Zentyal 2.2 DNS problem

[christian]

Very clear explanation. Thank a lot. If only it could be used as a template from other users asking for help... 

I agree everything looks correct, except maybe:
- use of DMZ as keyword for DNS. Search domain should match each VLAN. e.g search domain for DHCP range covering home.lan should be home.lan otherwise it can't work. Or I don't understand how DMZ works here.
- the fact that adding 127.0.0.1 in you DNS section should result in resolv.conf updated to reflect this.
Because Zentyal doesn't know that home.lan is locally hosted, then it looks at external server.

[vshaulsk]

Christian.... I have actually tried it both ways.

Until last week I set the search domain for each Vlan to its appropriate domain .... Vlan11 = home.lan Vlan12 = search domain wifi.guest.

It was only this week that I changed it to DMZ to see what would happen.

However it still did not work last week and my resolv.conf was not automatically updated with 127.0.0.1 nameserver ....

I had to add it manually to the resolve.conf file .... it was just a test after reading google for a bit.

Should my resolve.conf get automatically updated when I add 127.0.0.1 to the network--DNS section?  From what I understand the machine uses the .conf file to resolve DNS questions.  The nameserver listed first in the file is the first one Zentyal searches... followed by next one down and so on.

Is my understanding correct in this matter?  Is the fact that the .conf file is not being automatically updated the cause of all my problems???

[christian]

I think so.
I would first revert back to the right search domain setting. This is mandatory if you want to resolve names using only host name rather than FQDN but is doesn't matter if you try to solve FQDN.
BTW, with WPAD, this doesn't matter because WPAD mechanism will rely on host name to build the right search, resulting in FQDN search.

Then if you confirm that "localhost" is not used as first DNS by Zentyal itself even once configured like this thoruhg interface, I would suggest to open a ticket because to me it looks like a bug.

What do you think about it Zentyal gurus?

[vshaulsk]

I have reverted back to the search domain being set to the name of the corresponding Vlan, but it is still not updating the .conf file unless I manually do it.  I think this explains all of my troubles for the last six month.

Tonight I am going to reinstall zentyal 2.2 (I am changing my partitioning and software raid scheme--- a hole other matter).   I will install all of the modules I want and then see if my DNS nameserver entry gets updated in the resolve.conf file.  If it does not than we will know this is were the issue lies....

[vshaulsk]

Question on the search domain:

When I set lets say search domain for Vlan11 to home.lan which is also its static and dynamic domain name.  This means that if I type the client machine Vlad3 (on home.lan) it will automatically take me to vlad3.home.lan

What happens if I just type the client test (a vhost on wifi.lan) .... would it take me to that address or would it not understand since test in not in home.lan???

If the second statement is true... is it possible to make the system still find it by just searching for Test???  or is this where alias comes in under dns module??

[christian]

It will not be found unless you specify multiple search domain, at least one per domain you want to "add".
This can be done even if Zentyal doesn't permit it via the GUI.

[vshaulsk]

Ok thank you Christian !!!!! 

You have taught me a great deal once again !!!! 

[Escorpiom]

I have been following this topic the last few days, and came to the same conclusion as vshaulsk.

In the Zentyal admin interface Network>DNS I have three DNS servers:
127.0.0.1
8.8.4.4
8.8.8.8
The last two are Google public DNS, because they are fast (geolocation from level3)

When I check resolv.conf, NONE of these entries are in the file, instead it has only the router IP from my ISP??
The router IP was automatically added to resolve.conf because my external interface is set as DHCP.
But it should by all means respect the configuration in the Zentyal admin interface.
According to what Christian says, I could have a misconfiguration. So, should I update /etc/resolv.conf manually?
Is this indeed a bug?

About the search domain, I know what it does but what do you put in there?
For example, my domain name is "zentyal.com" do you put only "zentyal" in the search domain field or do you add the .com extension also?
My setup uses 1 external and two internal interfaces, transparent proxy enabled and I wish to use Zentyal DNS cache for the clients.

Ultimate goal is to get a vlan capable switch (48 ports with 4Gb ports) to separate client groups. Similar to the setups from vshaulsk and ichat.

Cheers.

[vshaulsk]

This is what I found from my testing tonight.

The resolve.conf only has the IP of the nameserver provided by my ISP.

However I no longer thing that the issue with my system is that it can't resolve internal DNS names.

This is because once I reinstalled everything and run command prompt from my client pc Vlad2-PC which is located on home.lan I get the following results from
nslookup
>nslookup vlad3-pc.home.lan
name:vlad3-pc.home.lan
address: 192.168.11.100

>nslookup vaio.wifi.guest
name: vaio.wifi.guest
address:  192.168.13.100

so it looks like the server is using the inter DNS....However I still can't get to any virtual hosts that I create which use SSL or forced SSL...
I can however now get to any vhost which has ssl disabled.

All this is telling me that the system is working properly when it comes to DNS resolving Vhost and clients.  I also take it that the system is using the internal DNS 127.0.0.1 to resolve the names.... if I am wrong please correct me >>

However there seems to be a problem with vhosts which have ssl enabled .....   I can create the vhosts, but not actually access them.

[christian]

I will have to look at difference between resolv.conf and DNS behaviour because I'm just curious.
Glad to hear that is works now 

vhost is another story 

- what is your vhost name?
- did you check than Zentyal is not creating new domain for this virtual host but is adding CNAME even if SSL is enabled? (I notice a strange behaviour some time ago with vhost wrongly creating domain entries but had no time to investigate)

edt: I checked my own conf (running Zentyal 2.0 with DNS 2.0.5) and my resolv.conf file contains 100% of what is described in GUI. I do not modify it either manually or hacking .mas file but, on the other hand, I'm not using DHCP here. Maybe something to investigate.

[vshaulsk]

I checked my Zentyal 2.0 server and it also only has the nameservers provided by my ISP in the resolv.conf file.  Does not contain the entry of 127.0.0.1.

Any others reading this post and are running a DHCP server... could you look at your resolve.conf and compare it to your --network--DNS entries.  Thank you !!!

[Sam Graf]

The same here. Only the ISP's name servers in 2.0.

Since I normally set up attached to the LAN, I will have removed the original DNS entry supplied from local DHCP. So that's just to say, I probably would have had one more entry in an untouched setup.

[christian]

look also at the "interfaces" file that may contain domain name related data 

[vshaulsk]

Alright I have reinstalled my system once more and followed a procedure for what I think a valid way to install the system.  Following my own developed procedure I have everything working.  I can create Vhost with and without SSL.... the resolv.conf now has the nameserver 127.0.0.1 as the first nameserver.  I can can get to every webpage wpad.wifi.lan; webmail/webaccess; etc.....  HTTPS.   I have also installed subsonic; webmin; and a utility for my cyberpower UPS.  All email is sending and receiving properly and everything is integrated to authenticate users off LDAP.  System is sending out event notifications properly and log interface is working.

Still have to test Captive Portal, Bandwidth monitoring.

The only thing I have not tried at this point is to use proxy (ran out of time).

This is my personal procedure for setting up the system if Zentyal is your only server and you are using it for everything:

1) When you get to the initial package selection screen select all the packages you want and install them.
2) Skip setting up interfaces, you can connect to the cloud vpn and you can input your domain name for the mail service. Change Zentyal administration port to something other than 443
3) save all changes and restart your system
4) configure the interfaces (name, Type...static, DHCP..., IP address)....save and restart
5) Input under --network--DNS the nameserver you want and the order you want them in. - save and restart (after this point I had nameserver 127.0.0.1 in my resolv.conf properly set)
6) Create your master CA certificate - save
7) Create all your certificates for the services - save - restart system
8 ) Create DNS entries as needed (in my case they were wifi.lan; wif.guest, DMZ)
9) Configure your DHCP server - save and restart system
10) now you can switch to a client if you want in order to make sure you can connect.
11) Configure mail module - save
12) Configure egroupware module - save
13) under webserver create your vhosts (either using SSL or no SSL.... does not matter) - save
14) Test that your vhost works
15) go into DNS and change the Vhost to the IP that you want. ---SAVE
16) Test your Vhost to make sure it still works ...If you have SSL enable check that as well
17) configure any other modules you want in what ever order you want after that... just save after every group of similar changes.

Following this setup worked for me... I know I restarted a lot and maybe I did not need to, but following this procedure and not skipping steps is the only way so far I have been able to get a completely working DNS; DHCP; Groupware; VHost; SSL;