Zentyal-powered LAN DNS not working?

[MikeHartman]

Previously I managed my (all-linux) LAN DNS needs by manually updating host files on every machine. This is a giant pain, but I've never run a router that offered to handle it for me semi-automatically (at least in a way that actually worked). I recently moved all my network services over to a Zentyal machine with the aim of correcting problems like that.

I've been able to get fixed IP addresses based on MAC address working. I also have a few clients in that list which had trouble actually picking up an address via DHCP (mostly wireless APs), so I had to set their addresses manually in the client config (but they're still using the same fixed address that DHCP would assign them).

I want to be able to refer to all these machines directly by name from every client, just as I could with a local host file. I don't want to have to type a domain every time. I want this to work whether it's a fixed address handed out by DHCP or one of the ones I had to work around manually. I don't have a problem manually managing the list of all clients & IPs, as long as I only have to do it in one place.

My results so far:

If I create a standard domain (non-dynamic) and create a few hostnames under it, I can't actually resolve those hostnames from any of the clients. It doesn't seem to work at all. For example, new domain "hartman" has hosts "mike" and "steve". I connect to the network with client "bob", get my IP and see that /etc/resolv.conf properly points to the Zentyal box. But pinging "mike", "mike.hartman", "steve" and "steve.hartman" all fail with "unknown host". I can ping their IP addresses fine though.

If I create a dynamic domain (create empty domain, go to dhcp->dynamic dns options, enable it and select that new domain) those machines are now reachable using "mike.hartman" and "steve.hartman", but still not by "mike" or "steve". This is despite the fact that I enter "hartman" as the search domain everywhere I can (dhcp->common options->search domain, network->dns->search domain and I could have sworn one other place that I can't find now).

I've restarted my laptop's connection to the network several times in case it was caching something / not picking up the search domain. Although it seems like one of those search domain settings should be instructions to Zentyal itself on how to look up incoming unqualified hostname requests, rather than just telling Zentyal what search domain to pass along to the clients. Because ideally you don't want to depend on the clients behaving according to your instructions when you have total control over what the DNS returns to them anyway.

So here's my setup:

Zentyal 2.0.21

Modules (a lot installed but plenty not actually being used yet)

  Network (running)
  Firewall (running)
  Antivirus (running)
  Apache (running)
  VoIP (running)
  Certificate Authority (not created)
  DHCP (running)
  DNS (running)
  Events (running)
  IDS (running)
  Logs (running)
  Monitor (running)
  VPN (running)
  Printer Sharing (running)
  File Sharing (running)
  HTTP Proxy (disabled)
  Traffic Shaping (disabled)
  User Corner (running)
  Users and Groups (running)

Network->DNS
  Domain Name Server Resolver List
    127.0.0.1
    4.2.2.2
    4.2.2.3
  Search Domain
    hartman

Objects->Objects List
    "fixed"
      mike - 192.168.1.20 - XX:XX:XX:XX:XX:XX
      steve - 192.168.1.21 - YY:YY:YY:YY:YY:YY
      bob - 192.168.1.22 - ZZ:ZZ:ZZ:ZZ:ZZ:ZZ
      wifia - 192.168.1.30 - AA:AA:AA:AA:AA:AA (wifia doesn't like to get its address from DHCP so it's also hardcoded on the client)
      wifib - 192.168.1.31 - BB:BB:BB:BB:BB:BB (wifib doesn't like to get its address from DHCP so it's also hardcoded on the client)

DHCP->Service Configuration->Common Options
  Default Gateway - Zentyal
  Search Domain - Zentyal domain - Hartman
  Primary nameserver - local Zentyal DNS
  Secondary nameserver - (blank)
  NTP Server - none
  WINS Server - none

DHCP->Service Configuration->Dynamic DNS Options
  Enabled - yes
  Dynamic domain - hartman
  Static domain - same as dynamic domain

DHCP->Ranges
  "dynamic" - from 192.168.1.100 to 192.168.1.254

DHCP->Fixed Addresses
  "fixed"

DNS->List of Domains
  "hartman"
    hostnames - "ns" - 127.0.0.1
  Dynamic? - yes

I can't think of any other settings that should affect this. Any suggestions? Why aren't the search domain settings being properly applied? Why don't static domains seem to work at all?

[christian]

Hi Mike,

Your explanation is very clear and this really helps understanding what you did. Thank you 
Would you mind renewing your DHCP lease?

If I understand well, registration to dynamic DNS is linked with DHCP. I'm wondering if rebooting your client will just check lease validity, renew an existing one or create a new one and therefore "register" DNS entry in dynamic DNS.

[MikeHartman]

Are you asking me to reboot/renew lease on the clients I'm trying to reach, or the client I'm trying to reach them from? I've done the latter a couple times with no change.

I was able to hit the target clients immediately after applying the dynamic DNS settings, so I'm pretty sure registering the DNS entry in the dynamic DNS isn't the problem.

The problem is that I was only able to hit them with a fully qualified name ("mike.hartman") instead of just by hostname ("mike") even though the search domain is set ("hartman"). It's as if the search domain setting isn't being applied, so "mike" never gets translated to the "mike.hartman" that is actually registered.

The other problem is that the statically assigned DNS records don't seem to be registered at all. I don't get a response with "wifia" OR "wifia.hartman".

[christian]

I was referring to target host, the one you try to reach.
If registration to dynamic DNS works, then issue, if any could be, as you state, with search domain.

With Zentyal 2.0, all this stuff works (I'm using it and have no problem reaching hosts with dynamic IP using only host name, not FQDN) so game is figure out what is different on your side.

What do you mean stating "statically assigned DNS records don't seem to be registered at all" ?

First of all, I would suggest to use nslookup rather than ping, at least at the beginning to understand whenever we haver resolution issues or network issues.

EDIT: hoops, do you mean that you created entries in object section only, not as "hosts" in DNS section?. Well, reading further, wifia is not static but dynamic with reserved IP isn't it?

[robb]

What I understand from his post is that the AP's ARE configured static but also have a reservation in DHCP. So technicly they do not get their IP from DHCP.

[christian]

Hoops, you might be right. In such case, there is no DNS registration and no way one can ping it using either host name or FQDN.

Still it seems issue remain with "true" DHCP devices with reserved lease isn't it?

[robb]

What if he adds the AP's in DNS? Or do you still need a FQDN and not only the hostname to discover them?

[MikeHartman]

Robb is right. Those APs ("wifia" and "wifib") are configured statically on the client-side and not really coming through DHCP, and thus probably won't work with the dynamic DNS setup. There are two separate issues:

1) When I try to use a "dynamic" DNS configuration only the FQDN works. Just using the hostname does not (host not found). This is the configuration I included, because it at least partially works. I'm aware that this wouldn't incorporate those static APs, but at this point I'm just trying to get anything I can working.

2) When I try to use a "static" DNS configuration, manually specifying a bunch of hostname/IP pairs under the domain instead, it does not work at all. Not with FQDN. Not with hostname. It's as if the DNS records aren't even there. This is even more significant to me since, as Robb clarified, those APs are configured statically even though they have a DHCP IP "reserved" so this is my only way of accessing them.

So I think the only way to get full DNS resolution across all devices is to maintain a static list (#2). Which doesn't bother me much, because all the DHCP clients I care about have been set up with fixed IPs anyway, but it doesn't work. And I'm thinking #1 might still be an issue, because if the search domain is not being used correctly that could easily be independent of how the actual DNS entries are managed.

I really think I need both issues resolved before I'll have working DNS to all members of my network.

I don't think nslookup will be any better than ping for this since I can ping the clients' IP addresses directly, just not via the hostnames. That seems to rule out a network issue and isolate it to resolution. But I'll try a few nslookups just to see if it makes a difference.

[christian]

Mike,

there is definitely something wrong somewhere in your design 
I'm using DHCP (using dynamic DNS) and fixed IP (defined manually in DNS) and can resolve all using either host name or FQDN.
So you may decide to find work around and be satisfied with this or try to reach design that work's. It's up to you once you know it works... elsewhere.

Regarding use of nslookup vs ping: up to you too but nslookup provides info about DNS in used and focus on solving names, not reaching host.

I'm afraid we are mixing multiple problems because we try to solve many potentially stacked problems with DHCP mixed with fixed IP, not registration in DNS...
Why not trying to make something simple and clear with one specific entry (say wifia that uses fixed IP: remove it from the object list and add it to DNS as host, then ensure search domain is well inherited on machine you are using for testing purpose (the one from which you will ping ... or nslookup  )
BTW, I'm just curious to understanding whenever this machine is one of described machines here that are mixing DHCP and fixed IP.
Do you see what I mean?

[MikeHartman]

Ok. I've removed "wifia" and "wifib" from the list of fixed addresses. DHCP now knows nothing about them. They are still statically configured to 192.168.1.30 and 192.168.1.31 on the clients themselves.

I've turned off the dynamic DNS from the DHCP page, but left "hartman" as the search domain.

The "hartman" domain is now marked "Dynamic? - No" and has only two host entries under it.

wifia 192.168.1.30
wifib 192.168.1.31

This is about as simple a static DNS setup as I can think of. I've saved all the changes in Zentyal's web interface.

The machine I'm trying to reach them from is a laptop connected via DHCP (and DHCP is giving it a fixed IP but I don't think the source of the laptop's IP should be an issue here). It's running Ubuntu (and thus Network Manager) for what it's worth.

nslookup wifia
Server:      192.168.1.1
Address:   192.168.1.1#53

** server can't find wifia: NXDOMAIN

nslookup wifia.hartman
Server:      192.168.1.1
Address:   192.168.1.1#53

** server can't find wifia.hartman.hartman: SERVFAIL

cat /etc/resolv.conf
# Generated by NetworkManager
domain hartman
search hartman
nameserver 192.168.1.1

So when I only enter the hostname, neither the client nor Zentyal bother adding the domain. But when I use the FQDN it looks like at least one of them is, even though it doesn't need it? Or is that because the FQDN I'm entering doesn't produce a result, so adding the search domain is just the automatic next attempt?

If I manually remove both the domain and search lines from /etc/resolv.conf I get different FQDN behavior but the hostnames still don't work. I assume this is because the laptop no longer knows about a domain to attempt as a fallback.

nslookup wifia.hartman
Server:      192.168.1.1
Address:   192.168.1.1#53

** server can't find wifia.hartman: SERVFAIL

[christian]

I can't see in your explanation where and when you added wifia host in DNS for "hartman" domain.

The source of IP is definitely NOT an issue. what matters is to ensure you are using, on machine used to search, the right search domain that is either configured manually or inherited from DHCP. This is what matter.

Behaviour with "nslookup wifia", assuming such entry already exists as host in DNS, lokks like you typed "nslookup wifia." (notice the extra tailing dot)

You should NOT edit network settings if your machine is configured to use DHCP otherwise it might be a bit inconsistent and confusing for further investigation.

[christian]

what if you type "dig hartman ANY" from your Ubuntu client?

[MikeHartman]

I can't see in your explanation where and when you added wifia host in DNS for "hartman" domain.

Third and fourth lines:

The "hartman" domain is now marked "Dynamic? - No" and has only two host entries under it.

wifia 192.168.1.30
wifib 192.168.1.31

The source of IP is definitely NOT an issue. what matters is to ensure you are using, on machine used to search, the right search domain that is either configured manually or inherited from DHCP. This is what matter.

cat /etc/resolv.conf
# Generated by NetworkManager
domain hartman
search hartman
nameserver 192.168.1.1

Behaviour with "nslookup wifia", assuming such entry already exists as host in DNS, lokks like you typed "nslookup wifia." (notice the extra tailing dot)

I didn't though. What I included in the previous post is the exact contents of my screen - both the command I entered and the output it gave me.

You should NOT edit network settings if your machine is configured to use DHCP otherwise it might be a bit inconsistent and confusing for further investigation.

Agreed. I was just tweaking it to see how much of my problem might be in the config Zentyal is sending to the laptop and how much of it might be in the behind-the-scenes process where Zentyal is handling the lookup request. If it turned out that manually doing something to the laptop's /etc/resolv.conf fixed the problem then it would just be a matter of figuring out what to tweak in Zentyal to get the /etc/resolv.conf to generate that way automatically.

At any rate, no such tweaks are meant to persist. Every time I make a change in Zentyal or want to test something new I freshen my /etc/resolv.conf by leaving and rejoining the network. It gets reset every time.

[MikeHartman]

dig hartman ANY

; <<>> DiG 9.7.3 <<>> hartman ANY
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 34366
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;hartman.         IN   ANY

;; Query time: 11 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Wed Sep 28 04:36:59 2011
;; MSG SIZE  rcvd: 27

[christian]

Strange isn't it?
and what's about "dig wifia.hartman" ? or faster for investigation "dig hartman AXFR"...
I suspect DNS issue...