LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 06-17-2016, 02:16 PM   #1
etpoole6465
LQ Newbie
 
Registered: Jun 2014
Location: Northwest Metro-Atlanta - Woodstock
Distribution: CentOS 6
Posts: 16

Rep: Reputation: Disabled
How Did I Break My Network?


First off let me say that whatever is broken I did it.

My home environment started off with 3 desktop (wired only) computers, 2 laptop (they use both wired and wi-fi) computers, and 1 wired inkjet printer.

I've a friend that manages one of those mini-storage sites. Someone didn't pay their fees and the contents was confiscated. There was several computers and some other computer related items and he sold them all to me for $500.

So my environment grew to be:
8 desktop computers (3 of these has enough CPU, RAM, Disk to
run KVM - so I did)
2 laptop computers
3 tablet computers
2 smart phones
2 Ethernet wired inkjet printers

Needless to say my hosts file became very large and I seemed to be always updating my paper documentation.

So this one machine where I was running my PostgreSQL DBMS, NFS server, KVM with 5 virtual machines I'll call server A. Server B is running KVM with 5 machines (I install my BITNAMI modules here).

I saw a article on using BIND so I could run nslookup and I could reduce the size of my hosts file, plus I could make it 'look' more professional.

Everything was working well (sort of) until I tried to modify my 2 Windows machines (1 desktop and 1 laptop) and realized that I didn't know how to define 4 name servers in Windows and my 2 eComStation (OS/2 Warp 4) desktops.

So I removed BIND from Server A, restored the hosts file and the resolv.conf. I rebooted server A and I expected that all would be back as it was before I got experimental.

From server A I can ping all of my machines by name and IP address. I cannot ping server A from any other machine on my network. What did I do???

TIA
Gene
 
Old 06-17-2016, 08:57 PM   #2
Ser Olmy
Senior Member
 
Registered: Jan 2012
Distribution: Slackware
Posts: 3,332

Rep: Reputation: Disabled
Quote:
Originally Posted by etpoole6465 View Post
Needless to say my hosts file became very large and I seemed to be always updating my paper documentation.
You say that as if it's a normal thing to be managing name resolution by means of editing hosts files. It really isn't.

You need to set up proper name resolution. Configure a DNS server (BIND is a good choice) to be authoritative for a local zone with a name not found on the Internet, and have all your hosts use that server as their only DNS server.
 
1 members found this post helpful.
Old 06-17-2016, 09:02 PM   #3
wpeckham
LQ Guru
 
Registered: Apr 2010
Location: Continental USA
Distribution: Debian, Ubuntu, RedHat, DSL, Puppy, CentOS, Knoppix, Mint-DE, Sparky, VSIDO, tinycore, Q4OS,Manjaro
Posts: 5,437

Rep: Reputation: 2638Reputation: 2638Reputation: 2638Reputation: 2638Reputation: 2638Reputation: 2638Reputation: 2638Reputation: 2638Reputation: 2638Reputation: 2638Reputation: 2638
1. There is detail missing, but I am thinking you may have trimmed some hosts files and populated resolv.conf on some machines when you implemented bind. Did you put things back when you dropped bind?

2. No one needs four resolvers defined on a machine.


One bind (or other DNS protocol) server is really all you need for a network. A second is nice to have for failover. Your machines no longer know how to find each others address, resolving from names is broken.

You have choices about moving forward:
1. you could put bind back. This is easy enough, set it to forward requests out to your ISP DNS or to google (8.8.8.8 perhaps) to get external addresses, and load up your local net into bind, and aim all of your other machines at your bind server as primary, and the ISP (or google) as secondary. If you have a secondary DNS machine in your network, slide that between the other two in your resolver list.
2. You could research DNSMASQ and implement that insted of bind. It does not need the table structures used by bind, and is easier to manage. It can load local names directly from your hosts file, and forward servers directly from resolv.conf, automagically. You can also configure it as a DHCP server that automagicly loads the resolution tables when it provides IP identity and settings.

I have done both. Either solution will fix up your network.

In either case you need to make sure that your server is responding to DNS requests properly, listening on your network, and that all of your client machines are aimed at it for resolution.

You could also set up a configuration distribution software to keep the hosts files in sync and forget about bind, but that is just ugly.
 
1 members found this post helpful.
Old 06-18-2016, 12:35 AM   #4
etpoole6465
LQ Newbie
 
Registered: Jun 2014
Location: Northwest Metro-Atlanta - Woodstock
Distribution: CentOS 6
Posts: 16

Original Poster
Rep: Reputation: Disabled
The reason I ended up with four name servers because the article I used produced a master on server A and a slave on server B (192.168.1.168 and 192.168.1.169). My ISP provides 2 name servers also, which won't provide nslookup for my internal network.

So I get to my Windows boxes, they only have room for 2 DNS IP addresses. Should I have defined my Windows DNS as 192.168.1.168 and 8.8.8.8? (This would also work on my eComStation (OS/2 Warp 4) boxes)?

I'm going back machine by machine and making sure everything is defined the same, so if it's wrong it will be consistently wrong.

TIA
Gene
 
Old 06-18-2016, 10:17 AM   #5
Ser Olmy
Senior Member
 
Registered: Jan 2012
Distribution: Slackware
Posts: 3,332

Rep: Reputation: Disabled
Quote:
Originally Posted by etpoole6465 View Post
So I get to my Windows boxes, they only have room for 2 DNS IP addresses. Should I have defined my Windows DNS as 192.168.1.168 and 8.8.8.8? (This would also work on my eComStation (OS/2 Warp 4) boxes)?
You only need to specify 1 DNS server, and that should be your internal server. The DNS service on that box should be configured to perform recursive lookups using a forwarder.

You can use any publicly available DNS server as a forwarder, but your ISP probably has at least two servers dedicated to providing DNS services to their customers, so you should consider using those.

Configuring multiple DNS servers on a client doesn't work the way one might expect. The client will only ever use the first server as long as it's available, but will switch to the second if the first doesn't respond or returns an error message. Note that the response "I don't know the IP address or this host" (NXDOMAIN) is not considered en error message. Also, one the client switches to another DNS server, it will keep using it until it's rebooted or another DNS error condition arises.

In other words, you should only specify two or more DNS servers if they all provide the exact same services with regards to resolving names. Your internal master/slave setup certainly qualifies, but mixing internal and external DNS servers is bound to cause problems.
 
1 members found this post helpful.
Old 06-18-2016, 01:00 PM   #6
etpoole6465
LQ Newbie
 
Registered: Jun 2014
Location: Northwest Metro-Atlanta - Woodstock
Distribution: CentOS 6
Posts: 16

Original Poster
Rep: Reputation: Disabled
I'm taking all of the above and will try to get it all together. I'll post the results by evening (EDT) June 19.

And thank you for all of your help.

TIA
Gene
 
Old 06-18-2016, 02:38 PM   #7
rknichols
Senior Member
 
Registered: Aug 2009
Distribution: CentOS
Posts: 4,760

Rep: Reputation: 2208Reputation: 2208Reputation: 2208Reputation: 2208Reputation: 2208Reputation: 2208Reputation: 2208Reputation: 2208Reputation: 2208Reputation: 2208Reputation: 2208
You will probably find it easier to set up dnsmasq rather than bind as your nameserver. It will consult /etc/hosts for the names of your local machines and forward other requests to the upstream nameserver that it picks up automatically from your /etc/resolv.conf. You don't have to bother with setting up local zones and whatnot. dnsmasq will also act as the DHCP server for your network.
 
1 members found this post helpful.
Old 06-18-2016, 05:07 PM   #8
wpeckham
LQ Guru
 
Registered: Apr 2010
Location: Continental USA
Distribution: Debian, Ubuntu, RedHat, DSL, Puppy, CentOS, Knoppix, Mint-DE, Sparky, VSIDO, tinycore, Q4OS,Manjaro
Posts: 5,437

Rep: Reputation: 2638Reputation: 2638Reputation: 2638Reputation: 2638Reputation: 2638Reputation: 2638Reputation: 2638Reputation: 2638Reputation: 2638Reputation: 2638Reputation: 2638
Other things to keep in mind are:
1. you had two DNS servers exactly so that if one failed your clients could fail over to the other. TWO would have been the most useful number unless BOTH failed.
2. Most IP stacks max out at three. you can list a dozen, but only the first three nameservers will EVER be used.

This leads to my preferred settings, set the DNS servers in the local network to forward to ISP servers first, and Google or another public DNS as a third option. Set your CLIENTS to use your local DNS first, a secondary or backup DNS or your ISP DNS second, and a public or fallback ISP dns as third. If you ever fail through all three you have bigger problems than playing with your nameservers alone will fix.

I find bind easy to set up using WEBMIN, more control but more chances to mess it up at command-line and using VI. DNSMASQ is all VI work at first (unless someone has built a WEBMIN module for it, I have not checked) but is easier to configure at that level.

Once set up and working well, I have never had either fail me.
 
1 members found this post helpful.
Old 06-19-2016, 07:13 AM   #9
wpeckham
LQ Guru
 
Registered: Apr 2010
Location: Continental USA
Distribution: Debian, Ubuntu, RedHat, DSL, Puppy, CentOS, Knoppix, Mint-DE, Sparky, VSIDO, tinycore, Q4OS,Manjaro
Posts: 5,437

Rep: Reputation: 2638Reputation: 2638Reputation: 2638Reputation: 2638Reputation: 2638Reputation: 2638Reputation: 2638Reputation: 2638Reputation: 2638Reputation: 2638Reputation: 2638
Afterthought

Windows is NOT limited to having two nameservers. Microsoft just makes you dig deeper into the network settings to find where you can add more.
They do have a point, two should normally be enough.
 
1 members found this post helpful.
Old 06-20-2016, 03:34 PM   #10
biosboy4
Member
 
Registered: Aug 2015
Distribution: Debian, SUSE, NXOS
Posts: 242

Rep: Reputation: 38
We run 2 windblows dc's with no issues. Aherm.. except Micro$oft's buggy active directory and other crap. In general, 1 failover is fine but it's a good idea to integrate an email alert or something.
 
Old 07-05-2016, 07:01 AM   #11
wpeckham
LQ Guru
 
Registered: Apr 2010
Location: Continental USA
Distribution: Debian, Ubuntu, RedHat, DSL, Puppy, CentOS, Knoppix, Mint-DE, Sparky, VSIDO, tinycore, Q4OS,Manjaro
Posts: 5,437

Rep: Reputation: 2638Reputation: 2638Reputation: 2638Reputation: 2638Reputation: 2638Reputation: 2638Reputation: 2638Reputation: 2638Reputation: 2638Reputation: 2638Reputation: 2638
How Did I Break My Network?

etpoole6465: did you get your network as you wanted it?
 
Old 07-05-2016, 11:23 AM   #12
etpoole6465
LQ Newbie
 
Registered: Jun 2014
Location: Northwest Metro-Atlanta - Woodstock
Distribution: CentOS 6
Posts: 16

Original Poster
Rep: Reputation: Disabled
First of all let me thank all of you that responded to my plight.

I got interrupted by work so that is why I've taken so long to reply.

All seems to be working correctly at this time, but what fixed it may surprise you. I saw that I could go from server a to servers b, c, d, etc. The problem was the reverse trip. The temporary solution was to turn iptables (firewall) off. Now who or what changed the firewall I do not know. I must have been implemented at some reboot when implementing bind.

I'm trying to correct the firewall issues so I can turn it back on.

TIA
Gene
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Break free of PRISM with the EFFs PRISM Break site LXer Syndicated Linux News 0 06-19-2013 09:53 AM
Netbeans 7.3: Program does not break at break points when debugging JavaScript OtagoHarbour Programming 0 02-22-2013 03:44 AM
Needs help: Fedora 11 network break johnrobbet Linux - Hardware 1 06-19-2009 02:48 PM
omit / break through network speed limit vermaden General 11 09-05-2006 03:08 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 02:23 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration