LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 06-29-2020, 04:01 PM   #1
pompopom
LQ Newbie
 
Registered: May 2020
Location: Belgium
Distribution: @Home: Debian; @Work: SLES, RedHat, ESXi (if you call that a distro too ;) )
Posts: 9

Rep: Reputation: Disabled
Local DNS server + DynDNS


Hi everyone,

Having a hard time, getting this to work properly
GOAL: I have several hosts (physical) and virtual hosts (web) registered at Dyn.com. The machines are reachable from the outside AND the local LAN (both with the public IP).
In order to limit bandwith usage however my idea was to have an Local PC be able to resolve the internal IP of the host.

So I set up a DNS server. The idea is that this server only resolves hosts which reside on local network. Other requests should be forwarded to Google's or my ISP's DNS.

I now receive a local IP from DNS when connected to LAN and a public IP abroad without having to change config in some applications (as Nextcloud just to mention one)

However when trying to resolve other domains it doesn't behave as it should. The DNS server doesn't forward requests and the DNS times-out. The reason I'm able to browse the web and post this thread is the secondary DNS entry. If I remove this from the dhcp config and provide only my local DNS to dhcp clients, nothing works.

So I started to dive deeper in what was going on. And then it quickly escalated in unbelieve... From the DNS server I can 't ping 8.8.8.8, let alone google.be. From another machine on the LAN I can ping 8.8.8.8 and do nslookups IF I remove my DNS from the config

apt-get update and even an upgrade do work on the DNS server. So network connectivity is alive.

"route" outputs the same beside Iface name
/etc/resolv.conf = same (it wasn't originally, but I copied from the working machine to the DNS)
/etc/nsswitch.conf = same
/etc/hosts = same (besides the actual hostname off course)
Both have ufw running, but when I disable, nothing changes
Traceroute 8.8.8.8 on the DNS server just continues for 30 "hops" and stops
On the working machine output as expected.

I even changed the Iface name to eth0 on the DNS server, as it was the only thing that was different.

Currently bind9 is not even running, but to no avail...

Both machines are physically at the same place, connected to the same switch which is in turn behind a Unifi USG

Code:
root@menelaos:~# uname -a
Linux menelaos 4.19.0-9-686-pae #1 SMP Debian 4.19.118-2+deb10u1 (2020-06-07) i686 GNU/Linux
root@menelaos:~# cat /etc/debian_version
10.4
root@menelaos:~# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         192.168.1.1     0.0.0.0         UG    0      0        0 eth0
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
root@menelaos:~# ping 192.168.1.1
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=17.3 ms
64 bytes from 192.168.1.1: icmp_seq=2 ttl=64 time=0.261 ms
64 bytes from 192.168.1.1: icmp_seq=3 ttl=64 time=4.14 ms
64 bytes from 192.168.1.1: icmp_seq=4 ttl=64 time=0.261 ms
^C
--- 192.168.1.1 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 8ms
rtt min/avg/max/mdev = 0.261/5.502/17.346/7.019 ms
root@menelaos:~# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
^C
--- 8.8.8.8 ping statistics ---
11 packets transmitted, 0 received, 100% packet loss, time 228ms

root@menelaos:~# traceroute 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets
 1  192.168.1.1 (192.168.1.1)  17.545 ms  35.266 ms  64.586 ms
 2  192.168.0.1 (192.168.0.1)  93.811 ms  113.231 ms  131.678 ms
 3  * * *
 4  * * *
 5  * * *
 6  * * *
*SNIP* (it's just always the same line)
25  * * *
26  * * *
27  * * *
28  * * *
29  * * *
30  * * *
root@menelaos:~# apt-get update
Hit:1 http://ftp.be.debian.org/debian buster InRelease
Hit:2 http://ftp.be.debian.org/debian-security buster/updates InRelease
Hit:3 http://ftp.be.debian.org/debian buster-updates InRelease
Reading package lists... Done
root@menelaos:~# apt-get upgrade
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
root@menelaos:~#
I'm out of ideas at the moment...

btw: yes I did try to turn it off and on again...
 
Old 06-29-2020, 04:42 PM   #2
berndbausch
Senior Member
 
Registered: Nov 2013
Location: Tokyo
Distribution: A few
Posts: 4,834

Rep: Reputation: 1435Reputation: 1435Reputation: 1435Reputation: 1435Reputation: 1435Reputation: 1435Reputation: 1435Reputation: 1435Reputation: 1435Reputation: 1435
What does traceroute say on the other machine?
What is 192.168.0.1?
Was menelaos ever able to reach 8.8.8.8?
Can it reach other IP addresses? You say apt update works; normally this requires name resolution. Find out how menelaos manages to resolve the names of the apt repos and reach them.

The return times, double- and triple-digit milliseconds, are suspiciously high for local devices.
 
Old 06-30-2020, 12:37 AM   #3
pompopom
LQ Newbie
 
Registered: May 2020
Location: Belgium
Distribution: @Home: Debian; @Work: SLES, RedHat, ESXi (if you call that a distro too ;) )
Posts: 9

Original Poster
Rep: Reputation: Disabled
Code:
root@achilles:~# traceroute 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets
 1  192.168.1.1 (192.168.1.1)  0.445 ms  0.561 ms  0.689 ms
 2  192.168.0.1 (192.168.0.1)  2.856 ms  4.054 ms  4.482 ms
 3  * * *
 4  * * *
 5  * * *
 6  74.125.32.88 (74.125.32.88)  35.166 ms  19.203 ms  16.536 ms
 7  * * *
 8  dns.google (8.8.8.8)  26.333 ms  23.240 ms  26.549 ms
root@achilles:~#
The 192.168.0.1 is the LAN IP of my modem. I'm in double natting config. So: Public IP->Modem/Router-all-in-one (192.168.0.0)->Unifi USG->Internal LAN (192.168.1.0)

If Menelaos was able to reach 8.8.8.8... I assumed yes, but now I'm not even sure about it. I don't really think the DNS installation has something to do with it.

Machine where everything seems ok:
Code:
root@achilles:~# nslookup telenet.be
Server:         195.130.130.1
Address:        195.130.130.1#53

Non-authoritative answer:
Name:   telenet.be
Address: 195.130.131.38
Name:   telenet.be
Address: 195.130.131.39
root@achilles:~# traceroute 195.130.131.38
traceroute to 195.130.131.38 (195.130.131.38), 30 hops max, 60 byte packets
 1  192.168.1.1 (192.168.1.1)  0.434 ms  0.546 ms  0.737 ms
 2  192.168.0.1 (192.168.0.1)  2.948 ms  3.796 ms  4.599 ms
 3  * * *
 4  * * *
 5  dD5E0FAE9.access.telenet.be (213.224.250.233)  25.120 ms  35.124 ms  36.981 ms
 6  dD5E0F882.access.telenet.be (213.224.248.130)  37.229 ms  13.888 ms  33.073 ms
 7  * * *
 8  * * *
 9  * * *
10  * * *
11  * * *
12  * * *
13  * * *
14  * * *
15  * * *
16  * * *
17  * * *
18  * * *
19  * * *
20  * * *
21  * * *
22  * * *
23  * * *
24  * * *
25  * * *
26  * * *
27  * * *
28  * * *
29  * * *
30  * * *
root@achilles:~# cat /etc/resolv.conf
domain home
search home
nameserver 127.0.0.1
nameserver 195.130.130.1
nameserver 195.130.131.1
root@achilles:~# cat /etc/nsswitch.conf
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.

passwd:         files systemd
group:          files systemd
shadow:         files
gshadow:        files

hosts:          files dns
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis
root@achilles:~#
Machine with problems:
Code:
root@menelaos:~# nslookup telenet.be
;; Got recursion not available from 127.0.0.1, trying next server
Server:         195.130.130.1
Address:        195.130.130.1#53

Non-authoritative answer:
Name:   telenet.be
Address: 195.130.131.38
Name:   telenet.be
Address: 195.130.131.39
;; Got recursion not available from 127.0.0.1, trying next server

root@menelaos:~# traceroute 195.130.131.38
traceroute to 195.130.131.38 (195.130.131.38), 30 hops max, 60 byte packets
 1  192.168.1.1 (192.168.1.1)  17.355 ms  34.260 ms  51.366 ms
 2  192.168.0.1 (192.168.0.1)  19.208 ms * *
 3  * * *
 4  * * *
 5  dD5E0FAE9.access.telenet.be (213.224.250.233)  155.112 ms  116.518 ms  136.221 ms
 6  dD5E0F882.access.telenet.be (213.224.248.130)  173.733 ms  168.250 ms  186.951 ms
 7  * * *
 8  * * *
 9  * * *
10  * * *
11  * * *
12  * * *
13  * * *
14  * * *
15  * * *
16  * * *
17  * * *
18  * * *
19  * * *
20  * * *
21  * * *
22  * * *
23  * * *
24  * * *
25  * * *
26  * * *
27  * * *
28  * * *
29  * * *
30  * * *
root@menelaos:~# cat /etc/resolv.conf
domain home
search home
nameserver 127.0.0.1
nameserver 195.130.130.1
nameserver 195.130.131.1
root@menelaos:~# cat /etc/nsswitch.conf
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.

passwd:         files systemd
group:          files systemd
shadow:         files
gshadow:        files

hosts:          files dns
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis
root@menelaos:~#
The recursion message is a difference, but I have no clue in why.
Seems as if I can ping/reach IP's within my ISP's range, or close enough at least (i.e. apt-get)

The longer roundtrips are because I have set my ISP DNS's for now.

Last edited by pompopom; 06-30-2020 at 02:27 AM. Reason: typo's + additional info
 
Old 06-30-2020, 03:51 PM   #4
pompopom
LQ Newbie
 
Registered: May 2020
Location: Belgium
Distribution: @Home: Debian; @Work: SLES, RedHat, ESXi (if you call that a distro too ;) )
Posts: 9

Original Poster
Rep: Reputation: Disabled
Was missing a firewall rule in the end...
Code:
-A ufw-before-input -m state --state ESTABLISHED,RELATED -j ACCEPT
Basically this allows for traffic related to self initiated traffic to come through.

You can correct me if I misinterpreted the line :-)

Why for some IP's (more local to me) it worked without that rule? Is because I block about 80% of the world's IP's by default based on zone files from www.ipdeny.com

On the working machine I had this rule applied, but I forgot about it...

Time to document I guess...
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] BIND: Add DynDNS host to internal DNS pwatk Linux - Networking 2 12-23-2012 03:59 PM
Problem with internal DNS - dyndns chethanzmail Linux - Networking 9 09-08-2010 03:29 PM
Redirect local DNS query to remote DNS server on non standard port? rock_ya_baby Linux - Server 8 04-13-2010 04:31 AM
sendmail, dns & dyndns questions synfield Linux - General 3 04-26-2003 04:23 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 08:19 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration