf
# ================= DO NOT MODIFY THIS FILE =================
#
# Manual changes will be lost when this file is regenerated.
#
# Please read the developer's guide, which is available
# at NethServer official site: https://www.nethserver.org
#
#
domain finalistsoftware.com
search finalistsoftware.com

# dnsmasq is enabled on this machine:
nameserver 127.0.0.1

[root@mailserver ~]# config show dns
dns=configuration
    NameServers=172.16.1.5
[root@mailserver ~]#
[root@mailserver ~]# nslookup ftp
Server:         127.0.0.1
Address:        127.0.0.1#53

Non-authoritative answer:
*** Can't find ftp: No answer

[root@mailserver ~]# nslookup ftp.mydomain.com
Server:         127.0.0.1
Address:        127.0.0.1#53

** server can't find ftp.mydomain.com: NXDOMAIN

[root@mailserver ~]#

Dec 10 15:22:09 mailserver systemd: Stopping DNS caching server....
Dec 10 15:22:09 mailserver systemd: Started DNS caching server..
Dec 10 15:22:09 mailserver systemd: Starting DNS caching server....
Dec 10 15:22:09 mailserver dnsmasq[25831]: started, version 2.76 cachesize 4000
Dec 10 15:22:09 mailserver dnsmasq[25831]: compile time options: IPv6 GNU-getopt DBus no-i18n IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth no-DNSSEC loop-detect inotify
Dec 10 15:22:09 mailserver dnsmasq-tftp[25831]: TFTP root is /var/lib/tftpboot
Dec 10 15:22:09 mailserver dnsmasq[25831]: using nameserver 172.16.1.6#53 for domain mydomain.com
Dec 10 15:22:09 mailserver dnsmasq[25831]: using nameserver 127.0.0.1#10053 for domain spamhaus.org
Dec 10 15:22:09 mailserver dnsmasq[25831]: using nameserver 127.0.0.1#10053 for domain dnswl.org
Dec 10 15:22:09 mailserver dnsmasq[25831]: using nameserver 127.0.0.1#10053 for domain uribl.com
Dec 10 15:22:09 mailserver dnsmasq[25831]: using nameserver 172.16.1.5#53
Dec 10 15:22:09 mailserver dnsmasq[25831]: read /etc/hosts - 2 addresses
Dec 10 15:22:30 mailserver dnsmasq[25831]: query[A] ftp.mydomain.com from 127.0.0.1
Dec 10 15:22:30 mailserver dnsmasq[25831]: forwarded ftp.mydomain.com to 172.16.1.6
Dec 10 15:22:30 mailserver dnsmasq[25831]: query[A] ftp from 127.0.0.1
Dec 10 15:22:30 mailserver dnsmasq[25831]: config ftp is NODATA-IPv4
Dec 10 15:22:48 mailserver dnsmasq[25831]: query[A] ftp.mydomain.com from 127.0.0.1
Dec 10 15:22:48 mailserver dnsmasq[25831]: forwarded ftp.mydomain.com to 172.16.1.6
Dec 10 15:22:48 mailserver dnsmasq[25831]: query[A] ftp.mydomain.com.mydomain.com from 127.0.0.1
Dec 10 15:22:48 mailserver dnsmasq[25831]: forwarded ftp.mydomain.com.mydomain.com to 172.16.1.6

you declare a dns provider 172.16.1.5 and you forward your request to 172.16.1.6

why ?

can you catch server=172.16.1.6 in /etc/dnsmasq.conf