Author Topic: Zentyal 2.2 DNS problem  (Read 5821 times)

vshaulsk

  • Zen Samurai
  • ****
  • Posts: 477
  • Karma: +9/-1
    • View Profile
Zentyal 2.2 DNS problem
« on: September 23, 2011, 03:25:15 pm »
Hello I have reinstalled Zentyal 2.2 last night which has solved some issues I was having, but has now created a completely new one.

My issues is as follows:
I have named my server (hostname: Zentyal)
Under Network-DNS- I have 127.0.0.1 as the first DNS followed by the IP's provided by my dynamic connection to my ISP.
I have several Vlans running.
In the DNS module I have created several domain names (home.lan, wifi.lan, wifi.guest....) I can see that in each entery the NS server is 127.0.0.1
In the DHCP module I have ranges setup and dynamic dns setup.
I also have the cache featured turned on
I am also running transparent proxy at the moment with all firewall rules set just like I have in zentyal 2.0; 2.1 beta; 2.2beta....so not thing different in my setup from how I have been doing it for the last six month.

My problem is the following:
my clients can't seem to resolve DNS enteries of the server.  They can connect to outside websites no problem
Normally if I type the server name (zentyal) I would be directed to the standard webpage. -- this part works.
However if I try the HTTPS version or http://HTTPS://Zentyal:10001 (which is my admin interface) it can't find the page.
Also if I create a Vhost the page is not found.
If I type ns.home.lan it can not find the page.
However if I type the direct IP addresses of each lans gateway (192.168.11.11) than the zentyal webpage shows up.  If I type 192.168.11.11:10001 I can access the administration page.

The server just does not resolve the host names correctly.

What should I be checking??? I don't want to reinstall the hole server again.

Escorpiom

  • Zen Hero
  • *****
  • Posts: 897
  • Karma: +25/-1
    • View Profile
Re: Zentyal 2.2 DNS problem
« Reply #1 on: September 24, 2011, 12:11:17 am »
I'll give it a try, if this information is not correct please add to it.
Zentyal does not resolve your hostnames because there is no DNS record present. This is expected behavior.
You can modify the host file on the client and insert the entries.

Cheers.

Edit: Removed info Authoritative DNS.
« Last Edit: September 24, 2011, 12:19:33 am by Escorpiom »
Marcus' Rule:
Blanks & capitals = avoid it and you'll avoid problems...

vshaulsk

  • Zen Samurai
  • ****
  • Posts: 477
  • Karma: +9/-1
    • View Profile
Re: Zentyal 2.2 DNS problem
« Reply #2 on: September 26, 2011, 05:57:53 pm »
Shouldn't Zentyal automatically update the clients connected through DHCP with the correct DNS server??

I see under the client connections that they are connected to:
home.lan
Gateway: 192.168.11.1
DNS: 192.168.11.1
IP: 192.168.11.100
Subnet mask: 255.255.255.254

So on the client side everything seems to be pointing correctly.  The client is on the correct dynamic dns address and if you type it the ip address in order to resolve the host it gives you the correct one.  Vlad.home.lan

However for some reason when I type that into the browser or the name of some Vhost I created the browser comes back that it can not find the address. 
How can I check whether my internal DNS is being used first in order to resolve domain names???

christian

  • Guest
Re: Zentyal 2.2 DNS problem
« Reply #3 on: September 26, 2011, 06:48:32 pm »
What I don't understand with your explanation is all the "domain related" stuff.
DNS doesn't resolve, like WINS, host names but FQDN, standing for Fully Qualified Domain Name.
This means that "Zentyal" will never be resolved as such but thanks to "search domain" feature, your client will search for zentyal.home.lan and/org zentyal.wifi.lan, depending on what you have set in DHCP or in client IP config stack.

Is that clear to you?

vshaulsk

  • Zen Samurai
  • ****
  • Posts: 477
  • Karma: +9/-1
    • View Profile
Re: Zentyal 2.2 DNS problem
« Reply #4 on: September 26, 2011, 07:18:16 pm »
OK... I see

Then I guess let me change what I am saying.

Until the latest install:
When I created a virtual host:  Zarafa or wpad.home.lan or test etc...
I could just type that in a browser and it would take me to that page.
Same goes for the hostname of the machine (gateway in this case).  When I would type gateway it would take me to the standard webpage (web-server is working, but no content has been added yet).


Now typing in the name no longer works... only if you type in an IP address.

Its like I am no longer able to resolve names to their IP address.


christian

  • Guest
Re: Zentyal 2.2 DNS problem
« Reply #5 on: September 26, 2011, 07:32:57 pm »
1 - What happens if you type zentyal.home.lan ?
2 - Did you try nslookup?

vshaulsk

  • Zen Samurai
  • ****
  • Posts: 477
  • Karma: +9/-1
    • View Profile
Re: Zentyal 2.2 DNS problem
« Reply #6 on: September 26, 2011, 07:49:35 pm »
I just tried nslookup and it gave me the following results.

server: my isp's IP and not my server
address:  My isp's

I could not resolve any names or address I provided except when I typed the name of my external interface (xxxx.dyndns.org).... it than found it.

Could my results be because I am connected to my external interface through SSH??  I tried it through PPTP VPN (ssh)  with the same results as well....

christian

  • Guest
Re: Zentyal 2.2 DNS problem
« Reply #7 on: September 26, 2011, 08:35:34 pm »
Hoops  :o  the idea was to type this from one of your clients, not from Zentyal server.
BTW, having Zentyal configured itself as first DNS server might not be a wrong idea.

Check (ipconfig /all if Windows) that clients are configured to used Zentyal as DNS and inherit from the right "search domain"

vshaulsk

  • Zen Samurai
  • ****
  • Posts: 477
  • Karma: +9/-1
    • View Profile
Re: Zentyal 2.2 DNS problem
« Reply #8 on: September 26, 2011, 08:49:48 pm »
Yes I have zentyal as the first DNS server.

I will try nslookup from one of the clients when I get home.

vshaulsk

  • Zen Samurai
  • ****
  • Posts: 477
  • Karma: +9/-1
    • View Profile
Re: Zentyal 2.2 DNS problem
« Reply #9 on: September 26, 2011, 09:05:48 pm »
I looked at my /etc/resolve.conf file....

Should it list:  name server 127.0.0.1   

since that is the Zentyal DNS server itself???

vshaulsk

  • Zen Samurai
  • ****
  • Posts: 477
  • Karma: +9/-1
    • View Profile
Re: Zentyal 2.2 DNS problem
« Reply #10 on: September 27, 2011, 12:42:30 pm »
I tried nslookup from one of the clients on the lan and the results are interesting.

The address that it shows is my ISP's server and not my internal 127.0.0.1

In the network section under DNS I have 127.0.0.1 as the first DNS server.

Under the DHCP section it has the DNS server as the local Zentyal.  I think I have everything configured correctly, but I don't understand why the system is not using my internal 127.0.0.1 as the DNS lookup.

I went further and looked at my /etc/resolve.conf (after reading on google for a bit) and saw that the 127.0.0.1 address was not called out in the file.  I decided to add it and now nslookup shows 127.0.0.1 as the address and I can resolve any of the internal IP or domain names.

Was what I did correct?
Will this setting stay if I restart the system or do I have to modify this differently?
Finally if this is correct why doesn't Zentyal automatically add the 127.0.0.1 address into this file if I add it into the -network-DNS section as the first DNS server????

ichat

  • Zen Hero
  • *****
  • Posts: 795
  • Karma: +28/-16
  • RTFM!
    • View Profile
Re: Zentyal 2.2 DNS problem
« Reply #11 on: September 27, 2011, 01:11:00 pm »
one thing i notice,    you shouldn't  use 127.0.0.1  but rather your  REAL  zentyal  fixed lan ip...  like  192.168*  or  10.0.*   

i for one  have   
zentyal wan:   80.149.x.y   (255.255.255.0)
zentyal lan:   192.168.5.254  255.255.255.0 - fixed ip for  dhcp range  192.168.5.[1~199]
zentyal wlan: 192.168.6.126 255.255.255.128 - half a subnet with fixed ip for captive portal and wlan ...
zentyal vpn:  192.168.6.254 255.255.255.128 - other half of subnet for vpn users...

notice that ALL my lan ips af fixed, have thair own  dhcp scope, and are defined as thair respective primairy dns server as well as default gateway. 

All tips hints and advices are based on my personal experience.
As I try my best to be as accurate as possible, following my advice is always at your own risk,
I claim absolutely NO responsibility in any way!

christian

  • Guest
Re: Zentyal 2.2 DNS problem
« Reply #12 on: September 27, 2011, 01:49:13 pm »
Unless I'm reading to fast and wrong, I feel there is a mix between DNS configured for
Zentyal server itself and DNS configured, via DHCP for clients.

Zentyal server should use:
- itself as DNS server (localhost or 127.0.0.1) so that Zentyal can resolve names for internal servers and potentially clients. (1)
- your ISP DNS or any external DNS to resolve internet (public) names

DHCP should be configured so that internal clients:
- use Zentyal as main DNS server (of course, this IP is NOT 127.0.0.1 but Zentyal IP on the internal network)
- inherit from the right "search domain" setting matching Zentyal DNS domain so that services can be used typing only left part of FQDN for internal servers.

Clients on internal network should not directly use external DNS except if:
- you do not use Zentyal DNS and want to use HTTP transparent proxy
- Zentyal DNS does NOT relay requests to public DNS.

(1)  The added value while using 127.0.0.1 here is that request is slightly faster (no need to use network interface) and is not linked to real IP address. I obviously assumes that DNS (bindd) is bound on localhost too, which is almost always true.

vshaulsk

  • Zen Samurai
  • ****
  • Posts: 477
  • Karma: +9/-1
    • View Profile
Re: Zentyal 2.2 DNS problem
« Reply #13 on: September 27, 2011, 03:28:24 pm »
Ok .... sorry there is some confusion on how I have my network setup.

1) Under network:
eth1 - external interface - DHCP - connected to the ISP
     From it I get my external IP + external gateway + DNS enteries
eth0 - 802.1Q VLan
     Vlan11 - home.lan - static - 192.168.11.1
     Vlan12 - wifi.lan - static - 192.168.1.1
     Vlan13 - wifi.guest - static - 192.168.12.1
     Vlan14 - DMZ - static - 192.168.14.1
2) Under network: DNS section
     I have added 127.0.0.1 and made it the top of the list

3) Under the actual DNS module farther down the dashboard:
      I created the following domains:  home.lan; wifi.lan; wifi.guest; DMZ; Control
      I saw that ns records are automatically created for each one pointing to 127.0.0.1
4) In the web-server module:
      I created several Vhost -  wpad.home.lan; apartment.com; and zarafa
5) In the DHCP module
      I gave each Vlan a range 100-105 in their own subnet (example Vlan11-home.lan-192.168.11.100-192.168.11.105)
      I set the static and dynamic domain for each particular VLan using my DNS enteries (Vlan11=home.lan, Vlan12=wifi.lan, etc......)
      I set the Wins server and NTP server section to = local Zentyal
      The search domain is set to = DMZ
      Gateway is set to = Zentyal
      DNS is set to = Zentyal

-----
Now each client gets the correct IP in the correct range----- for example.
my main client computer is attached to VLan11 which is home.lan
The IP is 192.168.11.100
DNS is 192.168.11.1
Wins is 192.168.11.1
Gateway is 192.168.11.1
DHCP is 192.168.11.1

So everything seems correct except when I type an internal vhost (example wpad.home.lan) into the web browser I don't get a connection. If I type the IP (example 192.168.11.1 = wpad.home.lan) itself I do get a connection.
When I do a nslookup...... the output gives me the server address of my ISP and not my internal 127.0.0.1.

When I look in the /etc/resolve.conf I do not see address 127.0.0.1 (should it be this way even though I added this address to -network---DNS section????).

Last night I made a test and added 127.0.0.1 to the /etc/resolve.conf and now if I type the name of vhost it goes to the correct page !!!!  Now if I do an nslookup the server output is 127.0.0.1.... also if I type in an IP address like nslookup 192.168.11.1 I get output ns.home.lan or if I type in nslookup ns.home.lan I get output of 192.168.11.1
Basically now it seems as if everything is working properly......but only after I modified the /etc/resolve.conf manually which should not be the answer.


Hopefully this will clarify my previous statements and you guys can continue educating me !!!!!

vshaulsk

  • Zen Samurai
  • ****
  • Posts: 477
  • Karma: +9/-1
    • View Profile
Re: Zentyal 2.2 DNS problem
« Reply #14 on: September 27, 2011, 03:33:28 pm »
Christian --- you mentioned something about transparent proxy ----

I do currently have transparent proxy working because I can't get automatic detection using wpad working currently.