Dear all, good morning.
My main server has a strange issue. The Internet connection of the client computers going down once a while.
I can ping external servers by IP, but I cannot ping the same external server by DNS.
It is clear to me that my ClearOS server stops resolving DNS.
I have to restart my main server in order to suffer on the Internet again. Thanks in advance.
My main server has a strange issue. The Internet connection of the client computers going down once a while.
I can ping external servers by IP, but I cannot ping the same external server by DNS.
It is clear to me that my ClearOS server stops resolving DNS.
I have to restart my main server in order to suffer on the Internet again. Thanks in advance.
In DNS Server
Share this post:
Responses (12)
-
Accepted Answer
-
Accepted Answer
Dear Nick,
My server is doesn't work properly.
The DNS just down and I could get this information from the log.
[root@cfzn254 ~]# cat /etc/resolv-peerdns.conf
; generated by /usr/sbin/dhclient-script
nameserver 208.67.222.222
nameserver 208.67.220.220
[root@cfzn254 ~]# cat /etc/dnsmasq.conf
#DNSthingy disabled:bogus-priv
cache-size=0 #DNSthingy changed from:5000
conf-dir=/etc/dnsmasq.d
dhcp-authoritative
dhcp-lease-max=1000
domain-needed
domain=cfzn.lan
expand-hosts
no-negcache
port=53
read-ethers
resolv-file=/etc/resolv-peerdns.conf
strict-order
user=nobody
[root@cfzn254 ~]# tail -f /var/log/syswatch
Wed Aug 5 05:41:14 2020 info: enp17s0 - ping check on server #1 failed - 8.8.8.8 (ping size: 64)
Wed Aug 5 05:41:17 2020 info: enp17s0 - ping check on server #2 passed - 1.1.1.1
Wed Aug 5 05:42:27 2020 info: enp17s0 - ping check on server #1 failed - 8.8.8.8 (ping size: 64)
Wed Aug 5 05:42:35 2020 info: enp17s0 - ping check on server #2 passed - 1.1.1.1
Wed Aug 5 05:43:45 2020 info: enp17s0 - ping check on server #1 failed - 8.8.8.8 (ping size: 64)
Wed Aug 5 05:43:48 2020 info: enp17s0 - ping check on server #2 passed - 1.1.1.1
Wed Aug 5 05:46:24 2020 info: enp17s0 - ping check on server #1 passed - 8.8.8.8
Wed Aug 5 05:48:24 2020 info: system - heartbeat...
Wed Aug 5 05:49:11 2020 warn: system - dynamic DNS update failed - see system log
Wed Aug 5 05:49:11 2020 info: system - DNS update will try again on next heartbeat
[root@cfzn254 ~]# systemctl status -l anmgr dnsmasq
Unit anmgr.service could not be found.
● dnsmasq.service - DNS caching server.
Loaded: loaded (/usr/lib/systemd/system/dnsmasq.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2020-08-05 05:44:01 -04; 5min ago
Main PID: 27313 (dnsmasq)
CGroup: /system.slice/dnsmasq.service
└─27313 /usr/sbin/dnsmasq -k
Aug 05 05:44:01 cfzn254.cfzn.lan dnsmasq-dhcp[27313]: DHCP, IP range 10.0.1.100 -- 10.0.1.254, lease time 12h
Aug 05 05:44:01 cfzn254.cfzn.lan dnsmasq[27313]: using nameserver 127.0.0.1#5553
Aug 05 05:44:01 cfzn254.cfzn.lan dnsmasq[27313]: read /etc/hosts - 2 addresses
Aug 05 05:44:01 cfzn254.cfzn.lan dnsmasq-dhcp[27313]: read /etc/ethers - 0 addresses
Aug 05 05:47:31 cfzn254.cfzn.lan dnsmasq-dhcp[27313]: no address range available for DHCP request via enp14s0
Aug 05 05:47:39 cfzn254.cfzn.lan dnsmasq-dhcp[27313]: no address range available for DHCP request via enp14s0
Aug 05 05:47:49 cfzn254.cfzn.lan dnsmasq-dhcp[27313]: no address range available for DHCP request via enp14s0
Aug 05 05:48:03 cfzn254.cfzn.lan dnsmasq-dhcp[27313]: no address range available for DHCP request via enp14s0
Aug 05 05:48:13 cfzn254.cfzn.lan dnsmasq-dhcp[27313]: no address range available for DHCP request via enp14s0
Aug 05 05:48:23 cfzn254.cfzn.lan dnsmasq-dhcp[27313]: no address range available for DHCP request via enp14s0
[root@cfzn254 ~]# systemctl status -l dnsthingymgr dnsmasq
● dnsthingymgr.service - SYSV: This script starts your DNSthingy Manager
Loaded: loaded (/etc/rc.d/init.d/dnsthingymgr; bad; vendor preset: disabled)
Active: active (running) since Tue 2020-08-04 05:49:36 -04; 23h ago
Docs: man:systemd-sysv-generator(8)
Process: 2122 ExecStart=/etc/rc.d/init.d/dnsthingymgr start (code=exited, status=0/SUCCESS)
Main PID: 2154 (dnsthingymgr)
CGroup: /system.slice/dnsthingymgr.service
└─2154 /usr/local/sbin/dnsthingymgr -c /etc/dnsthingy/dnsthingymgr.conf
Aug 04 05:49:36 cfzn254.cfzn.lan dnsthingymgr[2122]: /etc/rc.d/init.d/dnsthingymgr: line 17: [: =: unary operator expected
Aug 04 05:49:36 cfzn254.cfzn.lan dnsthingymgr[2122]: Starting dnsthingymgr: [ OK ]
● dnsmasq.service - DNS caching server.
Loaded: loaded (/usr/lib/systemd/system/dnsmasq.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2020-08-05 05:44:01 -04; 4min 10s ago
Main PID: 27313 (dnsmasq)
CGroup: /system.slice/dnsmasq.service
└─27313 /usr/sbin/dnsmasq -k
Aug 05 05:44:01 cfzn254.cfzn.lan dnsmasq[27313]: compile time options: IPv6 GNU-getopt DBus no-i18n IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth no-DNSSEC loop-detect inotify
Aug 05 05:44:01 cfzn254.cfzn.lan dnsmasq[27313]: warning: ignoring resolv-file flag because no-resolv is set
Aug 05 05:44:01 cfzn254.cfzn.lan dnsmasq-dhcp[27313]: DHCP, IP range 10.0.1.100 -- 10.0.1.254, lease time 12h
Aug 05 05:44:01 cfzn254.cfzn.lan dnsmasq[27313]: using nameserver 127.0.0.1#5553
Aug 05 05:44:01 cfzn254.cfzn.lan dnsmasq[27313]: read /etc/hosts - 2 addresses
Aug 05 05:44:01 cfzn254.cfzn.lan dnsmasq-dhcp[27313]: read /etc/ethers - 0 addresses
Aug 05 05:47:31 cfzn254.cfzn.lan dnsmasq-dhcp[27313]: no address range available for DHCP request via enp14s0
Aug 05 05:47:39 cfzn254.cfzn.lan dnsmasq-dhcp[27313]: no address range available for DHCP request via enp14s0
Aug 05 05:47:49 cfzn254.cfzn.lan dnsmasq-dhcp[27313]: no address range available for DHCP request via enp14s0
Aug 05 05:48:03 cfzn254.cfzn.lan dnsmasq-dhcp[27313]: no address range available for DHCP request via enp14s0
The GM has the following setup:
Default treatment: OpenDNS FamilyShield On
Optimize downloads and streaming
Use content delivery networks optimized for your ISP. On
Whitelist this dashboard
Prevents you from being locked out of your account settings. On
Safer Search Engines
Force filtering of search results on Bing, DuckDuckGo, and Google. On
YouTube filtering: Moderate filtering
Excludes content YouTube considers inappropriate. On
Better Safe Than Sorry
Block high risk domains and TLDs. On
Block Behavioural Profiling On
Block Content Marketers On
Block Cryptojacking
Block browser-based cry ptocurrency mining, which slows you down. On
Block Third Party Advertisers On
Fabricio Batista Narcizo wrote:
Oh, sorry! I've forgotten to take a look at syswatch. I will try next time the DNS goes down.
I just changed the DNS from my ClearOS server to use the default DNS from the SIP provider (i.e., the IP from the modem/router).
I use the GM v2.0.2 (free).
Nick Howitt wrote:
Generally it is best not to mix DNS providers as you were doing as you won't know which is doing the lookups or blocking. Most DNS providers have a primary and secondary IP and you should use those. However that should not be the cause of the problem you are seeing.
I find it odd that the system fails to contact 8.8.8.8 at all.
If you system just stopped before you did the statuses then dnsmasq and dnsthingymgr are probably OK. Did syswatch give errors at the same time?
What version of GM are you running? Free or Business? -
Accepted Answer
Oh, sorry! I've forgotten to take a look at syswatch. I will try next time the DNS goes down.
I just changed the DNS from my ClearOS server to use the default DNS from the SIP provider (i.e., the IP from the modem/router).
I use the GM v2.0.2 (free).
Nick Howitt wrote:
Generally it is best not to mix DNS providers as you were doing as you won't know which is doing the lookups or blocking. Most DNS providers have a primary and secondary IP and you should use those. However that should not be the cause of the problem you are seeing.
I find it odd that the system fails to contact 8.8.8.8 at all.
If you system just stopped before you did the statuses then dnsmasq and dnsthingymgr are probably OK. Did syswatch give errors at the same time?
What version of GM are you running? Free or Business? -
Accepted Answer
Generally it is best not to mix DNS providers as you were doing as you won't know which is doing the lookups or blocking. Most DNS providers have a primary and secondary IP and you should use those. However that should not be the cause of the problem you are seeing.
I find it odd that the system fails to contact 8.8.8.8 at all.
If you system just stopped before you did the statuses then dnsmasq and dnsthingymgr are probably OK. Did syswatch give errors at the same time?
What version of GM are you running? Free or Business? -
Accepted Answer
Dear Nick,
I have been using the following DNS to block some contents: 185.228.168.168, 208.67.222.123, and 77.88.8.7. After having problems, I've changed the server to use Google's DNS.
The server just stopped. These are the results of DNSMasq logger system:
systemctl status -l dnsthingymgr dnsmasq
● dnsthingymgr.service - SYSV: This script starts your DNSthingy Manager
Loaded: loaded (/etc/rc.d/init.d/dnsthingymgr; bad; vendor preset: disabled)
Active: active (running) since Mon 2020-08-03 15:25:42 -04; 14h ago
Docs: man:systemd-sysv-generator(8)
Process: 1639 ExecStart=/etc/rc.d/init.d/dnsthingymgr start (code=exited, status=0/SUCCESS)
Main PID: 1696 (dnsthingymgr)
CGroup: /system.slice/dnsthingymgr.service
└─1696 /usr/local/sbin/dnsthingymgr -c /etc/dnsthingy/dnsthingymgr.conf
Aug 03 15:25:42 cfzn254.cfzn.lan dnsthingymgr[1639]: /etc/rc.d/init.d/dnsthingymgr: line 17: [: =: unary operator expected
Aug 03 15:25:42 cfzn254.cfzn.lan dnsthingymgr[1639]: Starting dnsthingymgr: [ OK ]
● dnsmasq.service - DNS caching server.
Loaded: loaded (/usr/lib/systemd/system/dnsmasq.service; enabled; vendor preset: disabled)
Active: active (running) since Mon 2020-08-03 15:25:41 -04; 14h ago
Main PID: 1106 (dnsmasq)
CGroup: /system.slice/dnsmasq.service
└─1106 /usr/sbin/dnsmasq -k
Aug 04 05:34:39 cfzn254.cfzn.lan dnsmasq-dhcp[1106]: no address range available for DHCP request via enp14s0
Aug 04 05:34:52 cfzn254.cfzn.lan dnsmasq-dhcp[1106]: no address range available for DHCP request via enp14s0
Aug 04 05:35:05 cfzn254.cfzn.lan dnsmasq-dhcp[1106]: no address range available for DHCP request via enp14s0
Aug 04 05:35:15 cfzn254.cfzn.lan dnsmasq-dhcp[1106]: no address range available for DHCP request via enp14s0
Aug 04 05:40:23 cfzn254.cfzn.lan dnsmasq-dhcp[1106]: no address range available for DHCP request via enp14s0
Aug 04 05:40:30 cfzn254.cfzn.lan dnsmasq-dhcp[1106]: no address range available for DHCP request via enp14s0
Aug 04 05:40:41 cfzn254.cfzn.lan dnsmasq-dhcp[1106]: no address range available for DHCP request via enp14s0
Aug 04 05:40:57 cfzn254.cfzn.lan dnsmasq-dhcp[1106]: no address range available for DHCP request via enp14s0
Aug 04 05:41:10 cfzn254.cfzn.lan dnsmasq-dhcp[1106]: no address range available for DHCP request via enp14s0
Aug 04 05:41:23 cfzn254.cfzn.lan dnsmasq-dhcp[1106]: no address range available for DHCP request via enp14s0
Nick Howitt wrote:
It is like the problem is accessing google. I wonder what is blocking it. Have you considered switching DNS to something else like OpenDNS or Cloudflare? -
Accepted Answer
-
Accepted Answer
The current version of GM is 2.0.2. This server updates the packages automatically. I suppose the current version is the release one.
I'm going to wait until the DNS goes down to execute the command you asked.
The syswatch log has this error:
Sun Aug 2 14:04:04 2020 info: system - heartbeat...
Sun Aug 2 14:04:14 2020 info: enp17s0 - ping check on server #1 failed - 8.8.8.8 (ping size: 64)
Sun Aug 2 14:04:17 2020 info: enp17s0 - ping check on server #2 passed - 1.1.1.1
Sun Aug 2 14:05:27 2020 info: enp17s0 - ping check on server #1 failed - 8.8.8.8 (ping size: 64)
Sun Aug 2 14:05:30 2020 info: enp17s0 - ping check on server #2 passed - 1.1.1.1
Sun Aug 2 14:06:40 2020 info: enp17s0 - ping check on server #1 failed - 8.8.8.8 (ping size: 64)
Sun Aug 2 14:06:43 2020 info: enp17s0 - ping check on server #2 passed - 1.1.1.1
Sun Aug 2 14:07:53 2020 info: enp17s0 - ping check on server #1 failed - 8.8.8.8 (ping size: 64)
Sun Aug 2 14:07:56 2020 info: enp17s0 - ping check on server #2 passed - 1.1.1.1
Nick Howitt wrote:
Which version of GM are you running? Also, did you upgrade it to the beta version? Clearly, as you have GM, it is going to make diagnosing a bit harder. When it goes down, if you are on the non-beta version of GM, what do you get from:
If you're running the beta version:systemctl status -l dnsthingymgr dnsmasq
systemctl status -l anmgr dnsmasq
Last week syswatch was upgraded for Home and Business. Community got nothing last week. Which are you running? Is there anything obvious in the syswatch log? -
Accepted Answer
Which version of GM are you running? Also, did you upgrade it to the beta version? Clearly, as you have GM, it is going to make diagnosing a bit harder. When it goes down, if you are on the non-beta version of GM, what do you get from:
If you're running the beta version:systemctl status -l dnsthingymgr dnsmasq
systemctl status -l anmgr dnsmasq
Last week syswatch was upgraded for Home and Business. Community got nothing last week. Which are you running? Is there anything obvious in the syswatch log? -
Accepted Answer
Dear Nick,
These are the results I've gotten from the asked commands:
ifconfig | grep '^\S' -A 1
enp14s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.254 netmask 255.255.255.0 broadcast 192.168.1.255
--
enp17s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.1.2 netmask 255.255.255.0 broadcast 10.0.1.255
--
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
--
tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
inet 10.8.10.1 netmask 255.255.255.255 destination 10.8.10.2
--
tun1: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
inet 10.8.0.1 netmask 255.255.255.255 destination 10.8.0.2
grep IF /etc/clearos/network.conf
EXTIF="enp17s0"
LANIF="enp14s0"
DMZIF=""
HOTIF=""
cat /etc/resolv-peerdns.conf
; generated by /usr/sbin/dhclient-script
nameserver 8.8.8.8
nameserver 8.8.4.4
cat /etc/dnsmasq.conf
#DNSthingy disabled:bogus-priv
cache-size=0 #DNSthingy changed from:5000
conf-dir=/etc/dnsmasq.d
dhcp-authoritative
dhcp-lease-max=1000
domain-needed
domain=cfzn.lan
expand-hosts
no-negcache
port=53
read-ethers
resolv-file=/etc/resolv-peerdns.conf
strict-order
user=nobody
I've set a static DNS (192.168.1.254, i.e. te ClearOS Server IP) for all my PC's.
Yes, I'm running Gateway Management and I also use FlexShare.
This morning, I reviewed the permissions of all users and shared folders.
FYI, this server worked well for 4 months. This error appeared last week.
Nick Howitt wrote:
No. Your drivers are good. The RTL8111/8168/8411 is a specific problem which you don't have. We'll have to look elsewhere for the problem.
As a basic check, what do you get from:
Are your PC's using ClearOS as their DNS server or have you given them static settings?ifconfig | grep '^\S' -A 1
grep IF /etc/clearos/network.conf
/etc/resolv-peerdns.conf
cat /etc/dnsmasq.conf
Are you running Gateway Management? -
Accepted Answer
No. Your drivers are good. The RTL8111/8168/8411 is a specific problem which you don't have. We'll have to look elsewhere for the problem.
As a basic check, what do you get from:
Are your PC's using ClearOS as their DNS server or have you given them static settings?ifconfig | grep '^\S' -A 1
grep IF /etc/clearos/network.conf
/etc/resolv-peerdns.conf
cat /etc/dnsmasq.conf
Are you running Gateway Management? -
Accepted Answer
This is the output oflspci
command:
0e:00.0 Ethernet controller: Broadcom Inc. and subsidiaries NetXtreme BCM5722 Gigabit Ethernet PCI Express
Subsystem: Hewlett-Packard Company NC105i PCIe Gigabit Server Adapter
Kernel driver in use: tg3
Kernel modules: tg3
11:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8169 PCI Gigabit Ethernet Controller (rev 10)
Subsystem: Realtek Semiconductor Co., Ltd. RTL8169/8110 Family PCI Gigabit Ethernet NIC
Kernel driver in use: r8169
Kernel modules: r8169
Do you think I must update the driver? -
Accepted Answer
What is the output to:
If it shows the RTL8111/8168/8411 NIC and it is using the r8169 driver, please to:lspci -k | grep Eth -A 3
to install a better driver, then reboot.yum install kmod-r816*
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »