Author Topic: Bug with Zentyal 2.2  (Read 2994 times)

vshaulsk

  • Zen Samurai
  • ****
  • Posts: 477
  • Karma: +9/-1
    • View Profile
Bug with Zentyal 2.2
« on: October 03, 2011, 07:04:44 pm »
I have added internal DNS nameserver 127.0.0.1 to the Network-- DNS section.  I made it the first nameserver in the list.

I checked the /etc/resolv.conf file and the nameserver gets added to table.

My problem is that after some time passes .... I check the resolv.conf file again and the nameserver 127.0.0.1 is gone. 
The Network--DNS entry under the zentyal web interface still exists, but it is no longer in the configuration file. 
If I delete the entry in the Network-- DNS configuration under Zentyal and save.
I can than re-add it back to the module and it will now be shown in the resolv.conf file.   It seems that something happens every 4 to 6 hours which removes the 127.0.0.1 nameserver from the resolv.conf file.

How should I start trouble shooting this issue?? Which log would show what is happening to the /etc/resolv.conf file ????


Thank you !!!

Sam Graf

  • Guest
Re: Bug with Zentyal 2.2
« Reply #1 on: October 03, 2011, 07:51:17 pm »
I'm sure you probably already covered this and I missed it, and I'm sorry to interrupt your quest for help ... :-[

I remember that you were having some problems resolving local domain names--for virtual hosts?--but I've been confused about the local entry in Network->DNS. In the case of an up-to-date 2.0, when you create a domain in the DNS module, the first (and automatic) entry is for hostname ns, at 127.0.0.1. So I'm confused about what's getting accomplished by adding it to Zentyal's external DNS list ... just trying to follow along here and learn something. :)

vshaulsk

  • Zen Samurai
  • ****
  • Posts: 477
  • Karma: +9/-1
    • View Profile
Re: Bug with Zentyal 2.2
« Reply #2 on: October 03, 2011, 08:14:53 pm »
Well from what I have gathered when you add 127.0.0.1 to the network DNS module and place it at the top of the list.  This will tell your system to search that domain nameserver first.  (this is in the Zentyal documentation... how to section).  Also when I look at other online configuration instructions it says to add the internal nameserver 127.0.0.1 to the beginning of the list in resolv.conf

In my personal experience I have found that unless you have the nameserver in the resolv.conf file.... my system can't resolve vhosts.  As soon as I re-add the 127.0.0.1 nameserver to the network--dns module ... it updates the resolv.conf file and now I can once again reach my vhosts.  In my case the Zarafa webaccess is on a vhost- webmail. Every time I loose the nameserver in resolv.conf file I can no longer access the webmail page.

Maybe this wrong and it should not matter whether the 127.0.0.1 nameserver is added or not.  You are correct that each domain you create in the DNS module itself does..... create a ns which points to 127.0.0.1




Marcus

  • Forum Moderator
  • Zen Samurai
  • *****
  • Posts: 395
  • Karma: +12/-0
    • View Profile
    • Professional IT Service
Re: Bug with Zentyal 2.2
« Reply #3 on: October 03, 2011, 08:24:53 pm »
Hello,

Making the DNS 127.0.0.1 would be non sens except if you are having a DNS server on every client machine...

The DNS should be your DNS server IP.

e.g.
On a DD-WRT flashed router, the DNS IP would be 192.168.1.1 (like the gateway).

Also, please make sure that you are using "External" Interface otherwise it won't show up in teh resolv.conf file.


Best,

Marcus
Best,

jjm1982

  • Zen Warrior
  • ***
  • Posts: 200
  • Karma: +7/-0
    • View Profile
Re: Bug with Zentyal 2.2
« Reply #4 on: October 03, 2011, 08:29:50 pm »
How is this server's IP address configured? Is it static or DHCP. If' it's DHCP, it may be updating the /etc/resolv.conf file after every release and renew of the IP address. This would be common practice if this server is behind a cable or DSL modem.

I experience this with one of my servers I maintain. I added a cronjob which catches changes to the resolv.conf file and if it changed it replaces the file with the one I need it to be.

vshaulsk

  • Zen Samurai
  • ****
  • Posts: 477
  • Karma: +9/-1
    • View Profile
Re: Bug with Zentyal 2.2
« Reply #5 on: October 03, 2011, 08:48:15 pm »
For each client the DNS server is the IP of the gateway.  On the client side everything seems correct.

The gateway; search domain, DNS, Wins, NTP.

However unless I have the internal nameserver in resolv.conf I can not get to my vhost.  The names do not get resolved.  Maybe I am just doing something wrong on the Vhost side.... not sure.

I do sit behind a modem provided by my ISP and I do have a dynamic connection from the ISP.  I think jjm1982 maybe correct that perhaps the resolv.conf is being updated by information from my ISP.  This is causing the previous setup to get overwritten.

jjm1982 could you please share with me the steps I need to follow in order to create a cronjob which will update my resolv.conf file???

Marcus

  • Forum Moderator
  • Zen Samurai
  • *****
  • Posts: 395
  • Karma: +12/-0
    • View Profile
    • Professional IT Service
Re: Bug with Zentyal 2.2
« Reply #6 on: October 03, 2011, 09:16:13 pm »
Hello,

I'm not sure that "127.0.0.1" should be entered anywhere...

If the vhost is sitting on the server that is the gateway and DNS server, then, the IP should be the public or gateway one (and not 127.0.0.1).

Well, that it is the way that we configured our DNS cluster at work.

Regarding your DNS server,
Could you please confirm that the external NIC is set to external ?

Best,

Marcus

vshaulsk

  • Zen Samurai
  • ****
  • Posts: 477
  • Karma: +9/-1
    • View Profile
Re: Bug with Zentyal 2.2
« Reply #7 on: October 03, 2011, 09:34:05 pm »
Yes I have one NIC which is configured external and one NIC which is configured with 802.1Q Vlans.  I have about 5 Vlans running. 

Each Vlan has its own domain name (wifi.lan, wifi.guest, ......) Each one has its own DHCP server setup.  Depending on the lan the DHCP is setup with Gateway=Zentyal, DNS=Zentyal, Search Domain =domain of the particular lan (wifi.guest for example), NTP=Zentyal, Wins=Zentyal.  I also have the dynamix and static domain setup. 

On the client side everything appears to be setup correctly.

My only issue is if I add a vhost.  Lets say I create a vhost TEST (in the webserver module)..... This vhost gets bound to the first Vlan interface IP.  In this case the IP is 200.200.200.1.

If I type this vhost in the webbrowser of a client I can only reach it if the resolv.conf has the first DNS nameserver as 127.0.0.1.

Maybe I should be adding these vhost's under specific domain names.... Test... maybe it should be test.wifi.guest?????

Sam Graf

  • Guest
Re: Bug with Zentyal 2.2
« Reply #8 on: October 04, 2011, 02:22:43 am »
OK, but 200.200.200.1 is a valid (and allocated, but presumably not to you) public IP address ... so in a case like that, Zentyal is looking up a valid address in the public IP address space at your ISP's DNS servers that doesn't properly point to anythng on your network unless you "cheat," so to speak, on the name servers. But maybe the address 200.200.200.1 is just an illustration?

Escorpiom

  • Zen Hero
  • *****
  • Posts: 897
  • Karma: +25/-1
    • View Profile
Re: Bug with Zentyal 2.2
« Reply #9 on: October 04, 2011, 12:55:25 pm »
Got the same issue on 2.0x. When setting up the server I put 127.0.0.1 as the first and another two Google DNS below that. When checking the resolv.conf the only entry present is the IP of the ISP's adsl router.

Zentyal should use itself as DNS server or, at least behave like a DNS cache. If the resolve.conf does not reflect what has been entered in the Zentyal admin interface, the server is just forwarding DNS queries to the router / ISP's DNS servers.

I'm curious if the devs can clear up the confusion, should resolv.conf contain 127.0.0.1 as the first entry?   

Cheers.
Marcus' Rule:
Blanks & capitals = avoid it and you'll avoid problems...

Sam Graf

  • Guest
Re: Bug with Zentyal 2.2
« Reply #10 on: October 04, 2011, 01:45:02 pm »
It appears to be true that a stock Zentyal 2.0 can't resolve Zentyal-assigned domain names. What remains confusing to me is what we gain if Zentyal can resolve local domain names. In other words, if network clients can access local resources by domain name, is anything being gained by ensuring Zentyal itself can do the same?

Since I don't use all modules, I could be missing something useful. In terms of the modules I do use, the only place where I've run across this is in the backup module, where a local device used as a backup destination has to be referred to by address. That, of course, isn't a big deal. Maybe in the case of virtual hosts, it is?

jjm1982

  • Zen Warrior
  • ***
  • Posts: 200
  • Karma: +7/-0
    • View Profile
Re: Bug with Zentyal 2.2
« Reply #11 on: October 04, 2011, 03:05:11 pm »
For each client the DNS server is the IP of the gateway.  On the client side everything seems correct.

The gateway; search domain, DNS, Wins, NTP.

However unless I have the internal nameserver in resolv.conf I can not get to my vhost.  The names do not get resolved.  Maybe I am just doing something wrong on the Vhost side.... not sure.

I do sit behind a modem provided by my ISP and I do have a dynamic connection from the ISP.  I think jjm1982 maybe correct that perhaps the resolv.conf is being updated by information from my ISP.  This is causing the previous setup to get overwritten.

jjm1982 could you please share with me the steps I need to follow in order to create a cronjob which will update my resolv.conf file???

This isn't exactly what I did but it should work the same way, maybe even better.

  • First make a backup of your resolv.conf, we don't want to lose any information you don't want to lose.
  • Next, retrieve the md5 sum of the resolv.conf file you want to use. We'll use this to see if the file changed.
    md5sum [path to your resolv.conf file] for example if it is already in it's correct location type this command in a terminal window; you may require root privileges.
    md5sum /etc/resolv.conf
  • Now create a file in /etc/cron.hourly and name is resolv.sh; this I know for sure will require root privileges.
    sudo nano /etc/cron.hourly/resolv.sh
  • Below is the script text that you'll enter into your resolv.sh file you just created.
Code: [Select]
#!/bin/bash

# MD5 of your existing /etc/resolv.conf file (includes you 127.0.0.1 entry)
myresolv=""

# Check your resolv.conf to see if it has changed
check=`md5sum /etc/resolv.conf`

now=`date`

if [[ $myresolv == $check ]]; then
exit 0
else
# Lets track our changes by logging them in kern.log
echo "$now Updated resolv.conf because it had changed" >> /var/log/kern.log

# Let overwrite the current resolv.conf file with what you want.
echo "nameserver 127.0.0.1" > /etc/resolv.conf
echo "Additional entries here" >> /etc/resolv.conf
echo "..and more here" >> /etc/resolv.conf
fi

exit 0
  • Now let's make it executable for cron, type the following in the terminal window.
    sudo chmod a+x /etc/cron.hourly/resolv.sh
  • You may have to restart cron so it recognizes the script, I don't quite remember; in any case do so.

What this script does is, it executes every hour by using the cron utilities hourly cron job. The script itself checks the md5 sum of the resolv.conf file and if it has changed from the one of your liking it will then replace it with what you want. What you'll need to do in the script is enter your md5 sum of your resolv.conf file in between the quotes for the "myresolv" variable. You'll also have to update the portion of the script where you want your DNS entries. This should work, albeit it is untested because my current implementation works and why change something if it is working.

christian

  • Guest
Re: Bug with Zentyal 2.2
« Reply #12 on: October 04, 2011, 03:20:24 pm »
Of course we are discussing here about DNS to be used by Zentyal server, not DNS to be set as DHCP option for clients.  :P

Very obviously, it is not mandatory, for DNS server, to use itself as DNS server. One may imagine that DNS server is using another DNS and never itself.
However, for what concerns Zentyal, when configured as Internet gateway, it has to rely on external (public) server but may also have to resolve internal names.
In such case, the right place to reach is localhost (127.0.0.1) because it avoid to go through physical interface.
This obviously assumes that DNS binds (if I can say so  ;D) on all interfaces.

When trying to implement, e.g. reverse proxy using fqdn instead of IP address in the redirect directive, resolving internal names is mandatory.

Another reason why one would like to have Zentyal resolving internal names: say you are using Zentyal as cache proxy: all browsers will access this proxy, even for internal web servers and fqdn has to be resolved by proxy, meaning Zentyal itself.
I also suppose there is something strange with virtual hosts if internal DNS is missing...

To make it the other way around: if all machines in pone consistent domain are using same DNS (here Zentyal), why would the machine providing this DNS service be an exception. Thus what would it bring not to resolve internal names for Zentyal having one leg inside  ???

vshaulsk

  • Zen Samurai
  • ****
  • Posts: 477
  • Karma: +9/-1
    • View Profile
Re: Bug with Zentyal 2.2
« Reply #13 on: October 04, 2011, 03:36:19 pm »
Well I have an update. I restarted the server last night and now from internal clients I can resolve my virtual hosts.  I am able to resolve them whether they have ssl or not and whether they are in my clients specific search domain or not.  Now it seems that from an internal client everything resolves properly.  Not sure why..... all I did was restart the server...wait some hours for the resolv.conf to change and began testing.

I did learn that the resolv.conf will get updated to its correct status on start-up, but in my case does get updated by the ISP after some hours which rewrites the file .... after that happens the nameserver 127.0.0.1 is no longer there.

This does effect me because I am trying to implement a reverse proxy that will allow me to connect to internal Vhosts.  I have several vhosts going to the same IP so I will need my server to be able to resolve internal DNS queries based on name and not IP.

Christian thank you for confirming my conclusions after my testing last night.

Also thank you jjm1982.... I will try to get a cron job going which will update my resolv.conf  Thank you !!!

christian

  • Guest
Re: Bug with Zentyal 2.2
« Reply #14 on: October 04, 2011, 03:46:44 pm »
hum.... jjm1982's script is clever but this is "only" a workaround and can't be the target design otherwise you would have to run is very often. Once per hour might not be enough  :P

I don't understand why resolv.conf is updated by ISP.... Oh, is it because external interface is DHCP based?
And I supposed that switching to fixed IP address is not an option?

I don't know if it helps but let me explain what I have at home:
Internet --> (external public IP) <ADSL device (router)> (internal private IP) <--> (Zentyal external private IP) <Zentyal box> (Zentyal internal private IP)

My ADSL router forwards to Zentyal ports I want to access from internet.
Doing so, Zentyal external (private) address never changes  ;)