What is messing with my name resolution
Hi I have now run into at situation with some OpenSUSE machines on a friends network. They are on a separate LAN and a pfSense manages firewalling, dhcp and dns. Except that we have had one problem after another with the build in resolver. So I thought 🤔 how hard can it be to run your own resolver? I spun up another OpenSUSE with dnsmasq. I am new to dnsmasq but I don't think that's the problem. Now I can perform a dig command from another machine to my new resolver and get a answer immediately: localadm@sshgw:~> time dig @192.168.80.4 -x 192.168.80.8 +short sshgw.tier1.internal. real 0m0,033s .. localadm@sshgw:~> time dig @192.168.80.4 sshgw.tier1.internal. +short 192.168.80.8 real 0m0,033s No problem here, and I then went on to configure the networking on the other machines using yast and wicked in control. localadm@sshgw:~> cat /etc/resolv.conf # blabla search tier1.internal nameserver 192.168.80.4 localadm@sshgw:~> grep host /etc/nsswitch.conf hosts: files mdns_minimal [NOTFOUND=return] dns But when I test using using the host command: localadm@sshgw:~> host sshgw.tier1.internal. sshgw.tier1.internal has address 192.168.80.8 ;; connection timed out; no servers could be reached ;; connection timed out; no servers could be reached It responds immediately with the correct answer, but then hangs a while before the timeout lines... I must have overlooked something basic, but what? -- Klaus
On 2024-08-04 20:31, Klaus Vink Slott via openSUSE Users wrote: ...
But when I test using using the host command:
localadm@sshgw:~> host sshgw.tier1.internal.
you could try adding "-v". Maybe that gives information about where it gets stuck: host -v sshgw.tier1.internal. Ia am confused also by the dot after "internal". -- Cheers / Saludos, Carlos E. R. (from 15.5 x86_64 at Telcontar)
On 04.08.2024 kl. 21.24 Carlos E. R. wrote:
On 2024-08-04 20:31, Klaus Vink Slott via openSUSE Users wrote:
...
But when I test using using the host command: localadm@sshgw:~> host sshgw.tier1.internal.
you could try adding "-v". Maybe that gives information about where it gets stuck: Did not know about that, thanks. With verbose added I get:
localadm@sshgw:~> host -v sshgw.tier1.internal. Trying "sshgw.tier1.internal" ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43751 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;sshgw.tier1.internal. IN A ;; ANSWER SECTION: sshgw.tier1.internal. 0 IN A 192.168.80.8 Received 54 bytes from 192.168.80.4#53 in 0 ms Trying "sshgw.tier1.internal" ;; connection timed out; no servers could be reached Trying "sshgw.tier1.internal" ;; connection timed out; no servers could be reached
Ia am confused also by the dot after "internal".
To my knowledge a trailing . should tell the local resolver that this is the fqdn, do not try to add search domain specified /etc/resolv.conf - but in this case I get the same result anyway. The question is, why is the local resolver not satisfied with the first result? In contrast, if I try to resolve a external domain, it works perfectly well: localadm@sshgw:~> time host software.opensuse.org software.opensuse.org is an alias for obs-login.opensuse.org. obs-login.opensuse.org has address 195.135.223.221 obs-login.opensuse.org has IPv6 address 2a07:de40:b250:131:10:151:131:20 real 0m0,110s user 0m0,015s sys 0m0,018s localadm@sshgw:~>
On 2024-08-05 00:28, Klaus Vink Slott via openSUSE Users wrote:
On 04.08.2024 kl. 21.24 Carlos E. R. wrote:
On 2024-08-04 20:31, Klaus Vink Slott via openSUSE Users wrote:
...
But when I test using using the host command: localadm@sshgw:~> host sshgw.tier1.internal.
you could try adding "-v". Maybe that gives information about where it gets stuck: Did not know about that, thanks. With verbose added I get:
localadm@sshgw:~> host -v sshgw.tier1.internal. Trying "sshgw.tier1.internal" ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43751 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION: ;sshgw.tier1.internal. IN A
;; ANSWER SECTION: sshgw.tier1.internal. 0 IN A 192.168.80.8
Received 54 bytes from 192.168.80.4#53 in 0 ms Trying "sshgw.tier1.internal" ;; connection timed out; no servers could be reached
Huh?
Trying "sshgw.tier1.internal" ;; connection timed out; no servers could be reached
Ia am confused also by the dot after "internal".
To my knowledge a trailing . should tell the local resolver that this is the fqdn, do not try to add search domain specified /etc/resolv.conf - but in this case I get the same result anyway.
The question is, why is the local resolver not satisfied with the first result?
I don't know. Let me try with one of mine and compare. cer@Telcontar:~> host -v isengard.valinor Trying "isengard.valinor" ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53476 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;isengard.valinor. IN A ;; ANSWER SECTION: isengard.valinor. 63816 IN A 192.168.1.16 Received 50 bytes from 127.0.0.1#53 in 0 ms Trying "isengard.valinor" ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30448 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;isengard.valinor. IN AAAA Received 34 bytes from 127.0.0.1#53 in 0 ms Trying "isengard.valinor" ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35860 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;isengard.valinor. IN MX ;; AUTHORITY SECTION: valinor. 86400 IN SOA telcontar.valinor. root.Telcontar.valinor. 2023050314 28800 7200 604800 86400 Received 102 bytes from 127.0.0.1#53 in 4 ms cer@Telcontar:~> Ok, the second time it is trying AAAA and then MX. I'm a bit confused myself.
In contrast, if I try to resolve a external domain, it works perfectly well:
localadm@sshgw:~> time host software.opensuse.org software.opensuse.org is an alias for obs-login.opensuse.org. obs-login.opensuse.org has address 195.135.223.221 obs-login.opensuse.org has IPv6 address 2a07:de40:b250:131:10:151:131:20
real 0m0,110s user 0m0,015s sys 0m0,018s localadm@sshgw:~>
-- Cheers / Saludos, Carlos E. R. (from 15.5 x86_64 at Telcontar)
Den 05.08.2024 kl. 03.22 skrev Carlos E. R.:
On 2024-08-05 00:28, Klaus Vink Slott via openSUSE Users wrote:
On 04.08.2024 kl. 21.24 Carlos E. R. wrote:
On 2024-08-04 20:31, Klaus Vink Slott via openSUSE Users wrote:
...
But when I test using using the host command: localadm@sshgw:~> host sshgw.tier1.internal.
you could try adding "-v". Maybe that gives information about where it gets stuck: Did not know about that, thanks. With verbose added I get:
localadm@sshgw:~> host -v sshgw.tier1.internal. Trying "sshgw.tier1.internal" ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43751 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION: ;sshgw.tier1.internal. IN A
;; ANSWER SECTION: sshgw.tier1.internal. 0 IN A 192.168.80.8
Received 54 bytes from 192.168.80.4#53 in 0 ms Trying "sshgw.tier1.internal" ;; connection timed out; no servers could be reached
Huh? ...
The question is, why is the local resolver not satisfied with the first result?
I don't know. Let me try with one of mine and compare.
cer@Telcontar:~> host -v isengard.valinor ...
Ok, the second time it is trying AAAA and then MX.
Bingo! It is searching for a IPv6 address, and I have totally ignored all IPv6 related configuration, when configuring the resolver. Also confirmed by the test suggested by erwinl@dds.nl in another answer. Thanks for your input. This behavior really confused me. -- Klaus
On 04-08-2024 20:31, Klaus Vink Slott via openSUSE Users wrote:
Hi
I have now run into at situation with some OpenSUSE machines on a friends network. They are on a separate LAN and a pfSense manages firewalling, dhcp and dns. Except that we have had one problem after another with the build in resolver.
So I thought 🤔 how hard can it be to run your own resolver? I spun up another OpenSUSE with dnsmasq. I am new to dnsmasq but I don't think that's the problem.
Now I can perform a dig command from another machine to my new resolver and get a answer immediately:
localadm@sshgw:~> time dig @192.168.80.4 -x 192.168.80.8 +short sshgw.tier1.internal.
real 0m0,033s .. localadm@sshgw:~> time dig @192.168.80.4 sshgw.tier1.internal. +short 192.168.80.8
real 0m0,033s
No problem here, and I then went on to configure the networking on the other machines using yast and wicked in control.
localadm@sshgw:~> cat /etc/resolv.conf # blabla search tier1.internal nameserver 192.168.80.4 localadm@sshgw:~> grep host /etc/nsswitch.conf hosts: files mdns_minimal [NOTFOUND=return] dns
But when I test using using the host command:
localadm@sshgw:~> host sshgw.tier1.internal. sshgw.tier1.internal has address 192.168.80.8 ;; connection timed out; no servers could be reached
;; connection timed out; no servers could be reached
It responds immediately with the correct answer, but then hangs a while before the timeout lines...
I must have overlooked something basic, but what?
Try host -t A sshgw.tier1.internal Regards, Erwin
On 05.08.2024 kl. 00.38 erwinl@dds.nl wrote:
On 04-08-2024 20:31, Klaus Vink Slott via openSUSE Users wrote: ...
So I thought 🤔 how hard can it be to run your own resolver? I spun up another OpenSUSE with dnsmasq. I am new to dnsmasq but I don't think that's the problem.
Now I can perform a dig command from another machine to my new resolver and get a answer immediately: ...
But when I test using using the host command: ... It responds immediately with the correct answer, but then hangs a while before the timeout lines...
I must have overlooked something basic, but what?
Try
host -t A sshgw.tier1.internal
Yes! That made a big difference. It returns immediately. So it is searching for a IPv6 address for the same name. Now I just have to find a way to handle this in my dhcp/dns setup, I must admit that I have ignored everything IPv6 related in dnsmasq. -- Klaus
On 05-08-2024 17:33, Klaus Vink Slott via openSUSE Users wrote:
On 05.08.2024 kl. 00.38 erwinl@dds.nl wrote:
On 04-08-2024 20:31, Klaus Vink Slott via openSUSE Users wrote: ...
So I thought 🤔 how hard can it be to run your own resolver? I spun up another OpenSUSE with dnsmasq. I am new to dnsmasq but I don't think that's the problem.
Now I can perform a dig command from another machine to my new resolver and get a answer immediately: ...
But when I test using using the host command: ... It responds immediately with the correct answer, but then hangs a while before the timeout lines...
I must have overlooked something basic, but what?
Try
host -t A sshgw.tier1.internal
Yes! That made a big difference. It returns immediately. So it is searching for a IPv6 address for the same name.
Now I just have to find a way to handle this in my dhcp/dns setup, I must admit that I have ignored everything IPv6 related in dnsmasq.
Without the '-t' option, the host command is per default looking for A, AAAA and MX records (it is in the man page). Apparently, it cannot find a server for the AAAA and MX records.
participants (3)
-
Carlos E. R. -
erwinl@dds.nl -
Klaus Vink Slott