Zentyal Forum, Linux Small Business Server
Zentyal Server => Installation and Upgrades => Topic started by: vshaulsk on September 23, 2011, 03:25:15 pm
-
Hello I have reinstalled Zentyal 2.2 last night which has solved some issues I was having, but has now created a completely new one.
My issues is as follows:
I have named my server (hostname: Zentyal)
Under Network-DNS- I have 127.0.0.1 as the first DNS followed by the IP's provided by my dynamic connection to my ISP.
I have several Vlans running.
In the DNS module I have created several domain names (home.lan, wifi.lan, wifi.guest....) I can see that in each entery the NS server is 127.0.0.1
In the DHCP module I have ranges setup and dynamic dns setup.
I also have the cache featured turned on
I am also running transparent proxy at the moment with all firewall rules set just like I have in zentyal 2.0; 2.1 beta; 2.2beta....so not thing different in my setup from how I have been doing it for the last six month.
My problem is the following:
my clients can't seem to resolve DNS enteries of the server. They can connect to outside websites no problem
Normally if I type the server name (zentyal) I would be directed to the standard webpage. -- this part works.
However if I try the HTTPS version or HTTPS://Zentyal:10001 (which is my admin interface) it can't find the page.
Also if I create a Vhost the page is not found.
If I type ns.home.lan it can not find the page.
However if I type the direct IP addresses of each lans gateway (192.168.11.11) than the zentyal webpage shows up. If I type 192.168.11.11:10001 I can access the administration page.
The server just does not resolve the host names correctly.
What should I be checking??? I don't want to reinstall the hole server again.
-
I'll give it a try, if this information is not correct please add to it.
Zentyal does not resolve your hostnames because there is no DNS record present. This is expected behavior.
You can modify the host file on the client and insert the entries.
Cheers.
Edit: Removed info Authoritative DNS.
-
Shouldn't Zentyal automatically update the clients connected through DHCP with the correct DNS server??
I see under the client connections that they are connected to:
home.lan
Gateway: 192.168.11.1
DNS: 192.168.11.1
IP: 192.168.11.100
Subnet mask: 255.255.255.254
So on the client side everything seems to be pointing correctly. The client is on the correct dynamic dns address and if you type it the ip address in order to resolve the host it gives you the correct one. Vlad.home.lan
However for some reason when I type that into the browser or the name of some Vhost I created the browser comes back that it can not find the address.
How can I check whether my internal DNS is being used first in order to resolve domain names???
-
What I don't understand with your explanation is all the "domain related" stuff.
DNS doesn't resolve, like WINS, host names but FQDN, standing for Fully Qualified Domain Name.
This means that "Zentyal" will never be resolved as such but thanks to "search domain" feature, your client will search for zentyal.home.lan and/org zentyal.wifi.lan, depending on what you have set in DHCP or in client IP config stack.
Is that clear to you?
-
OK... I see
Then I guess let me change what I am saying.
Until the latest install:
When I created a virtual host: Zarafa or wpad.home.lan or test etc...
I could just type that in a browser and it would take me to that page.
Same goes for the hostname of the machine (gateway in this case). When I would type gateway it would take me to the standard webpage (web-server is working, but no content has been added yet).
Now typing in the name no longer works... only if you type in an IP address.
Its like I am no longer able to resolve names to their IP address.
-
1 - What happens if you type zentyal.home.lan ?
2 - Did you try nslookup?
-
I just tried nslookup and it gave me the following results.
server: my isp's IP and not my server
address: My isp's
I could not resolve any names or address I provided except when I typed the name of my external interface (xxxx.dyndns.org).... it than found it.
Could my results be because I am connected to my external interface through SSH?? I tried it through PPTP VPN (ssh) with the same results as well....
-
Hoops :o the idea was to type this from one of your clients, not from Zentyal server.
BTW, having Zentyal configured itself as first DNS server might not be a wrong idea.
Check (ipconfig /all if Windows) that clients are configured to used Zentyal as DNS and inherit from the right "search domain"
-
Yes I have zentyal as the first DNS server.
I will try nslookup from one of the clients when I get home.
-
I looked at my /etc/resolve.conf file....
Should it list: name server 127.0.0.1
since that is the Zentyal DNS server itself???
-
I tried nslookup from one of the clients on the lan and the results are interesting.
The address that it shows is my ISP's server and not my internal 127.0.0.1
In the network section under DNS I have 127.0.0.1 as the first DNS server.
Under the DHCP section it has the DNS server as the local Zentyal. I think I have everything configured correctly, but I don't understand why the system is not using my internal 127.0.0.1 as the DNS lookup.
I went further and looked at my /etc/resolve.conf (after reading on google for a bit) and saw that the 127.0.0.1 address was not called out in the file. I decided to add it and now nslookup shows 127.0.0.1 as the address and I can resolve any of the internal IP or domain names.
Was what I did correct?
Will this setting stay if I restart the system or do I have to modify this differently?
Finally if this is correct why doesn't Zentyal automatically add the 127.0.0.1 address into this file if I add it into the -network-DNS section as the first DNS server????
-
one thing i notice, you shouldn't use 127.0.0.1 but rather your REAL zentyal fixed lan ip... like 192.168* or 10.0.*
i for one have
zentyal wan: 80.149.x.y (255.255.255.0)
zentyal lan: 192.168.5.254 255.255.255.0 - fixed ip for dhcp range 192.168.5.[1~199]
zentyal wlan: 192.168.6.126 255.255.255.128 - half a subnet with fixed ip for captive portal and wlan ...
zentyal vpn: 192.168.6.254 255.255.255.128 - other half of subnet for vpn users...
notice that ALL my lan ips af fixed, have thair own dhcp scope, and are defined as thair respective primairy dns server as well as default gateway.
-
Unless I'm reading to fast and wrong, I feel there is a mix between DNS configured for
Zentyal server itself and DNS configured, via DHCP for clients.
Zentyal server should use:
- itself as DNS server (localhost or 127.0.0.1) so that Zentyal can resolve names for internal servers and potentially clients. (1)
- your ISP DNS or any external DNS to resolve internet (public) names
DHCP should be configured so that internal clients:
- use Zentyal as main DNS server (of course, this IP is NOT 127.0.0.1 but Zentyal IP on the internal network)
- inherit from the right "search domain" setting matching Zentyal DNS domain so that services can be used typing only left part of FQDN for internal servers.
Clients on internal network should not directly use external DNS except if:
- you do not use Zentyal DNS and want to use HTTP transparent proxy
- Zentyal DNS does NOT relay requests to public DNS.
(1) The added value while using 127.0.0.1 here is that request is slightly faster (no need to use network interface) and is not linked to real IP address. I obviously assumes that DNS (bindd) is bound on localhost too, which is almost always true.
-
Ok .... sorry there is some confusion on how I have my network setup.
1) Under network:
eth1 - external interface - DHCP - connected to the ISP
From it I get my external IP + external gateway + DNS enteries
eth0 - 802.1Q VLan
Vlan11 - home.lan - static - 192.168.11.1
Vlan12 - wifi.lan - static - 192.168.1.1
Vlan13 - wifi.guest - static - 192.168.12.1
Vlan14 - DMZ - static - 192.168.14.1
2) Under network: DNS section
I have added 127.0.0.1 and made it the top of the list
3) Under the actual DNS module farther down the dashboard:
I created the following domains: home.lan; wifi.lan; wifi.guest; DMZ; Control
I saw that ns records are automatically created for each one pointing to 127.0.0.1
4) In the web-server module:
I created several Vhost - wpad.home.lan; apartment.com; and zarafa
5) In the DHCP module
I gave each Vlan a range 100-105 in their own subnet (example Vlan11-home.lan-192.168.11.100-192.168.11.105)
I set the static and dynamic domain for each particular VLan using my DNS enteries (Vlan11=home.lan, Vlan12=wifi.lan, etc......)
I set the Wins server and NTP server section to = local Zentyal
The search domain is set to = DMZ
Gateway is set to = Zentyal
DNS is set to = Zentyal
-----
Now each client gets the correct IP in the correct range----- for example.
my main client computer is attached to VLan11 which is home.lan
The IP is 192.168.11.100
DNS is 192.168.11.1
Wins is 192.168.11.1
Gateway is 192.168.11.1
DHCP is 192.168.11.1
So everything seems correct except when I type an internal vhost (example wpad.home.lan) into the web browser I don't get a connection. If I type the IP (example 192.168.11.1 = wpad.home.lan) itself I do get a connection.
When I do a nslookup...... the output gives me the server address of my ISP and not my internal 127.0.0.1.
When I look in the /etc/resolve.conf I do not see address 127.0.0.1 (should it be this way even though I added this address to -network---DNS section????).
Last night I made a test and added 127.0.0.1 to the /etc/resolve.conf and now if I type the name of vhost it goes to the correct page !!!! Now if I do an nslookup the server output is 127.0.0.1.... also if I type in an IP address like nslookup 192.168.11.1 I get output ns.home.lan or if I type in nslookup ns.home.lan I get output of 192.168.11.1
Basically now it seems as if everything is working properly......but only after I modified the /etc/resolve.conf manually which should not be the answer.
Hopefully this will clarify my previous statements and you guys can continue educating me !!!!!
-
Christian --- you mentioned something about transparent proxy ----
I do currently have transparent proxy working because I can't get automatic detection using wpad working currently.
-
Very clear explanation. Thank a lot. If only it could be used as a template from other users asking for help... :)
I agree everything looks correct, except maybe:
- use of DMZ as keyword for DNS. Search domain should match each VLAN. e.g search domain for DHCP range covering home.lan should be home.lan otherwise it can't work. Or I don't understand how DMZ works here.
- the fact that adding 127.0.0.1 in you DNS section should result in resolv.conf updated to reflect this.
Because Zentyal doesn't know that home.lan is locally hosted, then it looks at external server.
-
Christian.... I have actually tried it both ways.
Until last week I set the search domain for each Vlan to its appropriate domain .... Vlan11 = home.lan Vlan12 = search domain wifi.guest.
It was only this week that I changed it to DMZ to see what would happen.
However it still did not work last week and my resolv.conf was not automatically updated with 127.0.0.1 nameserver ....
I had to add it manually to the resolve.conf file .... it was just a test after reading google for a bit.
Should my resolve.conf get automatically updated when I add 127.0.0.1 to the network--DNS section???? From what I understand the machine uses the .conf file to resolve DNS questions. The nameserver listed first in the file is the first one Zentyal searches... followed by next one down and so on.
Is my understanding correct in this matter???? Is the fact that the .conf file is not being automatically updated the cause of all my problems???
-
I think so.
I would first revert back to the right search domain setting. This is mandatory if you want to resolve names using only host name rather than FQDN but is doesn't matter if you try to solve FQDN.
BTW, with WPAD, this doesn't matter because WPAD mechanism will rely on host name to build the right search, resulting in FQDN search.
Then if you confirm that "localhost" is not used as first DNS by Zentyal itself even once configured like this thoruhg interface, I would suggest to open a ticket because to me it looks like a bug.
What do you think about it Zentyal gurus?
-
I have reverted back to the search domain being set to the name of the corresponding Vlan, but it is still not updating the .conf file unless I manually do it. I think this explains all of my troubles for the last six month.
Tonight I am going to reinstall zentyal 2.2 (I am changing my partitioning and software raid scheme--- a hole other matter). I will install all of the modules I want and then see if my DNS nameserver entry gets updated in the resolve.conf file. If it does not than we will know this is were the issue lies....
-
Question on the search domain:
When I set lets say search domain for Vlan11 to home.lan which is also its static and dynamic domain name. This means that if I type the client machine Vlad3 (on home.lan) it will automatically take me to vlad3.home.lan
What happens if I just type the client test (a vhost on wifi.lan) .... would it take me to that address or would it not understand since test in not in home.lan???
If the second statement is true... is it possible to make the system still find it by just searching for Test??? or is this where alias comes in under dns module?????
-
It will not be found unless you specify multiple search domain, at least one per domain you want to "add".
This can be done even if Zentyal doesn't permit it via the GUI.
-
Ok thank you Christian !!!!!
You have taught me a great deal once again !!!!
-
I have been following this topic the last few days, and came to the same conclusion as vshaulsk.
In the Zentyal admin interface Network>DNS I have three DNS servers:
127.0.0.1
8.8.4.4
8.8.8.8
The last two are Google public DNS, because they are fast (geolocation from level3)
When I check resolv.conf, NONE of these entries are in the file, instead it has only the router IP from my ISP??
The router IP was automatically added to resolve.conf because my external interface is set as DHCP.
But it should by all means respect the configuration in the Zentyal admin interface.
According to what Christian says, I could have a misconfiguration. So, should I update /etc/resolv.conf manually?
Is this indeed a bug?
About the search domain, I know what it does but what do you put in there?
For example, my domain name is "zentyal.com" do you put only "zentyal" in the search domain field or do you add the .com extension also?
My setup uses 1 external and two internal interfaces, transparent proxy enabled and I wish to use Zentyal DNS cache for the clients.
Ultimate goal is to get a vlan capable switch (48 ports with 4Gb ports) to separate client groups. Similar to the setups from vshaulsk and ichat.
Cheers.
-
This is what I found from my testing tonight.
The resolve.conf only has the IP of the nameserver provided by my ISP.
However I no longer thing that the issue with my system is that it can't resolve internal DNS names.
This is because once I reinstalled everything and run command prompt from my client pc Vlad2-PC which is located on home.lan I get the following results from
nslookup
>nslookup vlad3-pc.home.lan
name:vlad3-pc.home.lan
address: 192.168.11.100
>nslookup vaio.wifi.guest
name: vaio.wifi.guest
address: 192.168.13.100
so it looks like the server is using the inter DNS....However I still can't get to any virtual hosts that I create which use SSL or forced SSL...
I can however now get to any vhost which has ssl disabled.
All this is telling me that the system is working properly when it comes to DNS resolving Vhost and clients. I also take it that the system is using the internal DNS 127.0.0.1 to resolve the names.... if I am wrong please correct me >>
However there seems to be a problem with vhosts which have ssl enabled ..... I can create the vhosts, but not actually access them.
-
I will have to look at difference between resolv.conf and DNS behaviour because I'm just curious.
Glad to hear that is works now :)
vhost is another story ::)
- what is your vhost name?
- did you check than Zentyal is not creating new domain for this virtual host but is adding CNAME even if SSL is enabled? (I notice a strange behaviour some time ago with vhost wrongly creating domain entries but had no time to investigate)
edt: I checked my own conf (running Zentyal 2.0 with DNS 2.0.5) and my resolv.conf file contains 100% of what is described in GUI. I do not modify it either manually or hacking .mas file but, on the other hand, I'm not using DHCP here. Maybe something to investigate.
-
I checked my Zentyal 2.0 server and it also only has the nameservers provided by my ISP in the resolv.conf file. Does not contain the entry of 127.0.0.1.
Any others reading this post and are running a DHCP server... could you look at your resolve.conf and compare it to your --network--DNS entries. Thank you !!!
-
The same here. Only the ISP's name servers in 2.0.
Since I normally set up attached to the LAN, I will have removed the original DNS entry supplied from local DHCP. So that's just to say, I probably would have had one more entry in an untouched setup.
-
look also at the "interfaces" file that may contain domain name related data ;)
-
Alright I have reinstalled my system once more and followed a procedure for what I think a valid way to install the system. Following my own developed procedure I have everything working. I can create Vhost with and without SSL.... the resolv.conf now has the nameserver 127.0.0.1 as the first nameserver. I can can get to every webpage wpad.wifi.lan; webmail/webaccess; etc..... HTTPS. I have also installed subsonic; webmin; and a utility for my cyberpower UPS. All email is sending and receiving properly and everything is integrated to authenticate users off LDAP. System is sending out event notifications properly and log interface is working.
Still have to test Captive Portal, Bandwidth monitoring.
The only thing I have not tried at this point is to use proxy (ran out of time).
This is my personal procedure for setting up the system if Zentyal is your only server and you are using it for everything:
1) When you get to the initial package selection screen select all the packages you want and install them.
2) Skip setting up interfaces, you can connect to the cloud vpn and you can input your domain name for the mail service. Change Zentyal administration port to something other than 443
3) save all changes and restart your system
4) configure the interfaces (name, Type...static, DHCP..., IP address)....save and restart
5) Input under --network--DNS the nameserver you want and the order you want them in. - save and restart (after this point I had nameserver 127.0.0.1 in my resolv.conf properly set)
6) Create your master CA certificate - save
7) Create all your certificates for the services - save - restart system
8 ) Create DNS entries as needed (in my case they were wifi.lan; wif.guest, DMZ)
9) Configure your DHCP server - save and restart system
10) now you can switch to a client if you want in order to make sure you can connect.
11) Configure mail module - save
12) Configure egroupware module - save
13) under webserver create your vhosts (either using SSL or no SSL.... does not matter) - save
14) Test that your vhost works
15) go into DNS and change the Vhost to the IP that you want. ---SAVE
16) Test your Vhost to make sure it still works ...If you have SSL enable check that as well
17) configure any other modules you want in what ever order you want after that... just save after every group of similar changes.
Following this setup worked for me... I know I restarted a lot and maybe I did not need to, but following this procedure and not skipping steps is the only way so far I have been able to get a completely working DNS; DHCP; Groupware; VHost; SSL;