I have been having difficulty lately with my Clear OS 7.1 box resolving DNS,
Current config is a stand alone Server connected to another gateway. The Clear OS box has 2 NIC's with 1 disabled, and the other set to gets its IP address via DHCP from the gateway Nextgen Firewall. Recently I have been unable to resolve DNS on the ClearOS Server.
IPAddress: 192.168.0.50
DNSServer: 192.168.0.1
Interface: enp5s0
Role:LAN
Type: DHCP
[root@ldap ~]# ping 209.58.144.100
PING 209.58.144.100 (209.58.144.100) 56(84) bytes of data.
64 bytes from 209.58.144.100: icmp_seq=1 ttl=50 time=57.0 ms
64 bytes from 209.58.144.100: icmp_seq=2 ttl=50 time=95.7 ms
^C
--- 209.58.144.100 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 57.047/76.382/95.717/19.335 ms
[root@ldap ~]# ping google.com
ping: unknown host google.com
[root@ldap ~]#
[root@ldap ~]# dig google.com
; DiG 9.9.4-RedHat-9.9.4-29.el7_2.3 google.com
;; global options: +cmd
;; connection timed out; no servers could be reached
[root@ldap ~]# dig @192.168.0.1 google.com
; DiG 9.9.4-RedHat-9.9.4-29.el7_2.3 @192.168.0.1 google.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;google.com. IN A
;; ANSWER SECTION:
google.com. 107 IN A 209.85.144.139
google.com. 107 IN A 209.85.144.113
google.com. 107 IN A 209.85.144.138
google.com. 107 IN A 209.85.144.101
google.com. 107 IN A 209.85.144.100
google.com. 107 IN A 209.85.144.102
;; AUTHORITY SECTION:
. 39244 IN NS b.root-servers.net.
. 39244 IN NS e.root-servers.net.
. 39244 IN NS k.root-servers.net.
. 39244 IN NS i.root-servers.net.
. 39244 IN NS h.root-servers.net.
. 39244 IN NS c.root-servers.net.
. 39244 IN NS g.root-servers.net.
. 39244 IN NS f.root-servers.net.
. 39244 IN NS d.root-servers.net.
. 39244 IN NS m.root-servers.net.
. 39244 IN NS a.root-servers.net.
. 39244 IN NS l.root-servers.net.
. 39244 IN NS j.root-servers.net.
;; Query time: 1 msec
;; SERVER: 192.168.0.1#53(192.168.0.1)
;; WHEN: Wed Sep 07 13:43:34 EDT 2016
;; MSG SIZE rcvd: 346
Not sure what I am missing if ClearOS shows my DNS as 192.168.0.1 and I am unable to resolve. but when using dig @192.168.0.1 i can resolve. Any help would be appreciated.
Current config is a stand alone Server connected to another gateway. The Clear OS box has 2 NIC's with 1 disabled, and the other set to gets its IP address via DHCP from the gateway Nextgen Firewall. Recently I have been unable to resolve DNS on the ClearOS Server.
IPAddress: 192.168.0.50
DNSServer: 192.168.0.1
Interface: enp5s0
Role:LAN
Type: DHCP
[root@ldap ~]# ping 209.58.144.100
PING 209.58.144.100 (209.58.144.100) 56(84) bytes of data.
64 bytes from 209.58.144.100: icmp_seq=1 ttl=50 time=57.0 ms
64 bytes from 209.58.144.100: icmp_seq=2 ttl=50 time=95.7 ms
^C
--- 209.58.144.100 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 57.047/76.382/95.717/19.335 ms
[root@ldap ~]# ping google.com
ping: unknown host google.com
[root@ldap ~]#
[root@ldap ~]# dig google.com
; DiG 9.9.4-RedHat-9.9.4-29.el7_2.3 google.com
;; global options: +cmd
;; connection timed out; no servers could be reached
[root@ldap ~]# dig @192.168.0.1 google.com
; DiG 9.9.4-RedHat-9.9.4-29.el7_2.3 @192.168.0.1 google.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;google.com. IN A
;; ANSWER SECTION:
google.com. 107 IN A 209.85.144.139
google.com. 107 IN A 209.85.144.113
google.com. 107 IN A 209.85.144.138
google.com. 107 IN A 209.85.144.101
google.com. 107 IN A 209.85.144.100
google.com. 107 IN A 209.85.144.102
;; AUTHORITY SECTION:
. 39244 IN NS b.root-servers.net.
. 39244 IN NS e.root-servers.net.
. 39244 IN NS k.root-servers.net.
. 39244 IN NS i.root-servers.net.
. 39244 IN NS h.root-servers.net.
. 39244 IN NS c.root-servers.net.
. 39244 IN NS g.root-servers.net.
. 39244 IN NS f.root-servers.net.
. 39244 IN NS d.root-servers.net.
. 39244 IN NS m.root-servers.net.
. 39244 IN NS a.root-servers.net.
. 39244 IN NS l.root-servers.net.
. 39244 IN NS j.root-servers.net.
;; Query time: 1 msec
;; SERVER: 192.168.0.1#53(192.168.0.1)
;; WHEN: Wed Sep 07 13:43:34 EDT 2016
;; MSG SIZE rcvd: 346
Not sure what I am missing if ClearOS shows my DNS as 192.168.0.1 and I am unable to resolve. but when using dig @192.168.0.1 i can resolve. Any help would be appreciated.
In IP Settings
Share this post:
Accepted Answer
Got it.
Your port=0 completely disables the DNS function. See man dnsmasq.conf, then set it to 53 and reload dnsmasq.
Your port=0 completely disables the DNS function. See man dnsmasq.conf, then set it to 53 and reload dnsmasq.
Responses (21)
-
Accepted Answer
Glad you are up and running now.
Please open a new thread for VM's, but before you do, can you search this forum for virtualbox? Remember that what works on Centos generally works on ClearOS if it can run headless so "virtualbox headless centos7" is probably a good search in the wider internet, but try to get the packages from ClearOS repos where possible. -
Accepted Answer
-
Accepted Answer
Nick Howitt wrote:
How come you are using Network Manager? It is not part of the ClearOS usual configuration and I don't think it plays well with ClearOS. Is 192.168.13.1 a DNS server or your gateway or some other machine working as a DNS resolver?
Well i tried to start using VM's on the clearos host i wanted to use this guide KVM_cli_guide
Yes 192.168.13.1 is my router.
Thanks -
Accepted Answer
-
Accepted Answer
Hello,
please see the content for the other files:
[root@server ~]# cat /etc/resolv.conf
# Please do not edit this file.
# See http://www.clearcenter.com/support/documentation/clearos_guides/dns_and_resolver
domain darzu.lan
nameserver 127.0.0.1
[root@server ~]# cat /etc/resolv-peerdns.conf
# Generated by NetworkManager
nameserver 192.168.13.1
[root@server ~]# ls /etc/dnsmasq.d
dhcp.conf
there is no more inside there.
Thanks
-
Accepted Answer
Nick Howitt wrote:
@Ervin,
It looks like you have a few extra configurations options so I guess you've been manually tinkering:
Seem to be manual additions. Do you need them?bind-interfaces
listen-address=192.168.xxx.25
well I had some issues after I had installed kvm, was not able to the default network, and I had inserted manually these additions, will start by removing them.
will post the content for the other files in a moment.
Thanks -
Accepted Answer
@Ervin,
It looks like you have a few extra configurations options so I guess you've been manually tinkering:
Seem to be manual additions. Do you need them?bind-interfaces
listen-address=192.168.xxx.25
Also please give the contents of:
/etc/resolv.conf
/etc/resolv-peerdns.conf
and any file in /etc/dnsmasq.d except dhcp.conf (there probably aren't any) -
Accepted Answer
Hello,
can check my config I got the same issue but for me it is already 53 is set for port, any other idea, what can be the issue?
[root@server ~]# cat /etc/dnsmasq.conf
bind-interfaces
bogus-priv
cache-size=5000
conf-dir=/etc/dnsmasq.d
dhcp-authoritative
dhcp-lease-max=1000
domain-needed
domain=daxxx.lan
expand-hosts
listen-address=192.168.xxx.25
no-negcache
port=53
resolv-file=/etc/resolv-peerdns.conf
strict-order
user=nobody
Thanks for help -
Accepted Answer
-
Accepted Answer
Didn't see anything that alerted me in the dnmasq.conf
[root@ldap ~]# cat /etc/dnsmasq.conf
bogus-priv
cache-size=5000
conf-dir=/etc/dnsmasq.d
dhcp-authoritative
dhcp-lease-max=1000
domain-needed
domain=gileadschool.pvt
expand-hosts
no-negcache
port=0
resolv-file=/etc/resolv-peerdns.conf
strict-order
user=nobody
I did try adding DNS 8.8.8.8 and 8.8.4.4 as static overrides, and still got no resolution. Although as proven by my [code type=markup] dig @192.168.0.1 google.com[/code] line it shows the DNS server 192.168.0.1 is not the issue. I may just have to reinstall this ClearOS box was a switchover from gateway to Standalone when we got the NGS firewall in place. -
Accepted Answer
Having one resolver just pointing to your external router is quite common under the assumption that if the router is down, what is the point of having a backup DNS unless you have another external connection. The router should then be configured with (or pick up from your ISP) multiple DNS addresses.
Other thoughts I have are:
- have a look at /etc/dnsmasq.conf in case of nasties
- Do some packet sniffing to see if the DNS requests exit ClearOS (and return)
- Do an arping check on the ClearOS IP (but pings by IP work so I don't see that can be an issue)
- Configure ClearOS manually with external DNS IP's, but this is bypassing rather than resolving the issue and does not help you resolve names internally
- Can IPv6 be interfering but I don't know where to start with this. -
Accepted Answer
Kevin, Interesting problem :-) A comment and question or two...
What's the answer to Nick's question re whether dnsmasq is running
Having only one nameserver is not good
What device has address 192.168.0.1?
dig uses the OS resolver libraries. nslookup uses is own internal ones.
What are the contents of /etc/resolv.conf /etc/nsswitch.conf and /etc/hosts
What is output of "netstat -r"
What is the output from "nslookup -d2 google.com" ?
Here is an example of success...
[root@danda ~]# nslookup -d2 google.com
main parsing google.com
addlookup()
make_empty_lookup()
looking up google.com
setup_system()
create_search_list()
ndots is 1.
copy_server_list()
make_server(127.0.0.1)
make_server(192.168.3.17)
make_server(192.168.2.35)
lock_lookup dighost.c:3732
success
start_lookup()
setup_lookup(0x232de78)
resetting lookup counter.
cloning server list
clone_server_list()
make_server(127.0.0.1)
make_server(192.168.3.17)
make_server(192.168.2.35)
libidn_locale_to_utf8
libidn_utf8_to_ascii
using root origin
output_filter
google.com.
recursive query
add_question()
starting to render the message
done rendering
create query 0x7f1dc8275018 linked to lookup 0x232de78
create query 0x7f1dc8275240 linked to lookup 0x232de78
create query 0x7f1dc8275468 linked to lookup 0x232de78
do_lookup()
send_udp(0x7f1dc8275018)
bringup_timer()
have local timeout of 1
working on lookup 0x232de78, query 0x7f1dc8275018
sockcount=1
recving with lookup=0x232de78, query=0x7f1dc8275018, sock=0x7f1dc8277010
recvcount=1
sending a request
unlock_lookup dighost.c:3734
lock_lookup dighost.c:2410
success
send_done()
sendcount=0
check_next_lookup(0x232de78)
still have a worker
unlock_lookup dighost.c:2441
recv_done()
lock_lookup dighost.c:3163
success
recvcount=0
lookup=0x232de78, query=0x7f1dc8275018
before parse starts
after parse
printmessage()
Server: 127.0.0.1
Address: 127.0.0.1#53
Non-authoritative answer:
printsection()
output_filter
google.com.
Name: google.com
Address: 216.58.217.206
still pending.
cancel_lookup()
check_if_done()
list empty
clear_query(0x7f1dc8275240)
clear_query(0x7f1dc8275468)
clear_query(0x7f1dc8275018)
sockcount=0
check_next_lookup(0x232de78)
try_clear_lookup(0x232de78)
destroy
freeing server 0x7f1db80008e8 belonging to 0x232de78
freeing server 0x7f1db8001108 belonging to 0x232de78
freeing server 0x7f1db8001928 belonging to 0x232de78
start_lookup()
check_if_done()
list empty
shutting down
dighost_shutdown()
unlock_lookup dighost.c:3641
done, and starting to shut down
cancel_all()
lock_lookup dighost.c:3748
success
unlock_lookup dighost.c:3778
destroy_libs()
freeing task
freeing taskmgr
lock_lookup dighost.c:3808
success
flush_server_list()
freeing commctx
freeing socketmgr
freeing timermgr
destroy DST lib
detach from entropy
unlock_lookup dighost.c:3865
Destroy the messages kept for sigchase
Removing log context
Destroy memory
[root@danda ~]#
-
Accepted Answer
-
Accepted Answer
Ha, I almost gave you those anyway. I agree it is weird. I went round and round all these. Hoping a second set of eyes points out something I am missing.
[root@ldap ~]# ifconfig |grep ^[a-z] -A 1
enp5s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.0.50 netmask 255.255.255.0 broadcast 192.168.0.255
--
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
[root@ldap ~]# cat /etc/clearos/network.conf
# Network mode
MODE="trustedstandalone"
# Network interface roles
EXTIF="enp5s0"
LANIF=""
DMZIF=""
HOTIF=""
# Domain and Internet Hostname
DEFAULT_DOMAIN="gileadschool.pvt"
INTERNET_HOSTNAME="gileadschool.poweredbyclear.com"
# Extra LANS
EXTRALANS=""
# ISP Maximum Speeds
ENP5S0_MAX_UPSTREAM=1530
ENP5S0_MAX_DOWNSTREAM=14620
-
Accepted Answer
-
Accepted Answer
-
Accepted Answer
[root@ldap ~]# lspci -k | grep Eth -A 3
05:00.0 Ethernet controller: Broadcom Corporation NetXtreme BCM5721 Gigabit Ethernet PCI Express (rev 11)
Subsystem: IBM eServer xSeries server mainboard
Kernel driver in use: tg3
06:00.0 Ethernet controller: Broadcom Corporation NetXtreme BCM5721 Gigabit Ethernet PCI Express (rev 11)
Subsystem: IBM eServer xSeries server mainboard
Kernel driver in use: tg3
07:00.0 PCI bridge: Intel Corporation 80332 [Dobson] I/O processor (A-Segment Bridge) (rev 07)
[root@ldap ~]# arping -I enp5s0 192.168.0.1
ARPING 192.168.0.1 from 192.168.0.50 enp5s0
Unicast reply from 192.168.0.1 [00:1A:8C:58:FF:6F] 0.753ms
Unicast reply from 192.168.0.1 [00:1A:8C:58:FF:6F] 0.755ms
Unicast reply from 192.168.0.1 [00:1A:8C:58:FF:6F] 0.751ms
Unicast reply from 192.168.0.1 [00:1A:8C:58:FF:6F] 0.800ms
Unicast reply from 192.168.0.1 [00:1A:8C:58:FF:6F] 0.766ms
Unicast reply from 192.168.0.1 [00:1A:8C:58:FF:6F] 0.755ms
Unicast reply from 192.168.0.1 [00:1A:8C:58:FF:6F] 0.750ms
Unicast reply from 192.168.0.1 [00:1A:8C:58:FF:6F] 0.778ms
Unicast reply from 192.168.0.1 [00:1A:8C:58:FF:6F] 0.731ms
Unicast reply from 192.168.0.1 [00:1A:8C:58:FF:6F] 0.756ms
Unicast reply from 192.168.0.1 [00:1A:8C:58:FF:6F] 0.755ms
Unicast reply from 192.168.0.1 [00:1A:8C:58:FF:6F] 0.753ms
Unicast reply from 192.168.0.1 [00:1A:8C:58:FF:6F] 0.756ms
Unicast reply from 192.168.0.1 [00:1A:8C:58:FF:6F] 0.752ms
Unicast reply from 192.168.0.1 [00:1A:8C:58:FF:6F] 0.756ms
Unicast reply from 192.168.0.1 [00:1A:8C:58:FF:6F] 0.768ms
Unicast reply from 192.168.0.1 [00:1A:8C:58:FF:6F] 0.757ms
Unicast reply from 192.168.0.1 [00:1A:8C:58:FF:6F] 0.755ms
Unicast reply from 192.168.0.1 [00:1A:8C:58:FF:6F] 0.751ms
Unicast reply from 192.168.0.1 [00:1A:8C:58:FF:6F] 0.776ms
Unicast reply from 192.168.0.1 [00:1A:8C:58:FF:6F] 0.765ms
Unicast reply from 192.168.0.1 [00:1A:8C:58:FF:6F] 0.768ms
Unicast reply from 192.168.0.1 [00:1A:8C:58:FF:6F] 0.765ms
Unicast reply from 192.168.0.1 [00:1A:8C:58:FF:6F] 0.770ms
Unicast reply from 192.168.0.1 [00:1A:8C:58:FF:6F] 0.762ms
Unicast reply from 192.168.0.1 [00:1A:8C:58:FF:6F] 0.760ms
Unicast reply from 192.168.0.1 [00:1A:8C:58:FF:6F] 0.746ms
Unicast reply from 192.168.0.1 [00:1A:8C:58:FF:6F] 0.778ms
Unicast reply from 192.168.0.1 [00:1A:8C:58:FF:6F] 0.758ms
Unicast reply from 192.168.0.1 [00:1A:8C:58:FF:6F] 0.771ms
Unicast reply from 192.168.0.1 [00:1A:8C:58:FF:6F] 0.751ms
Unicast reply from 192.168.0.1 [00:1A:8C:58:FF:6F] 0.762ms
^CSent 32 probes (1 broadcast(s))
Received 32 response(s)
-
Accepted Answer
-
Accepted Answer
-
Accepted Answer
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »