Networking DNS configs

network
dns
activedirectory
(Riccardo Prandini) #1

I like to open a little talk about networking and netshserver.

Actually I have HP gen10 with 2 lan

  • One LAN is connected as green for internal network
  • There is a bridge created automagically by the sistem for AD

-The other LAN is unused at the moment

I have all WINDOWS/LINUX client under the same network 192.168.X.Y/24

I have added the NETHSERVER as 192.168.X.11 (wuebui and shared folder) 192.168.X.10 (AD)
I have a the main ROUTER as 192.168.X.1 it has DHCP (from 192.168.X.100 to 192.168.X.250)- VPN(a lot) site to site and it connect to main internet router under ip space 192.168.Z.W/24

I know that using AD we have to set nethserver bridge interface as DNS resolver. This is a problem because WINDOWS become crazy and can’t resolve any internet address.

So at the moment a light and fast solution is to set the 8.8.8.8 as primary dns and nethserver as secondary. I have to inspect better with dns inpection tool.

But…

what is the idea behind nethserver netwokink.

DNS if configured is under green real interface 192.168.X.11 and bridge 192.168.X.10 has only the resolution for AD server name.

If I set the the default DNS as gereen interface and add inside neth a resolution rule for AD to the bridge ip and other to be forwareded to my default router, is this possible? is it a nice idea or open to a lot of problems?

(Markus Neuberger) #2

Nethserver uses dnsmasq which is a DNS and DHCP server so I recommend to use both services on Nethserver. This way DNS knows about given DHCP addresses. A resolution rule (you’ll need it on the main internet router) would work but does not solve the DNS/DHCP problem.

Nethserver should use your main internet router as gateway and a working DNS server (Google is default).

The clients should use your main internet router as gateway and Nethserver as DNS. Mixing DNS servers that know about your (internal/AD domain) with ones that don’t know is a bad idea.

Does DNS work on your Nethserver?

dig nethserver.org

On Windows clients?

nslookup nethserver.org

(Michael Träumner) #3

I don’t think so, please have a look at this post:

Please have a look at DNS site at server manager, there should be, as @mrmarkuz said, the default entry with google DNS.

If I understand @davidep post at the right way, this works only by setting DNS to server address 192.168.X.11.

(Riccardo Prandini) #4

@mrmarkuz @m.traeumner Thanks for the help.

I had a lot of trouble to test the problem because I’m remote conncted to the machine and they go offline with wrong setting.

I have this situation.

srl - Network
2018-05-07 18_17_58-G.S.T. srl - Network.png1250x179 12.9 KB

and ad is .40

srl - Network

srl - Dashboard

So at the side of server i think it is OK

Now the HOST side

Test 1 all autoconfigured -> ad not working

2018-05-07 17_35_47-Prompt dei comandi

2018-05-07 17_39_08-Prompt dei comandi
2018-05-07 17_39_08-Prompt dei comandi.png782x97 6.19 KB

2018-05-07 17_37_21-Prompt dei comandi

Test 2 auto+ custom dns -> ad ok internet ko

2018-05-07 17_40_37-Prompt dei comandi

2018-05-07 17_41_45-Prompt dei comandi

2018-05-07 17_43_07-Prompt dei comandi

Test 3 auto+ custom dns -> internet ok ad ko

2018-05-07 17_45_13-Prompt dei comandi

2018-05-07 17_45_52-Prompt dei comandi

2018-05-07 17_46_42-Prompt dei comandi
2018-05-07 17_46_42-Prompt dei comandi.png786x93 6.31 KB

Test 4 all manual (the default config) no work

2018-05-07 17_53_48-Seleziona Prompt dei comandi

2018-05-07 17_55_48-Prompt dei comandi

2018-05-07 17_54_54-Seleziona Prompt dei comandi

I think that I DNS is not forwarded out.
I have also tested the -debug option.

Any Idea?

(Markus Neuberger) #5

I found that 4.4.4.4 seems to be not reachable so you may just setup the Google servers(8.8.8.8, 8.8.4.4) as remote DNS on your Nethserver.

config setprop dns NameServers 8.8.8.8,8.8.4.4
signal-event nethserver-dnsmasq-save

On the client you may just use your Nethserver (192.168.1.41) as DNS.

(Riccardo Prandini) #6

Sorry but no luck .

Dns change done but no results.

2018-05-08 17_50_16-Seleziona Prompt dei comandi

2018-05-08 17_51_33-Prompt dei comandi

2018-05-08 17_54_22-Prompt dei comandi
2018-05-08 17_54_22-Prompt dei comandi.png672x880 32 KB

(Riccardo Prandini) #7

Some news someting strange on the network…

I put 2 machine (real) neth and a win pc on the same switch (alone) and connected the switch to the network.

Machine A has IP 192.168.1.100
NETH has

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: enp2s0f0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master br0 state UP qlen 1000
    link/ether 18:12:13:10:18:10 brd ff:ff:ff:ff:ff:ff
    inet6(omissis)/64 scope link
       valid_lft forever preferred_lft forever
3: enp2s0f1: <BROADCAST,MULTICAST> mtu 1500 qdisc mq state DOWN qlen 1000
    link/ether 18:12:13:10:18:11 brd ff:ff:ff:ff:ff:ff
4: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    link/ether 16:11:15:12:13:1f brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.41/24 brd 192.168.1.255 scope global br0
       valid_lft forever preferred_lft forever
    inet6 (omissis)/64 scope link
       valid_lft forever preferred_lft forever
5: vb-nsdc@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br0 state UP qlen 1000
    link/ether 46:c1:f5:62:a3:0f brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet6 (omissis)/64 scope link
       valid_lft forever preferred_lft forever

So i tested with those 2 machine to

  1. Ping 8.8.8.8

win machine OK
neth all packet lost

  1. Ping each other
    win machine ok
    nethall lost

3)tracerout
win machine ok
neth no response

It lloks like that neth can accept request but can’t trasmit them on green

Any Idea?

(Riccardo Prandini) #8

MMMM… something wired.

this afternoon the machine became unreachable I have a local console I can ping 40 and 41 each other but machine unreachable.

How to restore reconfig networking ???

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: enp2s0f0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master br0 state UP qlen 1000
    link/ether 18:12:13:10:18:10 brd ff:ff:ff:ff:ff:ff
    inet6(omissis)/64 scope link
       valid_lft forever preferred_lft forever
3: enp2s0f1: <BROADCAST,MULTICAST> mtu 1500 qdisc mq state DOWN qlen 1000
    link/ether 18:12:13:10:18:11 brd ff:ff:ff:ff:ff:ff
4: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    link/ether 16:11:15:12:13:1f brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.41/24 brd 192.168.1.255 scope global br0
       valid_lft forever preferred_lft forever
    inet6 (omissis)/64 scope link
       valid_lft forever preferred_lft forever
5: vb-nsdc@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br0 state UP qlen 1000
    link/ether 46:c1:f5:62:a3:0f brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet6 (omissis)/64 scope link
       valid_lft forever preferred_lft forever
(Markus Neuberger) #9

Here are the docs about resetting the network:

http://docs.nethserver.org/projects/nethserver-devel/en/v7/nethserver-base.html#reset-network-configuration

(Riccardo Prandini) #10

Thanks but it is strange tha the network card became unreachable

Tomorrow I try now the office is closed

(Markus Neuberger) #11

That’s right but maybe it’s just a network hardware error. It would fit to the other strange things (ping, nslookup)…good luck for tomorrow!

(Riccardo Prandini) #12

Ok now I have the connection to the interface but how to rebuild the AD without loosing config of AD

I have no outgoing packet ping don’t ping but machine is finally pingable.

I’m sure it is a problem between HW or configuration because i Use it on a switch (new buyed for the occasion) where I have machine and Another win PC.

I know that it is a VM but where is the relation between

My real network

DEVICE=enp2s0f0
BOOTPROTO=none
BRIDGE=br0
NM_CONTROLLED=no
ONBOOT=yes
TYPE=Ethernet
USERCTL=no

The Bridge

DEVICE=br0
BOOTPROTO=none
GATEWAY=192.168.1.236
IPADDR=192.168.1.41
NETMASK=255.255.255.0
NM_CONTROLLED=no
ONBOOT=yes
TYPE=Bridge
USERCTL=no

And AD network card?

(Markus Neuberger) #13

Nethserver stores the config in databases. To see the nsdc config just execute the following:

config show nsdc

http://docs.nethserver.org/projects/nethserver-devel/en/v7/nethserver-dc.html

(Riccardo Prandini) #14

Some news I have restored all network interface to the initial status

  1. Green
  2. bridge on green

The situation is the same as the begin no internet connection both for neth and no resolution capacity for pc that uses DNS green ip as DNS.

Now nice news

  1. To make the machine capable to acces to internet I added a Red interface (DHCP) now it goes online i have also updated to 7.4 without big issues

  2. Pc configured to use neth as dns don’t resolve anything excepct AD

  3. So I went in Static routes and redirected 0.0.0.0/0 to the gateway
    and magically machine resolve packet

4)I also added a specific DNS (very useful for me in VPN) and wow perfect.

So I can mark as resolved … But is this a correct configuration to use?

(Markus Neuberger) #15

Great! Glad that it works! Instead of the static route you may set the gateway only on red interface in the network settings.

(Rob Bosch) #16

Are you sure there is no hardware failure on your NethServer interface? I had a problem with a networkinterface on a HP gen7 microserver. The server has 1 interface of itself on the motherboard. Since it is used as gateway for the LAN, it needed a 2nd interface. I had a dual Gb adapter lying around and I added that on the HP microserver.
After a year or so, the Red interface became inresponsive. All settings seemed ok but no traffic was going through the interface.
I configured the onboard interface as Red interface instead of one of the dual interface nic ports, and voila… all was fixed. It turned out to be a hardware problem.

(Riccardo Prandini) #17

Thans @robb tomorrow I plan to install new firmare on nic card so network can be inspected better also via BIOS.
So to ensure that this is not an hw proble I’ll order a dual gigabit card for test some suggestion on chipset I know about some problem in Intel.

(Gabriel GHEORGHIU) #18

Hi @Riccardo_Prandini,

Maybe is too late but …

If i understand correctly, you have a router for internet access, which also give DHCP for you LAN.
In this case, the DNS forwarder/resolver for Internet access is the router. All your LAN clients have the LAN IP of the router as DNS.

You have added NethServer (ONE NIC) to prvide AD services for your LAN.
In this case, the DNS resolver for your LAN is the NS but not also forwarder!

In your case, for everythink to work well, you have some options:
1 - move your DHCP services from router to NS

  • set your NS NIC as follow:
    IP: 192.168.X.11 (DHCP: 192.168.X.100 - 192.168.X.250)
    NM: 255.255.255.0
    GW: 192.168.X.1
    DNS: 192.168.X.1
    In this case, the NS will act as DNS forwarder/resolver for Internet access and as DNS resolver for your LAN.
    Te external DNS (8.8.8.8) is set ONLY on router!

2 - keep DHCP on router

  • on router, if the router has this option, add NS as new host.
  • set your NS NIC as follow:
    IP: 192.168.X.11
    NM: 255.255.255.0
    GW: 192.168.X.1
    DNS: 192.168.X.1
    In this case, the router will act as DNS forwarder/resolver for Internet access and as DNS resolver for your LAN.
    Te external DNS (8.8.8.8) is set ONLY on router!

3 - your solution

Gabriel

(Riccardo Prandini) #19

Thanks it’s never late and all Information are useful.

Yes I have added the AD and to use it I need NS to be a DNS.
At the beginning i had configured the server under networking to have IP .41 (real) .40(AD) GW IProuter DNS a sequence of 8.8.8.8,8.8.4.4,RouterIP.

The host use NS as as primary DNS and router as gateway but dns query are not forwarded.

The option 2 Router has not this ability.

(Riccardo Prandini) #20

Ok If I delete the rule NS can’t do DNS query.