Re: [Dnsmasq-discuss] LAN taken down by Ubuntu upgrade - can't see problem
Koos Pol on 7/2/2013 4:28 PM, wrote: Op 30-06-13 22:25, Simon Kelley schreef: On 30/06/13 16:55, Adam Hardy wrote: adam@cyberspaceroad.com on 6/29/2013 5:45 PM, wrote: adam at gondor:~$ cat /etc/hosts 127.0.0.1 localhost gondor gondor.localdomain 192.168.0.3 gondor.localdomain I installed dhcping and running this command on the server with dnsmasq on 192.168.0.3 produces the response no answer - surely I probe the DHCP service from the same machine like that? It's possible that the kernel or routing the dhcping request via the lo local interface, rather than via eth1, which is where dnsmasq is expecting to receive it. It may not be related, but OP surprised me by having a FQHN for 127.0.0.1 Although many current Linux box configure themselves that way, it is considered bad practice. Try to avoid it. Hi Koos, is that because you should only have the FQDN appear once in /etc/hosts? Or is there another reason? Regards Adam ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] LAN taken down by Ubuntu upgrade - can't see problem
adam@cyberspaceroad.com on 6/29/2013 5:45 PM, wrote: I upgraded the OS on my gateway machine which runs dnsmasq serving dhcp and dns to the lan, and now the machines on my lan can't get an ip address. With ubuntu, I run dnsmasq in a stand-alone mode, in contrast to the ubuntu 'way' where the default installation installs dnsmasq and sets it up for optimal desktop networking - which doesn't work well for a gateway machine. My lan is on eth1, my modem is on eth0. Eth1 is assigned 192.168.0.3 by /etc/network/interfaces, and this is what dnsmasq is configured to run on. I hope you can give me a hint where to look next because as far as I am aware, the only thing that changed was the ubuntu upgrade and I'm not getting any help from the forum there, and my investigations with my limited experience has run into the sand.[SNIP] OK problem solved, it was just my network hub that had on the blink and as it was buried under a mound of cables, I hadn't seen the blinking red light - strange co-incidence that it happened exactly as I did the ubuntu upgrade. Anyway, a question that arises from my investigations: I installed dhcping and running this command on the server with dnsmasq on 192.168.0.3 produces the response no answer - surely I probe the DHCP service from the same machine like that? ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
[Dnsmasq-discuss] Completely disable IPv6
Hi, dumb question coming up. I spent the last 30mins looking over the mailing list and the man page trying to work this one out and I think I've come a conclusion but I'd be grateful if someone could confirm or correct me. I have a really dumb situation with 2 apps in use on my LAN that are meant to work together but don't. These are paid-for software, and their support teams each blame each other for the error with the result that I'm stuck in stalemate without a solution. One other user of the software suggested I disable IPv6. I thought I should configure dnsmasq to give out an instruction in the DHCP leases to tell the workstations not to use IPv6. Is that possible? It doesn't look like it. Thanks Adam
[Dnsmasq-discuss] dnsmasq.leases
I'm worried I might have still got a glitch in my dnsmasq config. I have a new print server which gets its ip via dhcp from dnsmasq, and it is duly registered in dnsmasq.leases. However about 1/2 hour to an hour later, the dnsmasq.leases entry for it vanished. I can't ping it via its hostname anymore but I can ping it via its ip address that it got from dnsmasq. It sounds to me as if the print server is acting strangely but could there be something in dnsmasq that is causing this problem? Can I configure any useful dhcp-option to encourage it to act normal? Regards Adam
Re: [Dnsmasq-discuss] basic host name problem
richardvo...@gmail.com on 25/01/10 21:14, wrote: On Mon, Jan 25, 2010 at 12:20 PM, Adam Hardy adam@cyberspaceroad.com wrote: I've got a gateway server running dnsmasq for dhcp on my LAN and I've got a couple of problems with the host names of the dhcp clients. The first is a Belkin print server which picks up its ip address and passes thro its hostname MFD8FDC7. This appears in dnsmasq.leases - so I should be able to communicate with it now, right? There must be something missing from my dnsmasq config because I see now that any attempt to use the host names of dhcp clients from the gateway server fail with unknown host I'm on debian stable if that makes any difference Sounds like your gateway is not using dnsmasq for lookups. dnsmasq tells dhcp clients to use its services, but the gateway you will have to manually configure in /etc/resolv.conf to send requests to the local dnsmasq process. I mistakenly included the /etc/hosts file instead of the /etc/resolv.conf file which would have been far more informative re this problem. It looks like this: adam@isengard:~$ cat /etc/resolv.conf domain isengard.localdomain search isengard.localdomain nameserver 127.0.0.1 nameserver 194.74.65.68 Do I need to add more in there? Regards Adam
Re: [Dnsmasq-discuss] basic host name problem
richardvo...@gmail.com on 26/01/10 01:56, wrote: There must be something missing from my dnsmasq config because I see now that any attempt to use the host names of dhcp clients from the gateway server fail with unknown host I'm on debian stable if that makes any difference Sounds like your gateway is not using dnsmasq for lookups. dnsmasq tells dhcp clients to use its services, but the gateway you will have to manually configure in /etc/resolv.conf to send requests to the local dnsmasq process. I mistakenly included the /etc/hosts file instead of the /etc/resolv.conf file which would have been far more informative re this problem. It looks like this: adam@isengard:~$ cat /etc/resolv.conf domain isengard.localdomain search isengard.localdomain nameserver 127.0.0.1 nameserver 194.74.65.68 Run netstat whilst dnsmasq is stopped, to see if any other dns-capable daemon could be binding port 53 and preventing dnsmasq from receiving the queries. This is what I see: Interesting ports on localhost (127.0.0.1): Not shown: 1703 closed ports PORT STATE SERVICE 21/tcp open ftp 22/tcp open ssh 25/tcp open smtp 111/tcp open rpcbind 139/tcp open netbios-ssn 445/tcp open microsoft-ds 631/tcp open ipp 3306/tcp open mysql 3689/tcp open rendezvous 7634/tcp open hddtemp 8009/tcp open ajp13 8080/tcp open http-proxy Read data files from: /usr/share/nmap Nmap done: 1 IP address (1 host up) scanned in 0.148 seconds adam@isengard:~$ netstat -an |grep -i listen tcp0 0 0.0.0.0:11301 0.0.0.0:* LISTEN tcp0 0 127.0.0.1:6600 0.0.0.0:* LISTEN tcp0 0 0.0.0.0:36890.0.0.0:* LISTEN tcp0 0 127.0.0.1:3306 0.0.0.0:* LISTEN tcp0 0 0.0.0.0:33005 0.0.0.0:* LISTEN tcp0 0 0.0.0.0:111 0.0.0.0:* LISTEN tcp0 0 127.0.0.1:7634 0.0.0.0:* LISTEN tcp0 0 0.0.0.0:21 0.0.0.0:* LISTEN tcp0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp0 0 127.0.0.1:631 0.0.0.0:* LISTEN tcp0 0 127.0.0.1:250.0.0.0:* LISTEN tcp6 0 0 127.0.0.1:8005 :::*LISTEN tcp6 0 0 :::8009 :::*LISTEN tcp6 0 0 :::139 :::*LISTEN tcp6 0 0 :::8080 :::*LISTEN tcp6 0 0 :::22 :::*LISTEN tcp6 0 0 ::1:631 :::*LISTEN tcp6 0 0 :::445 :::*LISTEN
Re: [Dnsmasq-discuss] basic host name problem
richardvo...@gmail.com on 26/01/10 14:23, wrote: On Tue, Jan 26, 2010 at 3:19 AM, Adam Hardy adam@cyberspaceroad.com wrote: richardvo...@gmail.com on 26/01/10 01:56, wrote: There must be something missing from my dnsmasq config because I see now that any attempt to use the host names of dhcp clients from the gateway server fail with unknown host I'm on debian stable if that makes any difference Sounds like your gateway is not using dnsmasq for lookups. dnsmasq tells dhcp clients to use its services, but the gateway you will have to manually configure in /etc/resolv.conf to send requests to the local dnsmasq process. adam@isengard:~$ cat /etc/resolv.conf domain isengard.localdomain search isengard.localdomain nameserver 127.0.0.1 nameserver 194.74.65.68 Perhaps your resolv.conf is causing requests for client.isengard.localdomain while dnsmasq made an entry for client.localdomain Here's a query log: Jan 26 14:49:13 localhost dnsmasq[31068]: reading /etc/resolv.conf Jan 26 14:49:13 localhost dnsmasq[31068]: using nameserver 194.74.65.68#53 Jan 26 14:49:13 localhost dnsmasq[31068]: ignoring nameserver 127.0.0.1 - local interface Jan 26 14:49:13 localhost dnsmasq[31068]: using local addresses only for domain localdomain Jan 26 14:49:13 localhost dnsmasq[31068]: query[A] MFD8FDC7.isengard.localdomain from 127.0.0.1 Jan 26 14:49:13 localhost dnsmasq[31068]: config MFD8FDC7.isengard.localdomain is NXDOMAIN-IPv4 So it's exactly what you predicted - but I've read thro the whole config and can't see what I need to change. Here's my dnsmasq.conf again: domain-needed bogus-priv filterwin2k server=/localdomain/127.0.0.1 local=/localdomain/ expand-hosts domain=localdomain dhcp-range=192.168.0.3,192.168.0.254 dhcp-option=option:router,192.168.0.2 dhcp-option=option:mtu,1500 I think that resolv.conf is wrong - should domain=localdomain and not isengard.localdomain? resolv.conf is being constantly rewritten by dhclient3 which is doing obtaining an ip address via dhcp for the external NIC. I can see now that I had supersede domain-name isengard.localdomain in the dhclient3.conf - doh! So that was it. Thanks for your help, regards Adam
[Dnsmasq-discuss] basic host name problem
Hi, I've got a gateway server running dnsmasq for dhcp on my LAN and I've got a couple of problems with the host names of the dhcp clients. The first is a Belkin print server which picks up its ip address and passes thro its hostname MFD8FDC7. This appears in dnsmasq.leases - so I should be able to communicate with it now, right? There must be something missing from my dnsmasq config because I see now that any attempt to use the host names of dhcp clients from the gateway server fail with unknown host I'm on debian stable if that makes any difference. I've got 127.0.0.1 in my /etc/hosts 127.0.0.1 localhost isengard.localdomain isengard 192.168.0.2 isengard.localdomain # The following lines are desirable for IPv6 capable hosts ::1 localhost ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters ff02::3 ip6-allhosts along with all that ipv6 stuff, which someone somewhere recommended at some point but I don't recall the details now (should I ditch it?) Plus this is the settings in dnsmasq.conf: adam@isengard:~$ decomment.sh /etc/dnsmasq.conf domain-needed bogus-priv filterwin2k server=/localdomain/127.0.0.1 local=/localdomain/ expand-hosts domain=localdomain dhcp-range=192.168.0.3,192.168.0.254 dhcp-option=option:router,192.168.0.2 dhcp-option=option:mtu,1500 Any inspiration gratefully received.
Re: [Dnsmasq-discuss] dnsmasq / dns server / iptables config glitch?
Brad Morgan b-morgan@... writes: I have a very similar configuration. I think you are close but you may to tweak your DHCP client. [snip] Take a look at man dhclient.conf to see what might make sense for your configuration. I think prepend domain-name-servers 127.0.0.1 may be you need. My /etc/dhclient-eth0.conf: supersede domain-name morgan.local; supersede domain-name-servers 127.0.0.1,208.67.222.222,208.67.220.220; #OpenDNS send host-name bricknix; # temporary RHL ifup addition Actually I didn't realise how important those supersede commands were, but without them, the clients on my network won't resolve the actual dnsmasq machine. The windows machine kept resolving the hostname isengard (name of the dnsm machine) to 127.0.0.1! Pretty confusing, and nslookup on the windows machi said something about non-existent domains and PTR records. Anyway, all ship shape now. Ta Adam
Re: [Dnsmasq-discuss] dnsmasq / dns server / iptables config glitch?
OK I merged the hosts 127.0.1.1 names onto 127.0.0.1 with no ill effects so far, and with bind-address set to 0.0.0.0 I can see it listening to 0.0.0.0 also no ill effects. I just have to make sure now that I've got it covered from the outside world in iptables. Thanks v. much for the help Adam Mark Beierl on 24/11/09 20:37, wrote: Not a problem... just trying to help too :) The 127.0.1.1 is a common thing these days, but I don't know why. Yes you can merge them into one 127.0.0.1 line. Rance Hall seemed to have hit the config entry on the head: bind-address 0.0.0.0 instead of isengard. Due to isengard resolving to localhost/127.0.0.1 (or 127.0.1.1 as the case may be), it is still the same as telling mysql to listen only to localhost, so that change made no real difference. You must tell mysql explicitly to listen to all addresses (0.0.0.0) with the bind-addresses listed above. Regards, Mark Adam Hardy wrote: I'm sorry, I must be quite annoying, giving stupid answers to the most basic networking questions. I checked in /etc/hosts: 127.0.0.1localhost 127.0.1.1isengard.localdomainisengard I didn't edit /etc/hosts myself so I'm not sure why 127.0.1.1 is in there. My lo interface according to ifconfig is 127.0.0.1 Before my previous email, I had also edited my mysql config via the my.cnf file to make the bind-address=isengard. I guess that explains the netstat output. But I have no idea why 127.0.1.1 is there as well as 127.0.0.1 - what installation programs would have written that, other than the debian system install? If it was just from the system installation, can I get rid of 127.0.1.1 and use all on one line: 127.0.0.1 localhost isengard.localdomain isengard I also don't know whether to put some extra lines in my dnsmasq.conf and dhclient.conf, for instance in dnsmasq.conf the example server=/localnet/192.168.0.1 looks useful, judging from the other stuff I just dealt with, although I'm not sure what purpose it serves. The external NIC using dhclient.conf to get its IP address from the modem seems to be rewriting /etc/resolv.conf. Does dnsmasq deal with this on its own or is there a setting I should be using? My dhclient.conf seems OK: option rfc3442-classless-static-routes code 121 = array of unsigned integer 8; request subnet-mask, broadcast-address, time-offset, routers, domain-name, domain-name-servers, domain-search, host-name, netbios-name-servers, netbios-scope, interface-mtu, rfc3442-classless-static-routes; Regards Adam Mark Beierl on 24/11/09 14:28, wrote: The TIME_WAIT is not an active socket, it's the remnant of a previous connection. I have no idea at all why mysqld has moved to 127.0.1.1. Is the bind address config line set to the host name and is the host name entry in /etc/hosts 127.0.1.1? Unfortunately, I know very little about mysql, so I can't point you in the right direction for configuration... Regards, Mark Adam Hardy wrote: You're right. The result from netstat was: tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 2557/mysqld after changing the bindaddress config in the mysql config as per the docs to free up networking, it then gives this result: adam@isengard:~$ sudo netstat -napt | grep 3306 tcp 0 0 127.0.1.1:33060.0.0.0:* LISTEN 16473/mysqld tcp 0 0 127.0.1.1:53067 127.0.1.1:3306 TIME_WAIT - which looks weird. But then it's probably just because I don't have much experience in this area. Why has it switched over to 127.0.1.1 ? Thanks Adam Mark Beierl on 23/11/09 19:00, wrote: Silly thought but - is mysql configured to listen to 127.0.0.1 only? Something like sudo netstat -napt | grep 3306 ought to show if mysql is listening on 127.0.0.1:3306 or 0.0.0.0:3306. Regards, Mark Adam Hardy wrote: Thought I had a simple problem but I don't really find anything relevant on the web and I'm not getting any responses to my questions here. Just a pointer in the right direction would be helpful - something to put me back on the scent? Thanks Adam Adam Hardy on 20/11/09 20:38, wrote: I have a lan with a gateway machine running an ADSL modem and two NICs with iptables and dnsmasq. It also runs mysql and tomcat but is currently just a simple gateway, I'm not trying to configure any DMZ or fancier stuff like that. My problem is that I can access mysql using 'localhost:3306' but I can't access it on the same box when using the machine name e.g. 'isengard:3306' and my guess is that I have mis-configured either dnsmasq or iptables. I figure that my command mysql --host=isengard is probably being resolved as external and then getting blocked by the firewall. My dnsmasq config file, based on the example config but with comments removed, is: domain-needed bogus-priv filterwin2k local=/localdomain/ domain=localdomain dhcp-range=192.168.0.3,192.168.0.254 dhcp-option=option:router,192.168.0.2 dhcp
Re: [Dnsmasq-discuss] dnsmasq / dns server / iptables config glitch?
You're right. The result from netstat was: tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 2557/mysqld after changing the bindaddress config in the mysql config as per the docs to free up networking, it then gives this result: adam@isengard:~$ sudo netstat -napt | grep 3306 tcp 0 0 127.0.1.1:33060.0.0.0:* LISTEN 16473/mysqld tcp 0 0 127.0.1.1:53067 127.0.1.1:3306 TIME_WAIT - which looks weird. But then it's probably just because I don't have much experience in this area. Why has it switched over to 127.0.1.1 ? Thanks Adam Mark Beierl on 23/11/09 19:00, wrote: Silly thought but - is mysql configured to listen to 127.0.0.1 only? Something like sudo netstat -napt | grep 3306 ought to show if mysql is listening on 127.0.0.1:3306 or 0.0.0.0:3306. Regards, Mark Adam Hardy wrote: Thought I had a simple problem but I don't really find anything relevant on the web and I'm not getting any responses to my questions here. Just a pointer in the right direction would be helpful - something to put me back on the scent? Thanks Adam Adam Hardy on 20/11/09 20:38, wrote: I have a lan with a gateway machine running an ADSL modem and two NICs with iptables and dnsmasq. It also runs mysql and tomcat but is currently just a simple gateway, I'm not trying to configure any DMZ or fancier stuff like that. My problem is that I can access mysql using 'localhost:3306' but I can't access it on the same box when using the machine name e.g. 'isengard:3306' and my guess is that I have mis-configured either dnsmasq or iptables. I figure that my command mysql --host=isengard is probably being resolved as external and then getting blocked by the firewall. My dnsmasq config file, based on the example config but with comments removed, is: domain-needed bogus-priv filterwin2k local=/localdomain/ domain=localdomain dhcp-range=192.168.0.3,192.168.0.254 dhcp-option=option:router,192.168.0.2 dhcp-option=option:mtu,1500 and my resolv.conf file is: nameserver 194.74.65.68 and I think this is getting continually rewritten by dhcp with the nameserver info from the dhcp server on the modem which gives the outside NIC its internet ip address. Does this make any sense? Or rather does anyone see where my situation is foobarred? ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] dnsmasq / dns server / iptables config glitch?
Thought I had a simple problem but I don't really find anything relevant on the web and I'm not getting any responses to my questions here. Just a pointer in the right direction would be helpful - something to put me back on the scent? Thanks Adam Adam Hardy on 20/11/09 20:38, wrote: I have a lan with a gateway machine running an ADSL modem and two NICs with iptables and dnsmasq. It also runs mysql and tomcat but is currently just a simple gateway, I'm not trying to configure any DMZ or fancier stuff like that. My problem is that I can access mysql using 'localhost:3306' but I can't access it on the same box when using the machine name e.g. 'isengard:3306' and my guess is that I have mis-configured either dnsmasq or iptables. I figure that my command mysql --host=isengard is probably being resolved as external and then getting blocked by the firewall. My dnsmasq config file, based on the example config but with comments removed, is: domain-needed bogus-priv filterwin2k local=/localdomain/ domain=localdomain dhcp-range=192.168.0.3,192.168.0.254 dhcp-option=option:router,192.168.0.2 dhcp-option=option:mtu,1500 and my resolv.conf file is: nameserver 194.74.65.68 and I think this is getting continually rewritten by dhcp with the nameserver info from the dhcp server on the modem which gives the outside NIC its internet ip address. Does this make any sense? Or rather does anyone see where my situation is foobarred?
[Dnsmasq-discuss] dnsmasq / dns server / iptables config glitch?
Hi I have a problem which is not giving up its solution to any of my google searches. I have a lan with a gateway machine running an ADSL modem and two NICs with iptables and dnsmasq. It also runs mysql and tomcat but is currently just a simple gateway, I'm not trying to configure any DMZ or fancier stuff like that. My problem is that I can access mysql using 'localhost:3306' but I can't access it on the same box when using the machine name e.g. 'isengard:3306' and my guess is that I have mis-configured either dnsmasq or iptables. I figure that my command mysql --host=isengard is probably being resolved as external and then getting blocked by the firewall. My dnsmasq config file, based on the example config but with comments removed, is: domain-needed bogus-priv filterwin2k local=/localdomain/ domain=localdomain dhcp-range=192.168.0.3,192.168.0.254 dhcp-option=option:router,192.168.0.2 dhcp-option=option:mtu,1500 and my resolv.conf file is: nameserver 194.74.65.68 and I think this is getting continually rewritten by dhcp with the nameserver info from the dhcp server on the modem which gives the outside NIC its internet ip address. Does this make any sense? Or rather does anyone see where my situation is foobarred? Thanks Adam
Re: [Dnsmasq-discuss] DHCP, dhclient logs errors
Simon Kelley on 18/03/09 11:33, wrote:
Adam Hardy wrote:
after running smoothly for months, my network went snafu today and in
the process of putting it back to normal, I found errors logged into
/var/log/messages from dhclient on my main workstation.
I didn't get this issue before IIRC
It makes me wonder if I have installed something from debian which is
causing the problem ('Unable to add forward map...')
I get precious little from my google and mailing list searches. Is
this a problem due to packages like mDNS or Avahi-daemon [1] - or
could it be my iptables rules which have thrown a spanner in the
works? (which I also changed since my dnsmasq install).
Mar 17 16:32:37 localhost dhclient: DHCPREQUEST on eth0 to 192.168.0.2
port 67
Mar 17 16:32:37 localhost dhclient: DHCPACK from 192.168.0.2
Mar 17 16:32:37 localhost dhclient: bound to 192.168.0.235 -- renewal
in 1631 seconds.
Mar 17 16:32:38 localhost dhclient: Unable to add forward map from
gondor.localdomain. to 192.168.0.235: destination address required
Mar 17 16:59:48 localhost dhclient: DHCPREQUEST on eth0 to 192.168.0.2
port 67
Mar 17 16:59:48 localhost dhclient: DHCPACK from 192.168.0.2
Mar 17 16:59:48 localhost dhclient: bound to 192.168.0.235 -- renewal
in 1226 seconds.
Mar 17 16:59:49 localhost dhclient: Unable to add forward map from
gondor.localdomain. to 192.168.0.235: destination address required
[1] suspicious:
Mar 17 16:05:33 localhost avahi-daemon[2292]: New relevant interface
eth0.IPv4 for mDNS.
Mar 17 16:05:33 localhost avahi-daemon[2292]: Joining mDNS multicast
group on interface eth0.IPv4 with address 192.168.0.235.Mar 17
16:05:33 localhost avahi-daemon[2292]: Registering new address record
for 192.168.0.235 on eth0.
M
It looks like dhclient is trying to update it's DNS records in a DNS
server using the dynamic-dns protocol. I doubt that this is anything to
do with avahi. More likely a change in dhclient configuration.
Do you have something like do-forward-updates true; in dhclient.conf?
If you are using dnsmasq, you don't need to use DDNS updates: the
dnsmasq DNS server doesn't support them, but it doesn't need them
because DNS records are inserted automatically from DHCP addresses.
Hi Simon,
thanks for the reply. So you're saying it's harmless then? I have this paranoia
that my broadband speed is being cut by the way I've configured my network, due
to BT giving me so much FUD.
Anyway my main aim is to make sure it's all working fine before I upgrade Debian
from Etch to Lenny.
I wasn't aware that I had configured anything to do DDNS updates. This is all I
have in dhclient.conf:
send dhcp-lease-time 3600;
request subnet-mask, broadcast-address, time-offset, routers,
domain-name, domain-name-servers, host-name,
netbios-name-servers, netbios-scope, interface-mtu;
send fqdn.fqdn gondor.localdomain.;
send fqdn.encoded on;
send fqdn.server-update off;
Perhaps it is on by default and I need to turn it off? There are also a couple
of scripts in the dhclient-enter-hooks.d for samba, ntpdate, ntp and debug,
although from their content, they don't look relevant.
Most of the stuff out there I see when searching on DDNS dhclient update is
for freeBSD with little for Linux.
As an appendix, here's my dhcpd.conf from the server (is this redundant with
dnsmasq?) running dnsmasq:
ddns-update-style none;
option domain-name domain01;
option domain-name-servers 194.74.65.69, 217.35.209.180;
default-lease-time 600;
max-lease-time 7200;
authoritative;
log-facility local7;
subnet 192.168.0.0 netmask 255.255.255.0 {
range 192.168.0.3 192.168.0.254;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.0.255;
option routers 192.168.0.2;
}
and the dnsmasq.conf:
domain-needed
bogus-priv
filterwin2k
local=/localdomain/
domain=localdomain
dhcp-range=192.168.0.3,192.168.0.254
dhcp-option=26,1500
log-queries
[Dnsmasq-discuss] DHCP, dhclient logs errors
Hello List,
after running smoothly for months, my network went snafu today and in the
process of putting it back to normal, I found errors logged into
/var/log/messages from dhclient on my main workstation.
I didn't get this issue before IIRC
It makes me wonder if I have installed something from debian which is causing
the problem ('Unable to add forward map...')
I get precious little from my google and mailing list searches. Is this a
problem due to packages like mDNS or Avahi-daemon [1] - or could it be my
iptables rules which have thrown a spanner in the works? (which I also changed
since my dnsmasq install).
Mar 17 16:32:37 localhost dhclient: DHCPREQUEST on eth0 to 192.168.0.2 port 67
Mar 17 16:32:37 localhost dhclient: DHCPACK from 192.168.0.2
Mar 17 16:32:37 localhost dhclient: bound to 192.168.0.235 -- renewal in 1631
seconds.
Mar 17 16:32:38 localhost dhclient: Unable to add forward map from
gondor.localdomain. to 192.168.0.235: destination address required
Mar 17 16:59:48 localhost dhclient: DHCPREQUEST on eth0 to 192.168.0.2 port 67
Mar 17 16:59:48 localhost dhclient: DHCPACK from 192.168.0.2
Mar 17 16:59:48 localhost dhclient: bound to 192.168.0.235 -- renewal in 1226
seconds.
Mar 17 16:59:49 localhost dhclient: Unable to add forward map from
gondor.localdomain. to 192.168.0.235: destination address required
regards
Adam
[1] suspicious:
Mar 17 16:05:33 localhost avahi-daemon[2292]: New relevant interface eth0.IPv4
for mDNS.
Mar 17 16:05:33 localhost avahi-daemon[2292]: Joining mDNS multicast group on
interface eth0.IPv4 with address 192.168.0.235.Mar 17 16:05:33 localhost
avahi-daemon[2292]: Registering new address record for 192.168.0.235 on eth0.
M
[Dnsmasq-discuss] samba and workgroups with dhcp
Just been wading through the docs and the mailing lists at samba.org trying to find out how I should configure my samba file server but I still haven't been able to work out the relationship of the samba server to the rest of my network. I'm running a SOHO with linux, OS X and windows clients which need to connect to the samba server to be able to run backups. I think it's causing conflict with the main gateway / DHCP server (which runs dnsmasq). Samba has these 4 settings which are causing me complete confusion: workgroup = SAMBA_WORK_GROUP domain master = yes local master = yes preferred master = yes By all accounts this appears to be the way to allow the clients to browse the samba server, but I get problems with connections dropping, authentications failing and sometimes the server not even showing up. Am I right that the workgroup name should be totally different from the domain name I set for the DHCP clients in dnsmasq? (localdomain) Thanks Adam
Re: [Dnsmasq-discuss] using DHCP to set clients' MTU
Jan 'RedBully' Seiffert on 12/09/08 12:53, wrote: Adam Hardy wrote: Jan 'RedBully' Seiffert on 11/09/08 21:17, wrote: [snip] Hmmm, a mtu of 1430 looks a bit strange, but propably depends on your link. Some kind of VPN or PPPoA on your side? Or are you saying paypal has some kind of Tunnel/Route/Whatever which limits THEIR mtu? [SNIP] Oh, initially i wasn't even talking about you, but problems on the remote end where you have no control how they configure their stuff. Then you are forced to employ ugly workarounds on your side. If you check your firewall rules, make sure there is a path for icmp-fragmentation-needed packets. (iptables right table -p icmp --icmp-type fragmentation-needed -j ACCEPT) OK, I'll go with that, but I'm trying to work out logically if I have blocked it. What state are the ICMP fragmentation-needed packets returned? Surely they are RELATED or ESTABLISHED? In that case, I am not blocking them. I only block INVALID and NEW for most ports. [SNIP] I read a little on BT, seems they use PPPoA, and this is terminated on the modem... Hmmm, ATM equipment for PCs is rare, so your router has normal ethernet to the modem and sees an mtu of 1500, while the true mtu is hidden in the modem. And i thought one of the benefits of pppoa was, that the mtu is kept at 1500. Any chance your new hosting service has a funny uplink? (should not, a big site should have a real connection and not a dsl line...) /me is tottaly confused Gnarf, seems this is even a bigger PITA than PPPoE ... Searching for the right mtu turned up a lot of values, does someone know the true mtu of a BT PPPoA link? (note: first and foremost you better find the real mtu of the link, to get a grip on the problem, then one can think about adjusting/tuning it to better match the ATM-part of the connection) The modem faced interface of your router needs the MTU set to the true value. This way your router should not send packets to big (or fragment them), your clients should get an fragmentation-needed when they try to. Using http://www.dslreports.com/tweaks I see that my network is unpingable under the 'ICMP (ping) check' result. That looks bad in view of the above. But it also tells me: Max packet sent (MTU): 1488 Max packet recd (MTU): 1418 Retransmitted packets: 4 sacks you sent: 2 so I guess that 1488 is what I should set my ADSL modem to? [SNIP] Since you are talking about SMTP, so you had problems sending large packets? Then the problem can be on your side, according to my crystal ball ^^. But can be also on the remote side... It's important which packet choked, your outgoing packet or the incoming packet not coming through to you. Are you sure this is a true modem and not also a little router, do you have a non-private ip-address on your router? Maybe its also twiddling some values... Maybe you should go back to sqare one, set everything back to 1500 and then use tcpdump to see where your packets vanish, or how big they are with other known to work sites. Maybe later if there's no joy with the latest stuff I've learnt about something with 145[0-9] from what i read. Or is BT adding another encapsulation like L2TP? I searched the most useful UK broadband users forum for L2TP and only saw references to it in connection with resellers or wholesale. It doesn't look like something that BT are using on my ( other retail customers') connection. Regards Adam
Re: [Dnsmasq-discuss] using DHCP to set clients' MTU
Steven Jan Springl on 11/09/08 15:20, wrote: On Thursday 11 September 2008 14:08, Adam Hardy wrote: Hi, searched the archives and the net and was surprised not to see any hits for MTU except its generic appearance in log statements. I had to change my MTU on my workstations to1430 to get SMTP and some websites to work (e.g. paypal). Can I tell dnsmasq to send the MTU setting with the DHCP information? My attempts to hack it into the config haven't worked. Thanks Adam Adam I use the following statement to set the mtu size to 1492 for clients connected to eth0: dhcp-option=eth0,26,1492 Steve, thanks for the info! For anyone else looking at this in future, there's a good doc here: http://www.faqs.org/rfcs/rfc2132.html All the best Adam
Re: [Dnsmasq-discuss] IPv6 issue
Jima on 10/06/08 14:31, wrote: On Fri, 6 Jun 2008, Adam Hardy wrote: My machine's IPv6 config seems to be up the creek. ... adam@isengard:~$ sudo ping6 ::1 Password: PING ::1(::1) 56 data bytes ping: sendmsg: Operation not permitted ping: sendmsg: Operation not permitted ping: sendmsg: Operation not permitted ping: sendmsg: Operation not permitted Uhhh. That doesn't look remotely DNS-related. To be absolutely sure, though, try using the -n flag, which disables (reverse) DNS lookups. # ping6 -n ::1 That looks like firewalling is preventing the packets from being sent, to be honest. I'd be looking more at something like: # ip6tables -L -n Which is totally outside the scope of this mailing list, but I try to be helpful...oh, here: # ping6 -n ::1 PING ::1(::1) 56 data bytes 64 bytes from ::1: icmp_seq=1 ttl=64 time=0.043 ms ^C # ip6tables -A OUTPUT -j REJECT # ping6 -n ::1 PING ::1(::1) 56 data bytes ping: sendmsg: Operation not permitted ^C That's my theory. Good theory - I hadn't realised that there is ip6tables. IPv6 is a big blind spot for me - in all my playing around with iptables and searching for a solution, I never once registered that I need ip6tables - although I see it now under the iptables man page SEE ALSO. And I see my machine has all chains set to DROP, so you're right. Thanks alot. Regards Adam
Re: [Dnsmasq-discuss] [Fwd: Re: Long freeze during tomcat start]
Adam Hardy on 23/05/08 14:23, wrote: I'm trying to figure out a time-out issue with the Apache Tomcat web server, and I have dug quite deeply into the issue with the help of the tomcat user mailing list. Apparently my machine's configuration for IPv6 may be causing a connection time-out and failure during tomcat's start-up routine. The machine is a gateway between the internet and my LAN, running dnsmasq as a DHCP and DNS server. To add some more info, IPv6 ping6 doesn't work. This is on Debian Etch linux 2.6.20 - can anyone tell me what controls the config for IPv6 here? adam@isengard:~$ sudo ping6 ::1 Password: PING ::1(::1) 56 data bytes ping: sendmsg: Operation not permitted ping: sendmsg: Operation not permitted ping: sendmsg: Operation not permitted ping: sendmsg: Operation not permitted I also found this while searching: http://storybridge.org/wordpress/2007/06/20/dnsmasq-does-not-like-ipv6/ which sounds useful but I'm not sure why it would work or where it should go.
Re: [Dnsmasq-discuss] [Fwd: Re: Long freeze during tomcat start]
Gilles Espinasse on 23/05/08 15:26, wrote: Selon Adam Hardy adam@cyberspaceroad.com: I'm trying to figure out a time-out issue with the Apache Tomcat web server, and I have dug quite deeply into the issue with the help of the tomcat user mailing list. ... I don't have any plans to set up my LAN as an IPv6 network, and I can't find any tomcat configuration options to tell it not to use IPv6 - have you got any tips that I could follow to sort this one out? Thanks Adam You could disable IPv6 on various distrib using receipts based on not loading ipv6 module (google will show some answer, I was not able to retrieve the page with the various receipt) With ipv6 disabled, tomcat should not try to use it ;-) Hi, thanks for the response. Before I take the route of disabling IPv6, ideally I would rather try to configure IPv6 properly (assuming this is the issue). As I said in the original email (not in the copied email above) tomcat only demonstrates this problem on the one machine with the gateway and dnsmasq running. The workstation on the LAN doesn't suffer this issue. I figure it is something to do with the way I configured it. Regards Adam
[Dnsmasq-discuss] [Fwd: Re: Long freeze during tomcat start]
I'm trying to figure out a time-out issue with the Apache Tomcat web server, and
I have dug quite deeply into the issue with the help of the tomcat user mailing
list.
Apparently my machine's configuration for IPv6 may be causing a connection
time-out and failure during tomcat's start-up routine. The machine is a gateway
between the internet and my LAN, running dnsmasq as a DHCP and DNS server.
Tomcat displays a freeze or hang at start-up which I have tracked down to an
IPv6 system call that times out, as shown by this line from a tomcat strace log:
connect(11, {sa_family=AF_INET6, sin6_port=htons(48669),
inet_pton(AF_INET6, ::1, sin6_addr), sin6_flowinfo=0, sin6_scope_id=0},
28) = -1 ETIMEDOUT (Connection timed out)
Tomcat runs fine on a workstation on my LAN. This is my ifconfig -a output from
the two machines:
Good machine:
eth0 Link encap:Ethernet HWaddr 00:10:DC:79:FF:8F
inet addr:192.168.0.234 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::210:dcff:fe79:ff8f/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:606692 errors:0 dropped:0 overruns:0 frame:0
TX packets:598681 errors:0 dropped:0 overruns:0 carrier:0
collisions:65 txqueuelen:1000
RX bytes:145074456 (138.3 MiB) TX bytes:44751878 (42.6 MiB)
loLink encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:59645 errors:0 dropped:0 overruns:0 frame:0
TX packets:59645 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:5125125 (4.8 MiB) TX bytes:5125125 (4.8 MiB)
Gateway machine (eth1 is LAN, eth2 is internet):
eth1 Link encap:Ethernet HWaddr 00:18:F3:98:F4:EC
inet addr:192.168.0.2 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::218:f3ff:fe98:f4ec/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:134101 errors:0 dropped:0 overruns:0 frame:0
TX packets:138909 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:12595060 (12.0 MiB) TX bytes:53461584 (50.9 MiB)
Base address:0xbc00 Memory:fe8e-fe90
eth2 Link encap:Ethernet HWaddr 00:08:54:0A:B1:E7
inet addr:86.138.125.132 Bcast:86.138.125.132 Mask:255.255.255.255
inet6 addr: fe80::208:54ff:fe0a:b1e7/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:56889 errors:0 dropped:0 overruns:0 frame:0
TX packets:50695 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:42379708 (40.4 MiB) TX bytes:6543279 (6.2 MiB)
Interrupt:58 Base address:0xd800
loLink encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:3894 errors:0 dropped:0 overruns:0 frame:0
TX packets:3894 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:236606 (231.0 KiB) TX bytes:236606 (231.0 KiB)
I don't have any plans to set up my LAN as an IPv6 network, and I can't find any
tomcat configuration options to tell it not to use IPv6 - have you got any tips
that I could follow to sort this one out?
Thanks
Adam
Re: [Dnsmasq-discuss] iptables configuration drops packets
/dev/rob0 on 17/05/08 20:28, wrote: On Sat May 17 2008 11:18:38 Adam Hardy wrote: Assuming that the --log-prefix is correct and that your iptables machine's IP address is 192.168.0.2, do tell, WHY are you blocking OUTPUT? What is your threat model? Basically I have 3 housemates who I allow on the wireless LAN with their laptops, and of course they all run windows, so I just want to make sure. I'd rather not run the risk of someone leaving their PC on with a spam cannon trojan running. I've forbidden Outlook and MSIE, so perhaps I'm being too keen, but I figured I'd log what OUTPUT drops and figure out where it's coming from and whether it's kosher or not, and adapt when necessary. In that case, as best as I can tell, you are not understanding what OUTPUT is. Built-in chains in the filter table: INPUT :Packets destined to the iptables machine OUTPUT :Packets originated from the iptables machine FORWARD:All other (neither source nor dest. is local) Any given packet hits exactly one chain, with the exception of the loopback interface, which first hits OUTPUT and then INPUT. Note also that the PREROUTING and OUTPUT chains in the nat table can change the filter chain any given packet would hit. Your housemates would be sending FORWARD traffic, coming in the LAN interface, going out the Internet/external one. Here's a good netfilter help site: http://danieldegraaf.afraid.org/info/iptables/examples Unfortunately seems to be down now, but it's in the Google cache. (Dynamic IP, I think it will be back later.) Ah, sorry. I'm being stupid. I claim sleep deprivation as an excuse. That site is back up now. I shall check it out. I'm logging both the OUTPUT and the FORWARD dropped packets. Maybe I am being unnecessarily restrictive re the OUTPUT. But even then I'd feel safer. When I logged the dropped packets arriving on the gateway's INPUT from the internet, it's phenomenal the amount of stuff coming in. Thanks Adam
Re: [Dnsmasq-discuss] iptables configuration drops packets
/dev/rob0 on 17/05/08 00:36, wrote: On Fri May 16 2008 13:30:01 Adam Hardy wrote: I set up iptables myself today after using an obtusely written script for some time. I don't think this one is much better. :( Start simpler. A good starting point is Rusty's Packet Filtering HOWTO, Really Quick Guide: http://netfilter.org/documentation/HOWTO/packet-filtering-HOWTO-5.html I can appreciate minimalism, thanks. I'll definitely peruse that. My script is based on the obtuse script I had earlier (generated by fwbuilder) but rationalised by myself - we're talking rationalised as far as my understanding of iptables goes, rather than what I desire for the end result. I'm pretty close though I think. I am trying to work out whether everything is in order and I am seeing logs from iptables saying that it is dropping packets from the Routine logging is an easy way to DoS yourself. When you have it all working, stop the -j LOG rules. machine every 12 minutes, which doesn't make sense - here's a line from the log: May 16 19:21:10 isengard kernel: dropped from OUTPUT IN= OUT=eth1 SRC=192.168.0.2 DST=192.168.0.255 LEN=237 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=138 DPT=138 LEN=217 Assuming that the --log-prefix is correct and that your iptables machine's IP address is 192.168.0.2, do tell, WHY are you blocking OUTPUT? What is your threat model? Basically I have 3 housemates who I allow on the wireless LAN with their laptops, and of course they all run windows, so I just want to make sure. I'd rather not run the risk of someone leaving their PC on with a spam cannon trojan running. I've forbidden Outlook and MSIE, so perhaps I'm being too keen, but I figured I'd log what OUTPUT drops and figure out where it's coming from and whether it's kosher or not, and adapt when necessary. And I've seen the buffering config that can prevent log flooding, so I should be OK vis a vis DoS. I'm trying to find out what the broadcast address is for and I'm pretty much in the dark despite looking around the mailing list and google. This is the old Netbios protocol, kludged up by Microsoft in the 1990's, to enable peer-to-peer file sharing on IP networks without proper DNS services. I think you can turn it off in Samba's nmbd(8). But your best bet is to just stop blocking OUTPUT. You most likely also do not want much if any filtering on your LAN interface. You should only filter INPUT and FORWARD traffic on your external interface. If you really have a threat inside your RFC 1918 netblocks, I would suggest a physical approach: pull the plug on it. Point taken - if I takes me too long to figure out the rule I need, I may just go that way. Thanks Adam
Re: [Dnsmasq-discuss] setting up dynamic DNS?
Simon Kelley on 09/09/07 16:02, wrote: Adam Hardy wrote: Hi DNSmasq List I have a small network with a slightly different setup for the internet broadband from usual. I'm having problems working out how to set up a DHCP service with dnsmasq to provide workstations with permanent host names. Instead of the usual router providing DHCP and DNS services, I just have a simple DSL modem attached to eth2 on my gateway server (isengard). Using dhclient3, isengard grabs itself a public ip for eth2 via DHCP on the modem. isengard also runs dnsmasq on eth1 for the internal network, and I run iptables as my firewall to protect it. I gave eth1 the IP 192.168.0.2 I have 2 more linux boxes, a windows machine and a mac, and the potential for other random laptops to come and go. What I want to do is set it up so that I can refer to boxes by their hostname at least in linux wherever I am on the network, since I do alot of ftp'ing and ssh'ing and I want to set up a samba share for backups and cups for printing. I've reached the point where dnsmasq tells every client to use 192.168.0.2 as the nameserver. These clients run dhclient3 (and windows and the mac are happy too) But this naive approach obviously doesn't cut the mustard. Can I instruct dnsmasq to be nameserver of all my hosts for each other? Thanks and regards Adam Hardy PS this is the hosts and resolv.conf from one client: adam@gondor:~$ cat /etc/hosts 127.0.0.1 localhost gondor.localdomain.net gondor adam@gondor:~$ cat /etc/resolv.conf search localdomain.net nameserver 192.168.0.2 and /etc/dhcp3/dhclient.conf: send dhcp-lease-time 3600; supersede domain-name localdomain.net; request subnet-mask, broadcast-address, time-offset, routers, domain-name, domain-name-servers, host-name, netbios-name-servers, netbios-scope, interface-mtu; send fqdn.fqdn gondor.localdomain.net; send fqdn.encoded on; send fqdn.server-update off; isengard /etc/dnsmasq.conf: domain-needed bogus-priv filterwin2k dhcp-range=192.168.0.3,192.168.0.254,12h All your hosts are using dnsmasq as their nameserver, so once it knows the hostnames associated with particular DHCP leases, everything will just work. Broadly, there's two ways to do this. The first is to add names to the dnsmasq configuration, associating MAC addresses with names using dhcp-host configuration directives or in /etc/ethers. The second, and more common, is for the host to know its hostname, and send it to the DHCP server when it requests a lease: Windows (and, I'm fairly certain, Macs) do this always. dhclient3 needs to be told to do it with something like send host-name myname in /etc/dhcp3/dhclient.conf. Some distros are clever and configure this automatically: most (still) don't. Sigh. STOP PRESS. Looking again, I see you're ahead of me, and sending the fqdn instead of the hostname. That should be fine, but you need to tell dnsmasq that localdomain.net is a valid network for it to accept for local hosts. Adding domain=localdomain.net to /etc/dnsmasq.conf will do the trick. Thanks for the responses, I've just tried again, but didn't succeed. I get 'name or service unknown' response from ssh, ping etc. I put in the send host-name option, as well as explicitly defining the defaults for dhcp-option 1, 3 and 6. Presumably if dnsmasq is meant to resolve/name-serve my clients, it will put their hostnames in isengard's /etc/resolv.conf? I am probably totally wide of the mark here, but isn't dhclient3 constantly rewriting /etc/resolv.conf on isengard (gateway / dnsmasq server) to set up eth2 on the internet? I am using the example dnsmasq.conf that came with the package, but I just parsed out the comments. And unlike Jan, I'm not using pppoe so I'm not sure what approach to take. Thanks and regards Adam
Re: [Dnsmasq-discuss] setting up dynamic DNS?
Thanks again for the help. Config files appended at bottom for reference.
Jan 'RedBully' Seiffert on 10/09/07 16:45, wrote:
Adam Hardy wrote:
Thanks for the responses, I've just tried again, but didn't succeed. I
get 'name or service unknown' response from ssh, ping etc.
Hmmm, on which machine? Isengard?
on all machines, except when doing ping isengard
I put in the send host-name option, as well as explicitly defining the
defaults for dhcp-option 1, 3 and 6.
Ok.
And on your clients? Do they get an IP over dhcp?
Yes
Is their DNS-Server set to isengard? (view in /etc/resolv.conf)
adam@gondor:~$ cat /etc/hosts
127.0.0.1 localhost gondor.localdomain.net gondor
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
adam@gondor:~$ cat /etc/resolv.conf
search localdomain.net
nameserver 192.168.0.2
adam@gondor:~$ cat /etc/dhcp3/dhclient.conf |grep -v ^#
send host-name gondor.localdomain.net;
send dhcp-lease-time 3600;
supersede domain-name localdomain.net;
request subnet-mask, broadcast-address, time-offset, routers,
domain-name, domain-name-servers, host-name,
netbios-name-servers, netbios-scope, interface-mtu;
send fqdn.fqdn gondor.localdomain.net;
send fqdn.encoded on;
send fqdn.server-update off;
adam@gondor:~$ cat /etc/resolv.conf
search localdomain.net
nameserver 192.168.0.2
Is their default gateway set to isengard? (route -n should say so)
Yes
What's printed to isengards system logs when a client gets an IP?
isengard dnsmasq[26803]: reading /etc/resolv.conf
isengard dnsmasq[26803]: using nameserver 194.74.65.69#53
isengard dnsmasq[26803]: ignoring nameserver 127.0.0.1 - local interface
isengard dnsmasq[26803]: Ignoring DHCP host name arnor.localdomain because it
has an illegal domain part
isengard dnsmasq[26803]: DHCPDISCOVER(eth1) 192.168.0.24 00:a0:cc:52:5d:fe
isengard dnsmasq[26803]: DHCPOFFER(eth1) 192.168.0.24 00:a0:cc:52:5d:fe
isengard dnsmasq[26803]: Ignoring DHCP host name arnor.localdomain because it
has an illegal domain part
isengard dnsmasq[26803]: DHCPREQUEST(eth1) 192.168.0.24 00:a0:cc:52:5d:fe
isengard dnsmasq[26803]: DHCPACK(eth1) 192.168.0.24 00:a0:cc:52:5d:fe
isengard dnsmasq[26803]: query[SOA] arnor.localdomain.net from 192.168.0.24
isengard dnsmasq[26803]: config arnor.localdomain.net is NODATA
isengard dnsmasq[26803]: query[SOA] localdomain.net from 192.168.0.24
isengard dnsmasq[26803]: config localdomain.net is NODATA
isengard dnsmasq[26803]: query[SOA] net from 192.168.0.24
isengard dnsmasq[26803]: config net is NODATA
isengard dnsmasq[26803]: query[SOA] . from 192.168.0.24
isengard dnsmasq[26803]: config . is NODATA
It also did this when I tried ping arnor from gondor:
isengard dnsmasq[26803]: query[A] arnor.localdomain.net from 192.168.0.234
isengard dnsmasq[26803]: forwarded arnor.localdomain.net to 194.74.65.69
isengard dnsmasq[26803]: forwarded arnor.localdomain.net to 194.74.65.69
isengard dnsmasq[26803]: query[A] arnor.localdomain.net from 192.168.0.234
isengard dnsmasq[26803]: forwarded arnor.localdomain.net to 194.74.65.69
/var/lib/misc/dnsmasq.leases has no hostnames in it.
Hmmm. Doesn't look good does it? :( What do you think could be wrong with it?
There seems to be something wrong with the hostname I'm sending it ('illegal
domain name part') and it also seems to be forwarding the query for
arnor.localdomain.net up to the internet nameserver.
Adam
PS here are the files for reference if they help:
isengard:~# cat /etc/hosts
127.0.0.1 localhost
192.168.0.2 isengard.localdomain.net isengard
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
isengard:~# cat /etc/resolv.conf
search localdomain.net
nameserver 127.0.0.1
nameserver 194.74.65.69
isengard:~# cat /etc/dnsmasq.conf |grep -v ^# |grep -e ^[[:alnum:]]
domain-needed
bogus-priv
filterwin2k
domain=localdomain.net
dhcp-range=192.168.0.3,192.168.0.254,12h
dhcp-option=1,255.255.255.0
dhcp-option=3,192.168.0.2
dhcp-option=6,192.168.0.2
log-queries
adam@gondor:~$ cat /etc/hosts
127.0.0.1 localhost gondor.localdomain.net gondor
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
adam@gondor:~$ cat /etc/resolv.conf
search localdomain.net
nameserver 192.168.0.2
adam@gondor:~$ cat /etc/dhcp3/dhclient.conf |grep -v ^#
send host-name gondor.localdomain.net;
send dhcp-lease-time 3600;
supersede domain-name localdomain.net;
request subnet-mask, broadcast-address, time-offset, routers,
domain-name, domain-name-servers, host-name,
netbios-name-servers, netbios-scope, interface-mtu;
send
[Dnsmasq-discuss] setting up dynamic DNS?
Hi DNSmasq List I have a small network with a slightly different setup for the internet broadband from usual. I'm having problems working out how to set up a DHCP service with dnsmasq to provide workstations with permanent host names. Instead of the usual router providing DHCP and DNS services, I just have a simple DSL modem attached to eth2 on my gateway server (isengard). Using dhclient3, isengard grabs itself a public ip for eth2 via DHCP on the modem. isengard also runs dnsmasq on eth1 for the internal network, and I run iptables as my firewall to protect it. I gave eth1 the IP 192.168.0.2 I have 2 more linux boxes, a windows machine and a mac, and the potential for other random laptops to come and go. What I want to do is set it up so that I can refer to boxes by their hostname at least in linux wherever I am on the network, since I do alot of ftp'ing and ssh'ing and I want to set up a samba share for backups and cups for printing. I've reached the point where dnsmasq tells every client to use 192.168.0.2 as the nameserver. These clients run dhclient3 (and windows and the mac are happy too) But this naive approach obviously doesn't cut the mustard. Can I instruct dnsmasq to be nameserver of all my hosts for each other? Thanks and regards Adam Hardy PS this is the hosts and resolv.conf from one client: adam@gondor:~$ cat /etc/hosts 127.0.0.1 localhost gondor.localdomain.net gondor adam@gondor:~$ cat /etc/resolv.conf search localdomain.net nameserver 192.168.0.2 and /etc/dhcp3/dhclient.conf: send dhcp-lease-time 3600; supersede domain-name localdomain.net; request subnet-mask, broadcast-address, time-offset, routers, domain-name, domain-name-servers, host-name, netbios-name-servers, netbios-scope, interface-mtu; send fqdn.fqdn gondor.localdomain.net; send fqdn.encoded on; send fqdn.server-update off; isengard /etc/dnsmasq.conf: domain-needed bogus-priv filterwin2k dhcp-range=192.168.0.3,192.168.0.254,12h
