Request Help Resolving LAN Names and IPs

[SamK]

Hoping to find some advice on how to get DNS working.  At this stage only resolution of names/address on the LAN is needed not registering a domain with an external provider.

ROUTER
IPAddress=192.168.0.1
DNS as provided by ISP
DHCP for LAN providing reserved/static IPs for servers and dynamic IPs for workstations



EBOX MACHINE
IPAddress=192.168.2.3 (static)
Hostname=BASE

Dashboard reports DNS as Running
Module Status reports DNS as enabled (ticked)
DNS created Domain=TESTDOM, IPAddress=192.168.2.3
DNS-->Hostname=Ubu810Min, IPAddress=192.168.2.108 (dynamic) Workstation on LAN
Network-->DNS reports 1st Nameserver=192.168.2.3, 2nd Nameserver=192.168.2.1 (reordered to place eBox 1st)



Network-->Diagnosis
ping 192.168.2.1=successful

lookuo TESTDOM=; <<>> DiG 9.4.2-P2 <<>> +time=3 TESTDOM
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 21267
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;TESTDOM.         IN   A

;; AUTHORITY SECTION:
.         8679   IN   SOA   A.ROOT-SERVERS.NET. NSTLD.VERISIGN-GRS.COM. 2009042200 1800 900 604800 86400

;; Query time: 16 msec
;; SERVER: 192.168.2.1#53(192.168.2.1)
;; WHEN: Wed Apr 22 15:38:43 2009
;; MSG SIZE  rcvd: 100



cat /etc/resolv.conf
nameserver 192.168.2.1
Is this correct? Should 192.168.2.3 have been added by eBox?

Resolution via the WAN (ISP DNS) is working OK but not inside the LAN.

[sixstone]

You may ask for the DNS record "TESTDOM" to eBox in 192.168.2.3. Change your /etc/resolv.conf to point eBox or ask directly to eBox by running this command:

Code: [Select]

$ dig @192.168.2.3 TESTDOM

Best regards,

[SamK]

Change your /etc/resolv.conf to point eBox

Thanks for the advice sixstone,   
should /etc/resolv.conf contain references to to both 192.168.2.3   and   192.168.2.1?    If not how would names/addressess outside the LAN be resolved?   If yes is the order in which they are listed significant?

[sixstone]

Hi SamK,

The order is significance. First one will be asked firstly, if it doesn't answer. The second one is queried. I'd go for putting eBox as primary DNS server and the router as second one.

Best regards,

[SamK]

The order is significance. First one will be asked firstly, if it doesn't answer. The second one is queried. I'd go for putting eBox as primary DNS server and the router as second one.

Is this intended to be conducted by Network-->DNS?  It does not happen in the test installation.  Is this a known issue with the current version of eBox or a problem with the test installation?

[poundjd]

Sam,
     eBox is a network infrastructure server, router, DHCP server, DNS Server, and the list goes on.  So even though SixStone recommended that you place eBox as the FIRST dns server it is still the "Network" providing the answer.

     Also, Bind (the program that the DNS module configures) will forward DNS queries for domains that it does not know about to your ISP provided DNS servers, which will further refer the queries to the DNS cloud to get the answer.  These servers are recursive in that if they don't have the answer they will ask someone else and then forward that answer to you.
Does this help?
-jeff

[SamK]

Hello Jeff,
DNS is working OK now, and was at the time of my previous post.  This was achieved (using a work-around) by placing an entry in /etc/resolv.conf referring to the eBox DNS.  The resolv.conf file is recreated each time networking is (re)started which thereby removes the reference to the eBox DNS.  My solution to this is to place a reference to the eBox ip address in /etc/dhcp3/dhclient.conf.

Code: [Select]

prepend domain-name-servers 192.168.2.3;Upon network (re)start, this is then automatically written to /etc/resolv.conf and placed before the router based DNS ip address.  Other than for testing purposes, I prefer not to manually edit the files.

My question to sixstone was really asking if this was the way in which eBox is intended to work when using the web-gui via Network-->DNS.  If this is the case, it is preferreable to manually editing files and helps avoid "work-around" solutions. 

In the system under test (without the work-around), using eBox web-gui, Network-->DNS and then entering the eBox DNS and reordering the entries to place it at the head of the list, produces no change to the manner in which the system works.  The LAN workstations do not make use the eBox DNS even after pointing them locally (via /etc/resolv.conf) to the eBox ip address.  It was this lack of action that I requested be clarified; is it a known problem with the current stage of eBox development or is it related to the machine under test.

Hope this helps explain the previous post.  I really appreciate your input in this matter, many thanks.

[sixstone]

Hello SamK,

The workstations must point to eBox DNS server via /etc/resolv.conf. To do so, you may change your DHCP server configuration (currently in your router). Network --> DNS configures your eBox /etc/resolv.conf. Take into account the first nameserver you set will be the first nameserver to query.

As Jeff said above, if eBox doesn't know the answer for a DNS query, it will forward it to the DNS system.

In order to check if eBox DNS server is running properly, try the dig command with your configured domain.

Best regards,

[SamK]

The workstations must point to eBox DNS server via /etc/resolv.conf. To do so, you may change your DHCP server configuration (currently in your router).

Thanks for this, I will investigate this later and separately to avoid the thread becomming too complicated.

In order to check if eBox DNS server is running properly, try the dig command with your configured domain.

Network-->Diagnosis-->Name Resolution-->Domain=TESTDOM

Code: [Select]

; <<>> DiG 9.4.2-P2 <<>> +time=3 TESTDOM
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 34586
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;TESTDOM. IN A

;; AUTHORITY SECTION:
. 10800 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2009042301 1800 900 604800 86400

;; Query time: 64 msec
;; SERVER: 192.168.2.1#53(192.168.2.1)
;; WHEN: Fri Apr 24 10:32:06 2009
;; MSG SIZE  rcvd: 100

Network --> DNS configures your eBox /etc/resolv.conf. Take into account the first nameserver you set will be the first nameserver to query.

Does this mean that when a DNS is created in eBox and configured in Network-->DNS it should appear in /etc/resolv.conf on the eBox machine?  This does not happen on the machine under test.  Even after restarting networking or a full reboot /etc/resolv.conf only contains a single reference to 192.168.2.1 (router)  and no reference to 192.168.2.3 (ebox).

[sixstone]

In order to check if eBox DNS server is running properly, try the dig command with your configured domain.

Network-->Diagnosis-->Name Resolution-->Domain=TESTDOM

Code: [Select]

; <<>> DiG 9.4.2-P2 <<>> +time=3 TESTDOM
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 34586
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;TESTDOM. IN A

;; AUTHORITY SECTION:
. 10800 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2009042301 1800 900 604800 86400

;; Query time: 64 msec
;; SERVER: 192.168.2.1#53(192.168.2.1)
;; WHEN: Fri Apr 24 10:32:06 2009
;; MSG SIZE  rcvd: 100[/quote]
As you may notice, eBox is querying to 192.168.2.1 instead of 127.0.0.1 (localhost). Your /etc/resolv.conf is being overwritten by DHCP client.

Does this mean that when a DNS is created in eBox and configured in Network-->DNS it should appear in /etc/resolv.conf on the eBox machine?  This does not happen on the machine under test.  Even after restarting networking or a full reboot /etc/resolv.conf only contains a single reference to 192.168.2.1 (router)  and no reference to 192.168.2.3 (ebox).

Is there any eBox interface configured as DHCP? If so, then the /etc/resolv will be overwritten. Why don't you change your DHCP server from router to eBox?

Best,

[SamK]

As you may notice, eBox is querying to 192.168.2.1 instead of 127.0.0.1 (localhost).

This is a totally standard installation from the eBox CD-ROM, to a dedicated eBox machine no changes have been made manually to the defaults.  /etc/hosts shows:
127.0.0.1   localhost
127.0.1.1   BASE
What might account for ebox not querying localhost and how to ensure it does?  If 192.168.2.3 is manually added in /etc/resolv.conf (via prepend in/etc/dhcp3/dhclient.conf) all is OK.

Is there any eBox interface configured as DHCP?

None

Why don't you change your DHCP server from router to eBox?

At present I am evaluating eBox and would prefer to leave DHCP with the router as this has been working reliably for a long time.  This will also reduce the number of new elements to be considered.

[sixstone]

As you may notice, eBox is querying to 192.168.2.1 instead of 127.0.0.1 (localhost).

This is a totally standard installation from the eBox CD-ROM, to a dedicated eBox machine no changes have been made manually to the defaults.  /etc/hosts shows:
127.0.0.1   localhost
127.0.1.1   BASE
What might account for ebox not querying localhost and how to ensure it does?  If 192.168.2.3 is manually added in /etc/resolv.conf (via prepend in/etc/dhcp3/dhclient.conf) all is OK.

Setting Network --> DNS to 127.0.0.1 as first row, then 192.168.2.1 as second row.

If there is no DHCP client running in eBox, why do you set a prepend statement in dhclient configuration? The /etc/resolv.conf is definitely overwritten by dhclient process after acquiring the IP address. If you set your dhclient configuration not to overwrite the /etc/resolv.conf will work as well.

Best,

[SamK]

Setting Network --> DNS to 127.0.0.1 as first row, then 192.168.2.1 as second row.

Added Network --> DNS to 127.0.0.1 as 1st entry
Moved Network --> DNS to 192.168.2.3 as 2nd entry
Moved Network --> DNS to 192.168.2.1 as 3rd entry
Saved without errors

Network-->Diagnosis-->Name Resolution-->Domain=TESTDOM

Code: [Select]

; <<>> DiG 9.4.2-P2 <<>> +time=3 TESTDOM
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 8999
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;TESTDOM. IN A

;; AUTHORITY SECTION:
. 5955 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2009042301 1800 900 604800 86400

;; Query time: 52 msec
;; SERVER: 192.168.2.1#53(192.168.2.1)
;; WHEN: Fri Apr 24 11:52:50 2009
;; MSG SIZE  rcvd: 100

cat /etc/resolv.conf
nameserver 192.168.2.1

If there is no DHCP client running in eBox, why do you set a prepend statement in dhclient configuration?

This is the only way I could find to

• make the ip address appear in /etc/resolv.conf
• ensure the eBox ip address appears before the router ip address

The /etc/resolv.conf is definitely overwritten by dhclient process after acquiring the IP address. If you set your dhclient configuration not to overwrite the /etc/resolv.conf will work as well.

I am quite willing to attempt this.  Can you provide some guidance on how it is performed?  Is this overwriting happening during the eBox saving of changes?

[poundjd]

Sam,
     I understand testing, I have built my eBox machine at least 20 times (sometimes it seems like hundreds) in the last few months. I still have issues that I need to understand.  So fare most of them have been educational for me, which is one of the reasons that I started this whole process. 

      Also Thanks for the kind words above.

      ALL configuration files for the services enabled by eBox are re-written when Changes are saved by eBox.  The source for these re-writes are stored in a file with the same name as the configuration file with ".mas" added to the file name.  This is how eBox handles the configuration and integration of these services. 

      They use a language called mason, which includes both "mason" and Perl language constructs.  So if you want to change a configuration in a way that eBox does not allow for, and you want it to survive the next change, you need to change the ".mas" file.  This is why I have been learning mason and Perl.   

      The DHCP client and server use the same configuration files.  Also I believe that when the DHCP server and the DNS server are active on the eBox the DHCP server updates the DNS server when new leases are granted.  This is one reason that it is standard practice for DHCP servers and internal DNS servers to be placed on the same box.

      If you get far enough in your testing you could put a computer behind the eBox and allow it to use the eBox as a gateway.  This would require that one of your NICS be marked as external.  This could make a lot of other things easier latter.

-jeff

[SamK]

I understand testing, I have built my eBox machine at least 20 times...   ... So fare most of them have been educational for me, which is one of the reasons that I started this whole process.

Off Topic
I have read your posts in other eBox threads on this forum commenting on the frustration and rewards of Linux; in general they a views which I also hold.   eBox as a Linux 'product' is very promising and attempts to simplify the construction of a 'server' in a manner which is familiar in the MS world.  In order to encourage its continued development and uptake by new users it needs to be understood.  Up to now, the support given via this forum is responsive and well informed.  The developers are to be congratulated on their efforts.

On Topic
Various (non-eBox) servers have been built based on Ubuntu 6.06-Server LTS and 8.04-Server LTS.  In both of these versions /etc/resolv.conf is overwritten each time networking or the machine is (re)started.  sixstone has advised that /etc/resolv.conf should contain references to DNS ip addresses created in eBox.  This would seem to imply that eBox has a means of providing the required addresses to /etc/resolv.conf.  In order to work with a DHCP service external to eBox, it would seem that eBox needs to add the eBox ip details to those of the external DHCP. When an external DHCP is used, the save process does not currently preserve (in /etc/resolv.conf) the changes made to DNS in eBox.

The use of a non-eBox DHCP service is likely to be widely adopted by the SME users that eBox is aimed at.  Have I misunderstood or missed the point in my unfamiliarity with eBox?  Is eBox DNS able to work with a DHCP service not provided by eBox without manually editing the underlying configuration files?

When using Network-->Diagnosis-->Name Resolution-->Domain=TESTDOM, it is unclear why the system under test does not query 127.0.0.1 as advised by sixstone.  This is a default installation made from the eBox1 CD-ROM.  If querying name resolution via the web-gui expects to use 127.0.0.1 where does eBox obtain the address from? (It is listed in /etc/hosts) When using a non-eBox DHCP service I cannot recall the localhost address being listed in /etc/resolv.conf with either of the versions of Ubuntu previously used.