Multiroute with Failover DNS not resolving correctly
Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Multiroute with Failover DNS not resolving correctly
Hi All
I am fairly new to linux. I am maintaining a gentoo box, which is running arno iptables, with multi routing plugin enabled, plus a fail over script that swaps over to a different line if one goes down.
Currently we have a line down, the swap over worked correctly but something is wrong with dns.
ping -I eth2 google.com
ping: unknown host google.com
ping -I eth2 8.8.8.8
PING 8.8.8.8 (8.8.8.8) from eth2: 56(84) bytes of data.
I am not sure where the problem lies. I have checked the resolv.conf, it has 127.0.0.1, 168.210.2.2, 8.8.8.8.
I have commented out the 127.0.0.1 to see if that made any difference.
I am hoping somebody can point me in the right direction to resolve this.
Currently both lines are working. Next time I go to the client, I can disconnect the one router causing the fail over and do the same if necessary?
The output of /etc/nsswitch.conf
Code:
# /etc/nsswitch.conf:
# $Header: /var/cvsroot/gentoo/src/patchsets/glibc/extra/etc/nsswitch.conf,v 1.1 2006/09/29 23:52:23 vapier Exp $
passwd: compat
shadow: compat
group: compat
# passwd: db files nis
# shadow: db files nis
# group: db files nis
hosts: files dns
networks: files dns
services: db files
protocols: db files
rpc: db files
ethers: db files
netmasks: files
netgroup: files
bootparams: files
automount: files
aliases: files
Code:
mail ~ # ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=42 time=179 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=42 time=179 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=42 time=179 ms
64 bytes from 8.8.8.8: icmp_seq=4 ttl=42 time=179 ms
64 bytes from 8.8.8.8: icmp_seq=5 ttl=42 time=179 ms
64 bytes from 8.8.8.8: icmp_seq=6 ttl=42 time=179 ms
64 bytes from 8.8.8.8: icmp_seq=7 ttl=42 time=179 ms
64 bytes from 8.8.8.8: icmp_seq=8 ttl=42 time=179 ms
64 bytes from 8.8.8.8: icmp_seq=9 ttl=48 time=428 ms
64 bytes from 8.8.8.8: icmp_seq=10 ttl=42 time=178 ms
64 bytes from 8.8.8.8: icmp_seq=11 ttl=42 time=179 ms
64 bytes from 8.8.8.8: icmp_seq=12 ttl=42 time=179 ms
64 bytes from 8.8.8.8: icmp_seq=13 ttl=42 time=179 ms
64 bytes from 8.8.8.8: icmp_seq=14 ttl=42 time=179 ms
64 bytes from 8.8.8.8: icmp_seq=15 ttl=42 time=178 ms
^C64 bytes from 8.8.8.8: icmp_seq=16 ttl=42 time=178 ms
64 bytes from 8.8.8.8: icmp_seq=17 ttl=42 time=179 ms
64 bytes from 8.8.8.8: icmp_seq=18 ttl=42 time=179 ms
64 bytes from 8.8.8.8: icmp_seq=20 ttl=42 time=179 ms
^C
--- 8.8.8.8 ping statistics ---
20 packets transmitted, 19 received, 5% packet loss, time 19005ms
rtt min/avg/max/mdev = 178.840/192.552/428.340/55.578 ms
mail ~ #
Code:
mail ~ # dig @8.8.8.8 www.google.com
; <<>> DiG 9.9.3-P2 <<>> @8.8.8.8 www.google.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20138
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;www.google.com. IN A
;; ANSWER SECTION:
www.google.com. 288 IN A 74.125.233.52
www.google.com. 288 IN A 74.125.233.50
www.google.com. 288 IN A 74.125.233.48
www.google.com. 288 IN A 74.125.233.51
www.google.com. 288 IN A 74.125.233.49
;; Query time: 192 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Mon Sep 01 09:41:10 SAST 2014
;; MSG SIZE rcvd: 123
I'm assuming that eth2 is solely connected to one ISP? (Assuming no VLAN tags, etc)
If so, can you run tcpdump on that interface while running a ping to 8.8.8.8? I'm wondering if there's something odd about the way the source IP is populated. Possibly some asymmetric routing going on or something.
Eth2 is connected to one ISP with no vlan tags that I know of.
Spoke to the guy who installed the server, today we had issues with the one line. He suggested I run a
Code:
iptables -t mangle -F
After doing that I was able to ping google.com and 8.8.8.8
I assume its something to do with load balancing. I noticed in the script which runs the failover there was a line #iptables -t mangle -F, so I have removed the #.
The one connection is a fiber connection, the other is a 2048mb dsl. The 2048mb line runs the mail.
There is no /etc/sysconfig/ folder on this box. The guy who installed the box wanted me to look at arno iptables originally, but he could not remember where it was installed, and said flush the iptables and see if it works.
There is a file called Mangle_rules which runs as part if the fail over script.
Code:
/sbin/iptables -A PREROUTING -t mangle -p tcp --sport 3389 -j MARK --set-mark 1
/sbin/iptables -A PREROUTING -t mangle -p tcp --dport 3389 -j MARK --set-mark 1
/sbin/iptables -A POSTROUTING -t mangle -p tcp --sport 3389 -j MARK --set-mark 1
/sbin/iptables -A POSTROUTING -t mangle -p tcp --dport 3389 -j MARK --set-mark 1
/sbin/iptables -A FORWARD -t mangle -p tcp --sport 3389 -j MARK --set-mark 1
/sbin/iptables -A FORWARD -t mangle -p tcp --dport 3389 -j MARK --set-mark 1
/sbin/iptables -A PREROUTING -t mangle -p udp --sport 500 -j MARK --set-mark 1
/sbin/iptables -A POSTROUTING -t mangle -p udp --sport 500 -j MARK --set-mark 1
/sbin/iptables -A PREROUTING -t mangle -p udp --sport 4500 -j MARK --set-mark 1
/sbin/iptables -A PREROUTING -t mangle -p esp -j MARK --set-mark 1
/sbin/iptables -A PREROUTING -t mangle -p ah -j MARK --set-mark 1
/sbin/iptables -A PREROUTING -t mangle -p tcp --sport 873 -j MARK --set-mark 1
/sbin/iptables -A PREROUTING -t mangle -p tcp --sport 443 -j MARK --set-mark 2
/sbin/iptables -A FORWARD -t mangle -p tcp --sport 443 -j MARK --set-mark 2
/sbin/iptables -A FORWARD -t mangle -p tcp --dport 443 -j MARK --set-mark 2
/sbin/iptables -A PREROUTING -t mangle -p tcp --sport 143 -j MARK --set-mark 1
/sbin/iptables -A PREROUTING -t mangle -p tcp --sport 1723 -j MARK --set-mark 1
/sbin/iptables -A PREROUTING -t mangle -p 47 -j MARK --set-mark 1
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.