DNS on my system doesn't work

General questions.
Post Reply
bobbybertrand2
Posts: 33
Joined: October 3rd, 2015, 1:30 am

DNS on my system doesn't work

Post by bobbybertrand2 » October 13th, 2019, 9:05 pm

I finally got DNS working on ipFire by disabling (counter-intuitive) the "Enable DNS Update" check box as was recommended to me, however I'm noticing what I consider to be a bug. I have specified on ipFire's DHCP page DHCP Configuration, DHCP, Domain name suffix = xyz.com. I have two systems FSI1 and FSI2 both get their network info from ipFire's DHCP server.

If I don't include system FSI2's MAC in the Fixed Lease table, I can successfully issue from FSI1 a PING FSI2.XYZ.COM but if I add system FSI2's MAC to the Fixed Leases table I can no longer issue from FSI1 a PING FSI2.XYZ.COM. I'm implementing another software and it too has its own DHCP and DNS Server software. I temp disabled ipFire's DHCP server and tested their DHCP/DNS - whether I put the same MAC in their DHCP's Reserved MAC table or not - I could PING from FSI1 PING FSI2.XYZ.COM which is how it should work. Am I doing something wrong or is this a bug? DHCP should inform DNS of the FQDN and its IP Address regardless of whether the MAC is on the reserved list or not.

Thanks everyone.

gpatel-fr
Posts: 51
Joined: July 24th, 2019, 7:59 am

Re: DNS on my system doesn't work

Post by gpatel-fr » October 14th, 2019, 7:11 am

bobbybertrand2 wrote:
October 13th, 2019, 9:05 pm
I finally got DNS working on ipFire by disabling (counter-intuitive) the "Enable DNS Update" check box as was recommended to me,
I don't know who and why it was recommended to you to check 'enable DNS Update', but this unknown person did not understand how Ipfire is built. It's an aggregation of different software that may work together - or not. The DNS server is Unbound, it does *not* support RFC 2136 updates:

https://nlnetlabs.nl/projects/unbound/rfc-compliance/

So why is the DHCP configuration page including a 'dns update' check box ? That's because the DHCP software used by Ipfire, DHCPD from the Internet Society (ISC) is optimized to work well with Bind, the DNS server produced by ISC, a DNS server that *does* support RFC2136.
bobbybertrand2 wrote:
October 13th, 2019, 9:05 pm

however I'm noticing what I consider to be a bug. I have specified on ipFire's DHCP page DHCP Configuration, DHCP, Domain name suffix = xyz.com. I have two systems FSI1 and FSI2 both get their network info from ipFire's DHCP server.

If I don't include system FSI2's MAC in the Fixed Lease table, I can successfully issue from FSI1 a PING FSI2.XYZ.COM but if I add system FSI2's MAC to the Fixed Leases table I can no longer issue from FSI1 a PING FSI2.XYZ.COM. I'm implementing another software and it too has its own DHCP and DNS Server software. I temp disabled ipFire's DHCP server and tested their DHCP/DNS - whether I put the same MAC in their DHCP's Reserved MAC table or not - I could PING from FSI1 PING FSI2.XYZ.COM which is how it should work. Am I doing something wrong or is this a bug? DHCP should inform DNS of the FQDN and its IP Address regardless of whether the MAC is on the reserved list or not.

Thanks everyone.
Not sure I follow completely, but I understand you assume that DNS and DHCP servers used by Ipfire are tightly integrated. As far as I can tell, they are not, you have to report DHCP info in the DNS server by hand. For such operations to be automated, Ipfire would have to replace one of the 2 softwares or both, for example Unbound with Bind, or Unbound+dhcpd with Dnsmasq (it may well be that your other system is using Dnsmasq). It would have drawbacks, though, as Unbound has some features that are desired by Ipfire users that Dnsmasq and Bind do not currently have (and also the change would break many configurations, of course)

User avatar
Arne.F
Core Developer
Core Developer
Posts: 8516
Joined: May 7th, 2006, 8:57 am
Location: BS <-> NDH
Contact:

Re: DNS on my system doesn't work

Post by Arne.F » October 14th, 2019, 8:35 am

So why is the DHCP configuration page including a 'dns update' check box ?
Because IPFire import the DHCP leases from dhcpd to unboud. (unbound-lease-bridge) and so support RFC2136 also with unbound.
Arne

Support the project on the donation!

Image

Image

Image
PS: I will not answer support questions via email and ignore IPFire related messages on my non IPFire.org mail addresses.

gpatel-fr
Posts: 51
Joined: July 24th, 2019, 7:59 am

Re: DNS on my system doesn't work

Post by gpatel-fr » October 14th, 2019, 2:04 pm

Arne.F wrote:
October 14th, 2019, 8:35 am
Because IPFire import the DHCP leases from dhcpd to unboud. (unbound-lease-bridge) and so support RFC2136 also with unbound.
Thanks for correcting me.
As I understand it now, when the checkbox is ON, rfc2136 update is used and so the internal Ipfire DNS server is NOT updated (the installation is supposed to have an external DNS server such as Bind or Powerdns)
When the checkbox is OFF, rfc 2136 is disabled and a custom, decidedly not rfc 2136 mechanism is used to update the Ipfire internal Dns server, Unbound.

In this case the files to look at are:
- dhcp log: /var/log/dhcpd.log
- input files for the unbound-lease-bridge script:
* /var/ipfire/dhcp/fixleases : fixed leases
* /var/state/dhcp/dhcpd.leases: automatic leases created by dhcp daemon
- output file: /etc/unbound/dhcp-leases.conf
If there is a discrepancy between input and output, the script is not working correctly.

User avatar
Arne.F
Core Developer
Core Developer
Posts: 8516
Joined: May 7th, 2006, 8:57 am
Location: BS <-> NDH
Contact:

Re: DNS on my system doesn't work

Post by Arne.F » October 14th, 2019, 2:42 pm

You are correct. the rfc update is only to update an external DNS server.
Arne

Support the project on the donation!

Image

Image

Image
PS: I will not answer support questions via email and ignore IPFire related messages on my non IPFire.org mail addresses.

bobbybertrand2
Posts: 33
Joined: October 3rd, 2015, 1:30 am

Re: DNS on my system doesn't work

Post by bobbybertrand2 » October 16th, 2019, 8:52 pm

Maybe my question was worded poorly.

What I'm left not understanding is this:

DHCP is setup with - Domain name suffix = xyz.com and Primary DNS is set to ipFire's IP address.
I have two computers: aaa and bbb - both use DHCP
AAA's MAC address is defined in DHCP's Reserved MAC table. BBB's MAC address is not.
If I ping aaa.xyz.com, it fails but if I ping bbb.xyz.com it works. If I remove aaa's MAC from the table I can then ping aaa.xyz.com. Why isn't DHCP registering the computer name if its MAC is in the Reserved MAC Table?

Again sorry if my original question wasn't well worded.

gpatel-fr
Posts: 51
Joined: July 24th, 2019, 7:59 am

Re: DNS on my system doesn't work

Post by gpatel-fr » October 16th, 2019, 9:28 pm

bobbybertrand2 wrote:
October 16th, 2019, 8:52 pm

DHCP is setup with - Domain name suffix = xyz.com and Primary DNS is set to ipFire's IP address.
I have two computers: aaa and bbb - both use DHCP
AAA's MAC address is defined in DHCP's Reserved MAC table. BBB's MAC address is not.
If I ping aaa.xyz.com, it fails but if I ping bbb.xyz.com it works. If I remove aaa's MAC from the table I can then ping aaa.xyz.com. Why isn't DHCP registering the computer name if its MAC is in the Reserved MAC Table?
Yes the question is clearer now. The answer is not clearer to me, unfortunately.

is there a change in the /etc/unbound/dhcp-leases.conf file when you add and remove the MAC address ?

bobbybertrand2
Posts: 33
Joined: October 3rd, 2015, 1:30 am

Re: DNS on my system doesn't work

Post by bobbybertrand2 » October 17th, 2019, 4:31 pm

I just tried adding and deleting aaa from the Reserved Mac table and yes it causes entries in that file to be added when I remove the MAC reservation and deleted when I add MAC reservation.

gpatel-fr
Posts: 51
Joined: July 24th, 2019, 7:59 am

Re: DNS on my system doesn't work

Post by gpatel-fr » October 18th, 2019, 8:20 am

bobbybertrand2 wrote:
October 17th, 2019, 4:31 pm
I just tried adding and deleting aaa from the Reserved Mac table and yes it causes entries in that file to be added when I remove the MAC reservation and deleted when I add MAC reservation.
I can't reproduce it. When I click on add in the dynamic reservation line, another line get added to the /var/state/dhcp/dhcpd.leases file, and the /etc/unbound/dhcp-leases.conf has no line removed.

Corrections: the app doing the update is /usr/sbin/unbound-dhcp-leases-bridge, not unbound-lease-bridge. And it's logging into /var/log/messages. Except it is not logging much, actually; you have to enable logging by editing /etc/init.d/dhcp to change

loadproc /usr/sbin/unbound-dhcp-leases-bridge -d

to

loadproc /usr/sbin/unbound-dhcp-leases-bridge -d -vvv

and reload by /usr/init.d/dhcp restart

The whole process seems a bit creaky to me. First time when I added a computer to check what is happening, the /etc/unbound/dhcp-leases.conf was updated but the computer was not found in the DNS. I reloaded with unbound-control reload, and unbound crashed because it could not find /etc/unbound/unbound.conf (!). I restarted and the computer was finally found in the DNS. Possibly the Ipfire project could benefit if someone was testing all this feature and eventually file a bug or two.

Post Reply