Forums

×

Warning

JUser: :_load: Unable to load user with ID: 235091
Medium
Offline
Resolved
0 votes
set up clear OS Vm as a DHCP and DNS server

added dns entries from web interface

these entries are not resolved from dns server

[sh@nebb-04 sh]$ nslookup shfogsm.neb.io 192.168.XX.XX
;; connection timed out; trying next origin
;; connection timed out; no servers could be reached

[sh@nebbiolo-04 sh]
In ClearVM
Wednesday, August 19 2020, 12:12 AM
Share this post:

Accepted Answer

Wednesday, August 19 2020, 07:46 AM - #Permalink
Resolved
0 votes
What DNS servers have you configured in ClearOS and what is your ClearOS IP address?
cat /etc/resolv-peerdns.conf
ifconfig | grep '^\S' -A 1
The reply is currently minimized Show
Responses (8)
  • Accepted Answer

    Wednesday, August 19 2020, 08:03 AM - #Permalink
    Resolved
    0 votes
    [root@gateway ~]# cat /etc/resolv.conf
    # Please do not edit this file.
    # See http://www.clearcenter.com/support/documentation/clearos_guides/dns_and_resolver
    domain nebbiolotech.com
    nameserver 127.0.0.1
    nameserver 8.8.8.8



    [root@gateway ~]# ifconfig | grep '^\S' -A 1
    eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
    inet 192.168.23.10 netmask 255.255.255.0 broadcast 192.168.23.255
    --
    eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
    inet 192.168.100.1 netmask 255.255.255.0 broadcast 192.168.100.255
    --
    eth2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
    inet 192.168.101.1 netmask 255.255.255.0 broadcast 192.168.101.255
    --
    eth3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
    inet 192.168.102.1 netmask 255.255.255.0 broadcast 192.168.102.255
    --
    eth4: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
    inet 192.168.22.1 netmask 255.255.255.0 broadcast 192.168.22.255
    --
    lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
    inet 127.0.0.1 netmask 255.0.0.0
    The reply is currently minimized Show
  • Accepted Answer

    Wednesday, August 19 2020, 08:47 AM - #Permalink
    Resolved
    0 votes
    Please remove 127.0.0.1.

    Are you in gateway mode? If so, which is your external connection?

    Also, why do you expect shfogsm.neb.io to resolve? Have you set it up in your DNS server? It does not resolve for me.
    The reply is currently minimized Show
  • Accepted Answer

    Wednesday, August 19 2020, 09:20 AM - #Permalink
    Resolved
    0 votes
    removed 127.0.0.1., now the lan connectivity is up.

    How to check if VM is in gateway mode. External connection is to a l3 distribution switch, goes to internet.

    Is this ok?
    [root@gateway ~]# cat /etc/resolv-peerdns.conf
    # Please do not edit this file.
    # See http://www.clearcenter.com/support/documentation/clearos_guides/dns_and_resolver
    domain nebbiolotech.com
    nameserver 8.8.8.8


    Issue now is,

    From internal network,


    2020/08/19 02:10:35 client: Connection error: dial tcp: lookup fogsm-vpr-eval.nebbiolo.io on 192.168.101.1:53: read udp 192.168.23.90:56016->192.168.101.1:53: i/o timeout (Attempt: 633)


    [admin@host-FN-300-113b8a ~]$ ifconfig | grep inet
    inet 10.10.10.1 netmask 255.255.255.0 broadcast 10.10.10.255
    inet6 fe80::f8a7:6cff:fe2a:c9eb prefixlen 64 scopeid 0x20<link>
    inet 20.20.20.1 netmask 255.255.255.0 broadcast 20.20.20.255
    inet6 fe80::cced:36ff:fe2d:2604 prefixlen 64 scopeid 0x20<link>
    inet 192.168.23.90 netmask 255.255.255.0 broadcast 192.168.23.255
    The reply is currently minimized Show
  • Accepted Answer

    Wednesday, August 19 2020, 09:51 AM - #Permalink
    Resolved
    0 votes
    S wrote:
    How to check if VM is in gateway mode. External connection is to a l3 distribution switch, goes to internet.

    In ClearOS look at Network > Settings > IP settings, look at the Network Mode.


    Is this ok?
    [root@gateway ~]# cat /etc/resolv-peerdns.conf
    # Please do not edit this file.
    # See http://www.clearcenter.com/support/documentation/clearos_guides/dns_and_resolver
    domain nebbiolotech.com
    nameserver 8.8.8.8

    Normally if you use 8.8.8.8 you would also use 8.8.4.4.


    Issue now is,

    From internal network,


    2020/08/19 02:10:35 client: Connection error: dial tcp: lookup fogsm-vpr-eval.nebbiolo.io on 192.168.101.1:53: read udp 192.168.23.90:56016->192.168.101.1:53: i/o timeout (Attempt: 633)


    [admin@host-FN-300-113b8a ~]$ ifconfig | grep inet
    inet 10.10.10.1 netmask 255.255.255.0 broadcast 10.10.10.255
    inet6 fe80::f8a7:6cff:fe2a:c9eb prefixlen 64 scopeid 0x20<link>
    inet 20.20.20.1 netmask 255.255.255.0 broadcast 20.20.20.255
    inet6 fe80::cced:36ff:fe2d:2604 prefixlen 64 scopeid 0x20<link>
    inet 192.168.23.90 netmask 255.255.255.0 broadcast 192.168.23.255

    I've no idea where this is coming from. Where are you seeing the message and where is the ifconfig from? What is the connection error and what is it testing? If the ifconfig is from a client, what are its DNS resolvers? Also are you munging your IP addresses (10.10.10.1 and 20.20.20.1)? Presumably this machine is connected to the same network as eth0, but isn't that your external ClearOS interface
    The reply is currently minimized Show
  • Accepted Answer

    Wednesday, August 19 2020, 10:13 AM - #Permalink
    Resolved
    0 votes
    Clear OS VM is set to Gateway Mode.

    Issue now is,

    From internal network,


    2020/08/19 02:10:35 client: Connection error: dial tcp: lookup fogsm-vpr-eval.nebbiolo.io on 192.168.101.1:53: read udp 192.168.23.90:56016->192.168.101.1:53: i/o timeout (Attempt: 633)


    [admin@host-FN-300-113b8a ~]$ ifconfig | grep inet
    inet 10.10.10.1 netmask 255.255.255.0 broadcast 10.10.10.255
    inet6 fe80::f8a7:6cff:fe2a:c9eb prefixlen 64 scopeid 0x20<link>
    inet 20.20.20.1 netmask 255.255.255.0 broadcast 20.20.20.255
    inet6 fe80::cced:36ff:fe2d:2604 prefixlen 64 scopeid 0x20<link>
    inet 192.168.23.90 netmask 255.255.255.0 broadcast 192.168.23.255

    I've no idea where this is coming from. Where are you seeing the message and where is the ifconfig from? What is the connection error and what is it testing? If the ifconfig is from a client, what are its DNS resolvers? Also are you munging your IP addresses (10.10.10.1 and 20.20.20.1)? Presumably this machine is connected to the same network as eth0, but isn't that your external ClearOS interface

    S>>>> This message is from the client that was trying to connect a node on the internet.

    192.168.23.90 -------> Internet [50.X.X.X]

    Fixed this issue by setting correct nameservers. Thank you for the pointer.

    [admin@host-FN-300-113b8a ~]$ sudo cat /etc/resolv.conf
    ; generated by /usr/sbin/dhclient-script
    search nebbiolotech.com
    nameserver 192.168.23.10
    nameserver 8.8.8.8
    [admin@host-FN-300-113b8a ~]$


    Question now is,


    This VM also serves as DHCP server that gave this client its IP address.
    what are the settings to populate the /etc/resolv.conf on client automatically.
    The reply is currently minimized Show
  • Accepted Answer

    Wednesday, August 19 2020, 10:18 AM - #Permalink
    Resolved
    0 votes
    I am struggling with visualising your network. What do your get from "grep IF /etc/clearos/network.conf"?

    The DHCP server is configured (unsurprisingly) from the DHCP Server app (Network > Infrastructure > DHCP Server).
    The reply is currently minimized Show
  • Accepted Answer

    Wednesday, August 19 2020, 10:24 AM - #Permalink
    Resolved
    0 votes
    [root@gateway ~]# grep IF /etc/clearos/network.conf
    EXTIF="eth0"
    LANIF="eth1 eth2 eth3"
    DMZIF=""
    HOTIF=""

    on the DHCP server config, DNS Servers are already set.

    the issue is that it is not dishing them out.


    23.X LAN -------> DNS + DHCP Server set on Clear OS<-------------Internet
    The reply is currently minimized Show
  • Accepted Answer

    Wednesday, August 19 2020, 11:11 AM - #Permalink
    Resolved
    0 votes
    As you are in Gateway mode, you would not expect ClearOS to resolve DNS requests (or do DHCP) from its WAN interface and the firewall is closed to those requests. It will, however, respond the DNS and DHCP requests from its LAN. To respond to DNS requests from the WAN you will need to open the Incoming Firewall to tcp:53 and udp:53 for DNS. DHCP is udp:67, I believe. Normally you should not do this, but in your case, since your WAN is in a private address space, you are probably safe.
    The reply is currently minimized Show
Your Reply