Zentyal Forum, Linux Small Business Server
Zentyal Server => Installation and Upgrades => Topic started by: dirkey on October 05, 2017, 03:24:08 pm
-
Hi,
I configure a new zentyal server. Setup dns with forwarders and internaly anything works fine. But if I connected via VPN i cannot resolv external urls (i.e. www.google.de). Internal urls are fine, but no url ouside my internal domain will be resolved. I configure vpn to use the zentyal server as the primary dns and add the search domain to the internal domain name.
Thanks,
Dirk
-
I find the cause of the problem, but I cannot find a solution to solve it reliable.
BIND9 is configured to "allow-recursion" and "allow-query-cache" only from trusted clients, but the VPN is not in the acl:
/etc/bind/named.conf.local
acl "trusted" {
localhost;
localnets;
};
....
Adding the vpn network solve the dns resolv problem:
/etc/bind/named.conf.local
acl "trusted" {
localhost;
localnets;
172.20.20.0/24;
};
....
Problem now: It only keeps this settings, if I manually restart bind9 via "service bind9 restart". Restarting it from the GUI or changing the DNS configuration will be overwrite this setting.
How I am be able to set it permanently? Is this a bug?
-
I find the cause of the problem, but I cannot find a solution to solve it reliable.
BIND9 is configured to "allow-recursion" and "allow-query-cache" only from trusted clients, but the VPN is not in the acl:
/etc/bind/named.conf.local
acl "trusted" {
localhost;
localnets;
};
....
Adding the vpn network solve the dns resolv problem:
/etc/bind/named.conf.local
acl "trusted" {
localhost;
localnets;
172.20.20.0/24;
};
....
Problem now: It only keeps this settings, if I manually restart bind9 via "service bind9 restart". Restarting it from the GUI or changing the DNS configuration will be overwrite this setting.
How I am be able to set it permanently? Is this a bug?
Came across this and wanted to provide for others.
You want to edit /usr/share/zentyal/stubs/dns/named.conf.local.mas and find section acl" trusted" and add in your networks to sustain reboots.
/usr/share/zentyal/stubs/dns/named.conf.local.mas
acl "trusted" {
% foreach my $intnet (@intnets) {
<% $intnet %>;
% }
172.20.20.0/24;
localhost;
localnets;
};
there might be a method to add this via the DNS GUI tools. I don't know. I've had to do similar tweaks for DNS forwarding to other domains.
-
Proper way of doing that is editing /etc/zentyal/dns.conf and setting intnets to fit your needs.
# Internal networks allowed to do recursive queries
# to Zentyal DNS caching server. Local networks are already
# allowed and this setting is intended to networks
# reachables through static routes.
# Example: intnets = 192.168.99.0/24,192.168.98.0/24
intnets =