Can't get DNSMASQ DHCP to configure multiple name servers - dns

Perhaps someone has some help? I am running dnsmasq on Ubuntu 12.04 LTS. This server's address is 192.168.15.3. My gateway's DNS is 192.168.1.254, that takes me out to the Internet. I also have a special-purpose DNS at 192.168.15.2. So I wanted to give those 3 name servers to DHCP clients. This is my dnsmasq.conf server= section:
server=/localnet/192.168.15.3
server=/localnet/192.168.15.2
server=/15.168.192.in-addr.arpa/192.168.1.254
However, when I look at the DHCP allocation on a client, I see only 192.168.15.3 as the sole DNS server. Clients cannot access the Internet (the NIC on .3 is configured correctly and can access the Internet from its console login).
Granted, the first server= line is probably not necessary, but I added it thinking it may help, didn't.
What am I doing wrong? Thanks for your help!

OK, after MUCH experimentation, I found I had to push the option manually. In the dnsmasq.conf file, I added the following line:
dhcp-option=6,
like so:
dhcp-option=6,192.168.15.3,192.168.15.2,192.168.1.254
This served the correct list of name servers to DHCP clients.

The server lines are configuration for dnsmasq's own DNS server, about where it should forward DNS requersts that it receives in order to be able to resolve (and cache) them.
Only the dhcp-options are part of the DHCP configuration that get passed to DHCP clients - so, the accepted anser is correct, but I wanted to share why.

Related

Accessing a server using VPN connection

I am trying to connect to a university server using a VPN client. I can connect to the client. Also, if I ping the server by name and by IP address, they both work:
ping servername
ping serveripaddress
However, I cannot access the server from the browser if I type:
\servername
\serveripaddress
and also I do not see anything in Network apart from my own computer. I changed my Workgroup to the correct Workgroup, and it still doesn't work.
Also, as my DNS suffix I use the domain name as well as the FQDN, but it doesn't work either.
I restarted after each of these changes, but it didn't help.
I read that when I have a VPN connection working and I am also able to ping the server to which I want to connect, it is most probably DNS resolution problem. But I do not know anymore what to do (I checked and tried the correct DNS suffixes).
Do you know what should I do more? I am using Windows 7.
Thank you.
It sounds like you're trying to use UNC pathing. Assuming that you're getting your network settings from DHCP, are you getting a WINS server?

DNS: internal and external nameservers

So, I'm on day 3...
I am running an Ubuntu.64-based distribution on a VirtualBox. I have the need to access both external ISP DNS servers, as well as "internal" DNS servers through an OpenVPN connection. At times I need to query the external DNS(#host example.com) through the eth0 interface; sometimes I need to query the VPN "internal" DNS (#host internal.local) through the tap0 interface.
My question is: how do I configure my system to query the correct nameserver-- the ISP DNS or the VPN DNS (for attempting zone transfers, for example)?
I've tried editing resolv.conf to include both external and internal nameservers/domains, with no luck (obviously). I've also tried mitigating the situation with dnsmasq. That got me close (I think).
I realize I can use dig to set the [#server] based on individual queries, but I would appreciate a systemic resolution.
Any help would be appreciated.
I've used the PowerDNS recursor for exactly this situation before; it is in the package pdns-recursor, if you wish to try it. You'll want to set your /etc/resolv.conf to query only 127.0.0.1 should you choose to try this approach.
The forward-zones directive lets you specify which servers to contact for which zones:
forward-zones= ds9a.nl=213.244.168.210, powerdns.com=127.0.0.1
It does look a little strange, since it is one configuration setting that takes multiple values, but you do get to specify exactly which servers are going to provide answers for which domains.

DNS Server Refusing Connection

I am implementing a dns client, in which i try to connect to a local dns server, but the dns server is returning the message with an error code 5 , which means that its refusing the connection.
Any thoughts on why this might be happening ?? Thanks
DNS response error code 5 ("Refused") doesn't mean that the connection to the DNS server is refused.
It means that the DNS server refuses to provide whatever data you asked for, or to do whatever action you asked it to do (for example a dynamic update).
Since you mention a "connection", I assume that you are using TCP?
DNS primarilly uses UDP, and some DNS servers will refuse all requests over TCP.
So the solution might be as simple as switching to UDP.
Otherwise, assuming you are building your own DNS client from scratch, my first guess would be that you are formatting the request incorrectly. Eventhough the DNS protocol seems fairly simple, it is very easy to get this wrong.
Finally, the DNS server may of course simply be configured to refuse requests for whatever you are asking.
explicitly adding the network from which i wanted to allow-recursion fixed this problem for me:
these two lines added to /etc/bind/named.conf.options
recursion yes;
allow-recursion { 10.2.0.0/16; };
Policy enforcement?
The DNS server could be configured to accept only connections from certain hosts.
Hmm, if you're able to access StackOverflow you have a working DNS server SOMEwhere. Try doing
host -v stackoverflow.com
and look for messages like
Received 50 bytes from 192.168.1.1#53 in 75 ms
then pick the address out of that line and use THAT as your DNS - it's obviously willing to talk to you.
If you're on Windows, use NSLOOKUP for the same purpose. Your name server's address will be SOMEwhere in the output.
EDIT:
When I'm stuck for a DNS server, I use the one whose address I can remember most easily: 4.2.2.2 . See how that works for you.
You might try monitoring the conversation using WireShark. It can also decode the packets for you, which might help you determine if your client's packets are correctly encoded. Just filter on port 53 (DNS) to limit the packets captured by the trace.
Also, make sure you're using UDP and not TCP for queries; TCP should be used primarily for zone transfers, not queries.

xampp server (How to get up and running)

I've been developing locally on a little ubuntu netbook with xampp for about 7 months. Two weeks ago I got a computer I'd like to use as a server. I've installed the latest Ubuntu distribution and xampp, moved all my files over, and forwarded port 80. I've also got a domain name from dyndns.com which is being updated by a client which runs in my router (a Netgear WGR6154 v8).
Now, when I try to access my server by typing in the address I got from dyndns.com the browser loads until it timesout. I can access everything locally using localhost as the address so I believe xampp is running, just unable to connect with the internet.
In order to be able to view my files over the internet what should I do next?
Thanks to all in advance...
[I'm starting a bounty for the first person to help me get my files successfully online]
You have a combination of issues here, and that is something of a problem. Each issue is complex in an of itself. Here is what I would recommend to get you going for certain.
First verify that you can surf the web from your server. This will confirm that you have a working ethernet interface.
Step 1 make sure that XAMPP, and your files are viewable from your home network. I assume you are using something like 192.168.1.X for your network and perhaps your server is 192.168.1.10
Go to another computer in your house and type http://192.168.1.10/ and see if you can see your files. If you can then you know that the server is properly configured and XAMPP is working.
Then add an entry to your hosts file to resolve yourdnsrecord.com (or whatever your dyndns record is) to your private ip address. Then when you type yourdnsrecord.com into a browser from that computer you should still get your files. This will rule out your server being improperly configured to listen for that domain name.
Next you need to test to see if there is a firewall problem. To simplify this, first remove your home router from the equation. Instead, place your new server directly onto your internet connection. (assuming you can). This way, you do not need to have NAT or firewalls properly configured. Your dyndns name should map to a public IP and your server should then have that IP and be connected directly to the Internet. If you have your server directly connected, and the command ifconfig from the root prompt returns the same public IP address that your dynamic dns record is point to, then it should work.
It will make your life easier if you have an iphone or some other way to test how your network is seen from the Internet.
If your public IP as shown by ifconfig is different than the IP record in your dyndns account, then your dynamic dns update script is broken. manually set the IP, and see if things work.
It is very possible that this will not work. Some ISPs firewall port 80 preventing their subscribers from hosting servers. Once you have your server directly connected to the internet you can test this (even if your dns is not working) by using the public IP address. As root, type ifconfig from the command prompt to get your public ip address. Then type the command tcpdump -i eth? port 80 from the root prompt. eth? needs to be the same interface that you saw had a public IP address from the ifconfig command. usually this is eth0 but it might be wire0 or something like that.
This command will show you all traffic coming on port 80 to your server.
From an iphone (or whatever second Internet connection you have) browse to the IP address that you got from your ifconfig command. If you see something on your server (and it is directly connected to your ISP) then your ISP is not firewalling you.
If you can get to your server, when it is directly connected to the Internet, either by IP address or by DynDNS address, then your ISP is OK and it is time to debug your firewall.
Two things need to work for your firewall to be configured NAT, where the public address that your router gets from your ISP is converted into your private network and a firewall rule which permits that traffic. If you get this far, then you know your firewall is the problem and then it is just a matter of getting its configuration correct. There are far to many home routers to document here, but you usually can find how-to instructions for your router for this task from the manufacturers website (usually it is part of the manual)
If you follow these instructions exactly you will get your system working. Make comments on the process and I will be happy to modify this to make it clearer.
HTH,
-FT
You should make sure your xampp is not listening to only the localhost.
to do so edit your apache configuration file and check and search for Listen directive
you should be able to know also by analysing the output of netstat -a.
After that make sure your router is forwarding properly, using tcpdump would help.
drop me a comment if you need more help.
Cheers

Ping Failure Without IPv6

Our user interface is communicating with another application on a different machine, often connecting using domain names.
On our network, when IPv6 is installed, DNS name resolution works great, all machines can be pinged and contacted fine.
When IPv6 is uninstalled, pinging the same DNS names returns an IP address on some distant subnet (24.28.193.9; local subnet is 192.168.1.1); our application is then unable to communicate. When IPv6 is reinstalled, the DNS resolution corrects itself.
Even without IPv6 when ping is not working, I can still browse other machines using Windows Explorer by entering \\\\MACHINE_NAME\\. I'm not sure why the name resolution seems to work here. We are working in the Windows XP SP2 environment.
The IPs of the machines can be pinged successfully. It is only the DNS names that do not resolve properly.
I looked for the address of our DNS server. All of our computers are pointing at the network gateway, which is a wireless router. The router has the same DNS server address listed when IPv6 is installed as it does when it isn't installed.
The strangest thing is that I just discovered that it does not matter what DNS name I ping. All pings to DNS names return the same address: "24.28.193.9".
I tried flushing the DNS Resolver Cache and registering DNS on the target machine and the source machine. All to no avail. The only DNS name that I can ping is the name of the current machine.
Any thoughts as to why our software can't communicate without IPv6 installed?
UPDATE:
OK, I've done a little more research now.
I looked for the address of our DNS server. All of our computers are pointing at the network gateway, which is a wireless router. The router has the same DNS server address listed when IPv6 is installed as it does when it isn't installed.
The strangest thing is that I just discovered that it does not matter what DNS name I ping. All pings to DNS names return the same address: "24.28.193.9".
I tried flushing the DNS Resolver Cache and registering DNS on the target machine and the source machine. All to no avail. The only DNS name that I can ping is the name of the current machine.
Any other suggestions? Thanks so much for your help.
You've got multiple things going on here
DNS Name resolution
Windows Name resolution
IP-IP ICMP communication
You've written your question as if there's a problem with #3, but everything you describe points to the problem actually being with #1. If you take resolution out of the question, can you ping the correct IPs with our without IPv6 installed?
It sounds like maybe you have an IPv6 name server installed that has correct information and the IPv4 name server is incorrect? Are you receiving name servers via DHCP or hard coding? What are the IPs of the name servers you are using when IPv6 is installed and when it isn't?
I know this is a late answer, but in case someone else has the same problem, the key is the IP address, "24.28.193.9". A quick Google search reveals it seems to be related to your ISP completely breaking the DNS protocol by returning a fixed IP address for all non-existent domain names (the correct answer would be NXDOMAIN). Your network gateway is most probably just forwarding your queries to your ISP's name servers.
Your systems are relying on the correct operation of the DNS protocol. They are expecting a NXDOMAIN answer before querying the name via other methods (most probably NetBIOS name resolution). Since the DNS server is completely broken and returning an incorrect answer, the correct address is never looked up.
The reason installing or uninstalling IPv6 changes the situation is most probably because something related to it is changing the name resolution order (to look up using other methods before trying DNS). So, a workaround would be to change the name resolution order yourself.
The real fix would be to either change to a better ISP (one which does not break established protocols) or run your own DNS server (which is what I started doing on all systems I administer ever since VeriSign pulled a similar stunt; theirs was even worse in that changing ISPs made no difference at all).
References:
Warning: Road Runner DNS says nonexistent domains exist

Resources