Ubuntu 18.04 - How can I ignore offline DNS servers? - dns

My case is as follows:
While at office, I use site-to-site VPN and my DNS servers are part of the office domain, which can be accessed only through the VPN.
While at home, I can connect to point-to-site VPN and DNS is working just fine.
The problem occurs while not connecting to the VPN in either way. I'm using systemd-resolved and my first 2 DNS servers are the domains servers, while the rest of the DNS servers can be reached without VPN.
Every request is sent to the first 2 servers, waiting for their response and since they are unreachable, it will take a few seconds for each request to reach a working DNS server.
My question is, can I set the system to ignore unreachable DNS servers for defined time before trying them again?

You can use work around with simplest script. If your VPN is off just change DNS. like this for example.
status=$(systemctl is-active --quiet service "your vpn site-to-site.service" && echo "running" );
if [ "$status" != "running" ]
then
"put your command here to change DNS when VPN is OFF"
else
"put your command here to change DNS when VPN is ON"
fi
Of course you can also checking current DNS settings to prevent no needed
the same changes in file if you will use cron for example.
I can help you with this script, but I need to see your
/etc/systemd/resolved.conf first. Of course without original IP

Your DNS settings should also be dynamically configured. If (for whatever strange reason) that is not possible, you have two options:
You can do some tweaking in your /etc/resolv.conf by adding line
options timeout:1
This will make internal resolver wait max. 1 second for answer before trying the next nameserver (default value is 5)
Install local DNS server, preferably lightweight one like dnsmasq or unbound. Configure it to forward requests for "example.com" to your internal DNS servers, and all other requests to default (public) DNS servers. Configure your OS resolver to use local DNS server.

Related

Where are DNS resolvers pulled from with dnspython?

I am trying to develop a python script using dnspython to do forward lookups by hostname only instead of FQDN. This obviously has a dependency on DHCP Option 15(connection specific DNS Suffix). When I do:
from dns import resolver
servs = resolver.Resolver()
print(servs.nameservers)
I see a DNS resolver that is not a part of the list of DNS servers in ipconfig /all. This DNS server sometimes causes issues because sometimes this is the first DNS server that dnspython uses for lookups. How can I find out where this DNS server is coming from and how can I get rid of it?
UPDATE
I just ran Get-DnsClientServerAddress in power shell and that rouge DNS server does not show up as a known DNS server for any of my interfaces

run 3 web servers on the same port

Well i have a machine and i want to do a very simple thing, on this machine i have 3 DNS records,
for example 111.111.111.111 is the ip of the machine itself
test1.whatever.net - 111.111.111.111
test2.whatever.net - 111.111.111.111
test3.whatever.net - 111.111.111.111
We would like the traffic coming through each DNS record to be
handled by each corresponding service.
Create 3 very simple scripts that act as a website using any language
or platform (suggested NodeJs), that echo the name of the service
when calling the DNS record (e.g. "service1", "service2" and
"service3").
how do i do that?
All of the services must run on port 80
The machine is AWS Linux 2
What http server are you using?
Usually you can solve this issue with creating virtual hosts. In Apache it would look like this: https://httpd.apache.org/docs/2.4/vhosts/examples.html
There you can define, based on the DNS request, which folder the webserver should use to present the client.
Another option, but this might be more complex, when you setup an nginx proxy. https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/

DNS invalid records

I am having a bit of a head ache trying to setup my own HA solution with docker and nginx in the front acting as a load balancer.
They are actually configured by now. But as a fallback if the main node shuts down, I want to use another one since the nginx configuration for load balancing is replicated.
I thought that if I have two nodes, both set up with PowerDNS (alongside with nginx and docker), and I set those DNS servers to one of my domains, when a node shuts down, since the node is carrying the DNS server, subsequent requests will fetch the info from the other DNS server, in which the A record is configured to point to the local IP (and that way, points to the other load balancer).
Seems like I can't make that work.
Given that I have the following servers:
server_1 IP = 1.1.1.1
server_2 IP = 1.1.2.2
Each of them have a DNS server set up with PowerDNS (and fully functional, according to dig and other tests).
I got my domain DNS servers pointing to them:
ns1.example.com ---> 1.1.1.1
ns2.example.com ---> 1.1.2.2
ns1.example.com DNS server has:
example2.com A 1.1.1.1
ns2.example.com DNS server has:
example2.com A 1.1.2.2
So. Shouldn't example2.com point to 1.1.1.1/1.1.2.2 when both servers are running, but when the first server is not available, point to 1.1.2.2?
Well. When I shut down the first server and try, it gives me the IP of the first server instead of the second.
Even dig example2.com #ns2.example.com is giving me the IP defined in the A record for example2.com in the first DNS server.
Am I wrong, or there's something weird here?
I don't know where you got the idea that name servers are listed in some sort of priority order, but it's just plain wrong. All name servers authoritative for a zone are expected to have exactly the same content. Resolvers chose name servers to ask at random, to spread the load between them. Providing the authoritative servers with differing contents will only give the end users inconsistent results, not anything useful.
Also, you have forgotten that resolvers cache the answers they get. Even if DNS had worked as you thought (which is doesn't), it would have taken a resolver minutes or hours to notice the "failover".

How to set domain name for server inside an OpenVPN-based VPN?

I am currently using a very simple OpenVPN setup where I connect from different devices to a OpenVPN server and then access a website that is being hosted by an Apache Server running on the same system. To reach that server, I have to use its IPv4 adress inside the VPN (e.g. 10.1.0.1).
I would like to use a 'real' name like myserver.local. Is there a way to do this without setting up a DNS server? Can the OpenVPN-Client maybe just add an entry to the local hosts-file?
Not without setting up a DNS server, but getting one to work is very easy and can be restricted behind the VPN.
I am using dnsmasq on Ubuntu 14.04 for exactly this purpose. Just install it and add all your hosts to the /etc/hosts-File in the following way:
# Clients on the VPN
10.8.0.1 vpn.lan vpn.lan
10.8.0.8 service1.lan service1
10.8.0.6 service2.lan service2
You can restrict dnsmasq, that it only listens to the tun0-Interface of OpenVPN by adding interface=tun0 to /etc/dnsmasq.conf. You can push the DNS server to your clients by adding push "dhcp-option DNS 10.8.0.1" to your /etc/openvpn/server.conf.
The downside of this solution is, that you have to add every server to /etc/hosts, but for a couple of servers I think it's ok.

what is the Order thru which dns name is resolved for any web application?

I have java based application hosted on my local tomcat server.As per my understanding whenever I type http://us.states.com/myApplication. There is a order browser will try to resolve the DNS name us.states.com. I.e
First it will look for us.states.com in hosts file
Secondly it will look for us.states.com on local DNS server (if it is there)
Last it will look for us.states.com on web (with appending of www in front of us.states.com)
Is that correct?
The first two are correct, the third is not. If it appends www-or not is normally a redirect issue. Hence, DNS name resolving will only be against either local host file or against one or more DNS servers.
One and two are correct. First the hosts file is checked, then your DNS server. There is no 3.
Also, step 2 is not necessarily a DNS server local to your network. It can be specified on your machine (separately from DHCP) or it can be specified by the network. Usually the DNS server is on a machine owned by your ISP, unless you explicitly use a different one. For example I sometimes use Google's public DNS servers (8.8.8.8 / 8.8.4.4) or Level3's (4.2.2.1 through 4.2.2.7 or so).

Resources