Resolving DNS, DHCP, IP issues

NethServer Version: 7.9
Module: your_module

topology: ROUTER = gateway with dhcp server, promotes and as DNS, also provides itself a miniature DNS service (<10 items as local DNS fallback) nethserver instance, ovpn configured nethserver nsdc controller
192.168.32.x: clients

From the beginning I encountered a small DNS glitch in my NS instance: an error stating that one or more DNS servers don’t answer. (addresses like,,, …) I didn’t bother about this too much. Everything seemed to work somehow.

Lately I sometimes get a connection to my NS instance, when trying to connect to the router by IP in a browser. Thus, not the config screen of the router appears, but the website of the NS. This happens sometimes, at maybe 50 percent chance, not always. Which is weird. (I never could access local devices via ovpn tunnel, except xx.6 and xx.7, although I tried to set up a route and trusted network. Don’t know if this is relevant.)

But, most important: I cannot resolve any external domains, when propagating xx.7 as first DNS via the routers dhcp. Local DNS at xx.7 can’t resolve them for sure, but it stopped forwarding the request to another DNS. (Clients receive both DNS with the dhcp lease.)

So I have three questions:

  • Why do I have trouble with DNS servers of high availability?
  • Why does my NS instance deliver content when I ask for the router?
  • Why does my nsdc DNS not forward requests for external sites?

Where to look? - I am not a pro, just an enthusiastic end user, so verbosity is appreciated.

Hi @sternkrabbe,

  • First make sure there is only 1 DHCP server - you need only 1 DHCP per IP segment (
  • ROUTER should promote itself as primary DNS and as secondary DNS.
    If it promotes as DNS, then will have itself as DNS => endless loop ???


1 Like

Hi Michel-André,

ad 1:
There are two candidates for DHCP service in the subnet, the router and thte NS. I activated DHCP in the router, and I think it’s inactive in NS. There’s no main DHCP switch in cockpit and it is not listed under “services”. The DHCP Tab itself shows no IP reservations, so I assume it is inactive.

One funny thing happens when searching the network in the NS DHCP Tab:

x.x.32.1 MAC of router neth.server.gsr
x.x.32.7 MAC of nsdc (unknown, locally administered)
x.x.32.16 MAC of router Draytek (router manufacturer, this is a VPN connection to the router)
and a few others.

The description of the first entry is wrong, I don’t know where it comes from. And and entry for x.6 (which is neth.server.gsr) is missing. In the router DNS, neth.server.gsr resolves to x.6, not to x.1

ad 2:
Since I use the nsdc as ADC I need to promote it as DNS for my clients. I also was thinking about some kind of a request loop. I would expect either the nsdc DNS to forward requests to another DNS (maybe one of those I can enter in NS cockpit) or the clients to try the second DNS if the first (nsdc DNS) cannot resolve it. But little I know about these things.

thx, Tobias

at the moment, in NS terminal window:

[root@neth ~]# nslookup

** server can't find REFUSED

[root@neth ~]# ping
connect: Das Netzwerk ist nicht erreichbar
[root@neth ~]# nslookup neth.server.gsr

Name:   neth.server.gsr
** server can't find neth.server.gsr.server.gsr: REFUSED

Hi @sternkrabbe,

Install the Old Server Manager then go to https://server-ip:980. It’s easier to find someting than in Cockpit.

At the console, to find out the default gateway, try:

# route



results of route:

[root@neth ~]# route
Kernel IP Routentabelle
Ziel            Router          Genmask         Flags Metric Ref    Use Iface   U     0      0        0 tunbackovpn   UG    0      0        0 tunbackovpn   U     0      0        0 br0   U     0      0        0 tungsrovpn   U     0      0        0 tunrw

The default gateway seems missing?
The old dashboard shows as gateway for green. It also tells me, that DHCP is not checked on green (the only interface).
The old interface has a different view on the gateways as well (diagnostics-network route): dev tunbackovpn proto kernel scope link src via dev tunbackovpn dev br0 proto kernel scope link src dev tungsrovpn proto kernel scope link src dev tunrw proto kernel scope link src

some success:

I added a route to green interface:
metrik: (nothing)

Now routing displays a default route again, and connects to the outside world. However the router IP still has a reverse revolving to neth.server.gsr, the name of the NS instance. (The wrong name is displayed as router). How can I find the culprit?

It may be obvious to you, but I still have no idea about the necessary steps for a right configuration. E.g. the router ip still is answered by the NS webinterface. The second last entry here seems odd:

[root@neth ~]# route
Kernel IP Routentabelle
Ziel            Router          Genmask         Flags Metric Ref    Use Iface
default         router.gsr         UG    0      0        0 br0   U     0      0        0 tunbackovpn   UG    0      0        0 tunbackovpn   U     0      0        0 br0   U     0      0        0 tungsrovpn
router.gsr UH    0      0        0 br0   U     0      0        0 tunrw

Hi @sternkrabbe,

Post a drawing of your network.


Network topolgy is as simple and straight forward as I wrote in posting #1. Everything is connected to a SOHO router. Drawing it would not display additional information. If you need to know anything, I will do my best to provide it.

In desparation, I yesterday ruined the configuration. Now I cannot connect to my NS instance anymore (http/ssh/smb/ping). However I can still ping to nsdc container from a LAN client.

I can physically access the NS server and log in. Services are up and running (tested systemctl status of httpd and smbd).

I will post my last cli commands and the outputs of route and ifconfig in next post, first I need to sort out the desk to work on. I will need to retype everything.

I am very grafeful, if I could reestablish connectivity to the machine.

output of ifconfig at the moment:

br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet    netmask    broadcast
inet6 ...
ether (MAC) txqueuelen 1000 (Ethernet)
RX packets 64976656    bytes 13308934325 (12.3 GiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 254323581    bytes 162071058002 (150.9 GiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

... other interfaces ...

tungsrovpn: flags=4305<UP,POINTTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
inet    netmask destination
RX errors 0 dropped 0 overruns 0 frame 0
TX errors 0 dropped 0 overruns 0 carrier 0 collision 0

output of route at the moment:

Destination    Gateway      Genmask        Flags   Iface
default        router.gsr         UG     br0
...    U     tungsrovpn
router.gsr  UH    br0

I hope, those outputs are helpful. It’ inconvenient to retype it from monitor.

Some more oberservations:

  • LAN client can ping nsdc container at xx.7
  • LAN client cannot ping ns instance at xx.6 (request timeout)
  • ns instance can ping
  • ns instance can ping router.gsr (xx.1) - not sure WHO answers!
  • ns instance connot ping nsdc container at xx.7: no feedback, message after crtl+c: x packets transmitted, 100% packet loss
  • ns instance cannot ping any other client in LAN - same as nsdc container
  • I can access ns webinterface and applications from outside LAN (from the internet), but cockpit is blocked, of course

I think, I need to add a route to LAN via the router. This was exactly what I wanted to do when I messed it up.

On the x.6 machine in network is there a valid gateway set also your previous issues could (not definately though) be something simple like DNS being cached somewhere hence possibly returning an old ip

the output for route shows the setup on x.6 machine.

I assume there is no valid gateway, but I don’t know how to set it.

I understand the last entry of “route” as: route requests for router.gsr ( to (local machine). This entry was automatically generated by the system, not by me.

After a brutal reboot the situation seems to be much better. I need to evaluate.



As german-speaker, you know the old expression (Not only valid for Windows…):

Reboot tut immer gut!

Simplified english translation:
A reboot does a whole load of good!


My 2 cents

PS: Even for Linux, a reboot does start the host with all designated services in the right order…

1 Like


well, it should not aply to a linux system…

I really still need to evaluate the situation, and if there are questions/problems left.

overall, it seems I am back to some of my previous problems:


  • error message: DNS servers are not responding
  • no ping to DNS servers, from NS
  • no nslookup/ping whatsoever to outside world from NS
  • no connection to web interface and applications from outside


  • On the LAN client the IP x.1 now is correctly served by the router again.
  • ping to LAN client from NS is ok
  • ping from LAN client to NS and nscd is ok

Still sounds like there’s no gateway set so it doesn’t know where to send the ping as from what I understand means any IP as in the same as *

in cockpit under system and network is anything set for gateway now (next to GW as per below image)

If not click configure then next and next and set the gateway to correct one I’m assuming for you it would be


yes, cockpit shows the correct gateway there:, which is the router device.

This is actual routing info from cockpit:

Kernel IP Routentabelle
Ziel            Router          Genmask         Flags Metric Ref    Use Iface         UG    0      0        0 br0   U     0      0        0 tunbackovpn   UG    0      0        0 tunbackovpn   U     0      0        0 br0   U     0      0        0 tungsrovpn UH    0      0        0 br0   U     0      0        0 tunrw

Item #1 was manually added in cockpit gui.