Author Topic: Problem with resolving certain names (DNS caching problem?)  (Read 2033 times)

marekj

  • Zen Apprentice
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Hello,
I tried to setup AD on zentyal in one place, where there are some computers connected to vpn (happens on a router not managed by me, don't know the exact details) which allows them to access certain services. Zentyal box is not part of this vpn.

My problem is, no matter if I set up forwarders, enter addresses and IPs in hostnames or as separate domains, it always goes this way:
ping address.tld on computer connected to this vpn works several times and then stops until I change something. Looks like after several tries zentyal tries to cache something, but as it's not part of vpn, it doesn't get the adress. Weird thing is if I add the addresses in hostnames/domains, it's all the same.
How to diagnose this and if that's indeed caching problem, can caching be disabled for several domains, or, if not, for all?

doncamilo

  • Zen Samurai
  • ****
  • Posts: 478
  • Karma: +165/-1
    • View Profile
Re: Problem with resolving certain names (DNS caching problem?)
« Reply #1 on: July 09, 2019, 01:49:06 pm »
Hi Marek!  :)
Could you explain the network topology?
Furthermore, which machine is pinging and which is receiving the ping?
Do you have installed Zentyal on a network published by the VPN server?
Cheers!
- Do my pigeons bother you passing over your land?
- They block the sun!

G. Guareschi., Don Camillo.,

marekj

  • Zen Apprentice
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Re: Problem with resolving certain names (DNS caching problem?)
« Reply #2 on: July 10, 2019, 03:42:54 pm »
Topology is simple. At least the part that I know. I here's image I'll now use as a reference:
https://imgur.com/rr5V3r6

I have forwarder 2.3.4.254 set in zentyal box and dns address in client 1 set to 2.3.4.5.

1. Ping service.tld in client1, and it works.
2. Ping service.tld from zentyal box, which doesn't work (also happens after some time if I don't ping from zentyal box)
3. Flush dns on client1.
4. Ping service.tld on client1 - can't resolve name.
5. Ping 1.2.3.4 on client1 - everything still works.

doncamilo

  • Zen Samurai
  • ****
  • Posts: 478
  • Karma: +165/-1
    • View Profile
Re: Problem with resolving certain names (DNS caching problem?)
« Reply #3 on: July 10, 2019, 05:08:20 pm »
Hi Marek

Client1 and Client2 access to service.tld etc through the VPN. VPN server publish the internal network where is connected the server which you want to reach. VPN creates a sub-network and allocate into the external clients and the internal devices from the published internal networks using NAT transparently.

So, though your zentyal belong to the same network that client1 and client2 on your LAN, actually doesn't belong to the VPN LAN that permets client1 and client2 to connect to de server.tld, etc.

So, you should configure a port forwarding on the remote server that manages the VPN. No matter the configuration you could set on your Zentyal server.tld will be unreacheble for you if the remote manager doesn't configures it to be accessible from the Internet.

Another option could be including the Zentyal server on the VPN as another client.

Cheers!
- Do my pigeons bother you passing over your land?
- They block the sun!

G. Guareschi., Don Camillo.,

marekj

  • Zen Apprentice
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Re: Problem with resolving certain names (DNS caching problem?)
« Reply #4 on: July 10, 2019, 08:42:59 pm »
I know that zentyal box doesn't belong to vpn, but it doesn't have to and I don't want it to be part of it.
I only want to reliably translate service.tld to 1.2.3.4, and right now it only works for a moment after restarting DNS service on zentyal, and then stops.
Clients have access to vpn adresses, but names work only until they are cached by zentyal box, which can't access them. I would like it not to cache those. Maybe I'm mistaken, and it's not because of caching, but if it translates first, and then doesn't, it looks like caching to me.