DNS registration of eth2 interface manifest in VPN problem

[vitaebela]

Hi all,

I'm new to Zendial so please have understandig if i ask for something stupid. Im testing zentyal in lab enviroment and I can only say that he is so AMAZING that I did not played Battlefield for past two weeks since I installed Zentyal . All features ar up and running as expect the one problem regarding VPN clients dns resolving.

Here is my scenario:

Zendyal server (lab enviroment) zentyal.test.com
eth0 192.168.10.1
eth2 192.168.16.1
eth1 10.9.1.1 (WAN) connected to IPCop firewall

Networks
192.168.10.0/24 internal network
192.168.12.0/24 OpenVPN road warriors
192.168.16.0/24 Wireless network with Captive portal enabled

When connected my road warriors clients resolves zentyal.test.com host as ip of eth2 (192.168.16.1) and normaly they cannot access server by name. NSLOOKUP command show result:
zendyal.test.com
192.168.16.1
192.168.10.1

When I restart DNS server from dashboard nslookup shows only 192.168.10.1 and everything works fine for about 10 minutes and then the server again registers itself in DNS with address 192.168.16.1 of the eth2 interface. In the DNS administration there is not host with IP address 192.168.16.1 Is there any way to disable eth2 interface to register itself in DNS?

I think this is enough information but I can write some more if needed.

PS When using nslookup queries IP addresses of zentyal.test.com 192.168.16.1 and 192.168.10.1 changes order. After few queries 192.168.16.1 becomes first in order and after few more queries it becomes second in order, seems like strange behavior.

Thank You all in advanced!

[vitaebela]

Oh yes, when eth2 disabled and DNS service restarted everything works fine 

[vitaebela]

no 192.168.16.1 ip address in resolve.conf

Also I tried to put interface eth2 before eth* int /etc/resolveconf/network-nterfaces and no luck...

[vitaebela]

resolv.conf

domain test.com
search test.com
nameserver 127.0.0.1
nameserver 192.168.10.1



nslookup

Server:         127.0.0.1
Address:        127.0.0.1#53

Name:   test.com
Address: 192.168.16.1
Name:   test.com
Address: 192.168.10.1

[christian]

Does this page help ?
Especially section stating:

Code: [Select]

You now have access to the data server from both remote clients.
If you want to use the local Zentyal DNS service through the private network, you need to configure these clients to use Zentyal
 as name server. Otherwise, it will not be possible to access services by the hosts in the LAN by name, but only by IP address
 

[vitaebela]

Hi Christian,

Thx for link, but I push DNS server to my clients and they can succesfuly connect by name to zentyal but only when my "WiFi" network interface eth2 is disabled. Problem is that the clients get wrong answer from server, ip address 192.168.16.1 when it should be 192.168.10.1, again only when is eth2 with 192.168.16.1 address up. I can't find that 16.1 address nowhere in the configuration files but she is present in the DNS so I asume its because the interface eth2 is registering its address in DNS somewhere. In my scenario I would like to disable that.


Maybe I got all totaly wrong but I'm here to learn so if I'm wrong please help me to understand.

[vitaebela]

Is there in Zentyal something like avahi-deamon? 

[vitaebela]

arghhhhh this is so frustrating!    I searched entire internet and I cannot find equivalent for this opetion like in attach. Can someone at least show me the right direction to search/read?

[christian]

What do you exactly try to achieve ?
You're showing Microsoft Windows screen copy and ask for equivalent option 

Joke aside, what do you target ?
I've the feeling that you have quite specific environment because not made of Zentyal only (from infrastructure standpoint I mean) but I don't clearly understand what your problem is neither what you want to achieve with such "DNS registration" feature (well I think I guess but would like to understand better)

[vitaebela]

No its not joke this is option in Windows that would solved my problem I need same thing in zentyal. Its hard to believe that is  not possible.

When my local test.com domain is queried by client result is:

Server: zentyal.test.com
Address: 192.168.10.1
> test.com

Name: test.com
Address: 192.168.16.1 (ip address of eth2 interface)
Name: test.com
Address: 192.168.10.1 (ip address that needs to be alone here)


All I want is that the address 192.168.16.1 is not present here in dns answers.
The answer should look like:

Server: zentyal.test.com
Address: 192.168.10.1
> test.com

Name: test.com
Address: 192.168.10.1


Do You understand me now?

[vitaebela]

I've the feeling that you have quite specific environment because not made of Zentyal only (from infrastructure standpoint I mean) but I don't clearly understand what your problem is neither what you want to achieve with such "DNS registration" feature (well I think I guess but would like to understand better)

I want to achive that my clients got right answer from DNS server without IP addres of second eth2 interface so they can normaly access to zentyal server shares.

Thank You in advaced

[christian]

no I don't understand. Sorry 

Let me explain why:

Code: [Select]

nslookup

Server: zentyal.test.com
Address: 192.168.10.1
This means "let's use zentyal.test.com as primary DNS server" It will basically send queries to THIS server.
So far so good 

Code: [Select]

> test.com

Name: test.com
Address: 192.168.16.1 (ip address of eth2 interface)
Name: test.com
Address: 192.168.10.1 (ip address that needs to be alone here)
This one I don't understand, unless if you look for the "default address to be used when no host is specified".

What's did you set (or what is set if this is done automatically on your behalf) in the "IP address" column for this domain ?
My personal point of view, although not shared here, I know this, is that services should be reached using fqdn made host host & domain.

I'm under the impression that you try to reach Zentyal typing domain name rather than fqdn. Am I correct ?

[christian]

just to add some inputs in case it helps:

- I do run Zentyal on server running multiple interfaces.
- there is not address associated to "domain" as this is meaningless for me

if I type "nslookup mydomain.com.", there is no answer
Zentyal DNS contains A record looking like "zentyal.mydomain.com" for one single interface and I don't have multiple entries with similar name (either A record or CNAME) pointing to different addresses.

So hopefully I don't face your problem and suspect problem is due to wrongly duplicated entry somewhere.
Is it due to captive portal (that I don't use) ?

Did you look at the result of:

Code: [Select]

dig -tAXRF test.comand check for unexpected entry ?

[vitaebela]

OK so You don't know how to stop DNS registration of specific interface  Thanks for the little DNS school but I would not get into who needs what.
I make some screen shots so You can see the problem

Before everything, ip address 192.168.16.1 is not configured nowhere in the zentyal administration accept "Network interfaces". Also this ip address is not present in the resolve.conf 

1. picture is zentyal DNS server ip address and A host conigured. You can see that the zentyal A host is used only with IP 192.168.10.1
2. picture is dig results you asked
3. picture is Client network interface config when connected to zendyal VPN. As You can see the dns server for the client is pushed right
4. picture is Ping reply when client ping zentyal

I belive the problem is in the captive portal but if i manage to stop that iterface registering in DNS I have solutiion for problem. Because that I would like to know what system file or service puts 192.168.16.1 in the DNS?

Sorry for bad english and thank You very much for Your intrest in helping me.

Kind regards
Igor

[christian]

Igor,

I was thinking that such process would not exist in Zentyal except for DHCP clients.
But, based on what you were showing, I made some additional tests with my 3.1 platform (2.2 doesn't exhibit such problem and I don't have 3.0 platform)

Indeed on 3.1, trying

Code: [Select]

dig -t A mydomain.comI notice there is one A record for each interface while DNS doesn't contain "generic IP" for the domain and only one host entry for one interface.

odd isn't it
then I decided to stop this "file sharing" module  an now dig returns only entries that are indeed regristered in DNS "host" interface.

Are you running file sharing module too ?