Re: [pfSense] Dynamic DNS and Route 53

[Tiernan OToole]

Thanks for the reply. In the case of the domain below, that was manually set. 
The domain I wanted updated was checked in the AWS console directly, and still 
had the old value…

I will try modify the php file and see if I can get it to show whats going on.

Thanks.

--Tiernan

From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Moshe Katz
Sent: Wednesday 11 March 2015 13:40
To: pfSense support and discussion
Subject: Re: [pfSense] Dynamic DNS and Route 53


Just three things to add to what Brian said.

For Windows hosts, run ipconfig /flushdns to clear the cache. (You can also 
use /displaydns to set what's in the cache, but you're going to have to ease 
through the entire thing so it's probably not worth it.)

If you are using Google Chrome (on any platform), you will also need to clear 
its cache. Go to chrome://net-internals, click  DNS, and click the clear 
button.

Finally, the easiest way to see the raw request and response is probably by 
opening up the PHP file that runs DNS updates and adding a bunch of echo 
statements.  I don't have a pfSense box in front of me at the moment to see 
which file it is, but I'm guessing it's not too hard to find. Just make sure to 
remove your changes when you are done.

Moshe

Sorry for top-posting. Sent from a mobile device.
On Mar 11, 2015 8:48 AM, Brian Candler 
b.cand...@pobox.commailto:b.cand...@pobox.com wrote:
On 11/03/2015 10:09, Tiernan OToole wrote:

Any tips on checking this properly? How can i see what is being sent and 
received from the server?

I don't know about that (tcpdump perhaps), but here's how to check what's 
published in the DNS:

$ dig +trace @8.8.8.8http://8.8.8.8 
tiernanotoolephotography.comhttp://tiernanotoolephotography.com. a

;  DiG 9.8.3-P1  +trace @8.8.8.8http://8.8.8.8 
tiernanotoolephotography.comhttp://tiernanotoolephotography.com. a
; (1 server found)
;; global options: +cmd
.2466INNSl.root-servers.nethttp://l.root-servers.net.
.2466INNSh.root-servers.nethttp://h.root-servers.net.
.2466INNSk.root-servers.nethttp://k.root-servers.net.
.2466INNSi.root-servers.nethttp://i.root-servers.net.
.2466INNSg.root-servers.nethttp://g.root-servers.net.
.2466INNSj.root-servers.nethttp://j.root-servers.net.
.2466INNSd.root-servers.nethttp://d.root-servers.net.
.2466INNSa.root-servers.nethttp://a.root-servers.net.
.2466INNSf.root-servers.nethttp://f.root-servers.net.
.2466INNSb.root-servers.nethttp://b.root-servers.net.
.2466INNSm.root-servers.nethttp://m.root-servers.net.
.2466INNSe.root-servers.nethttp://e.root-servers.net.
.2466INNSc.root-servers.nethttp://c.root-servers.net.
;; Received 228 bytes from 8.8.8.8#53(8.8.8.8) in 51 ms

com.172800INNS
a.gtld-servers.nethttp://a.gtld-servers.net.
com.172800INNS
b.gtld-servers.nethttp://b.gtld-servers.net.
com.172800INNS
c.gtld-servers.nethttp://c.gtld-servers.net.
com.172800INNS
d.gtld-servers.nethttp://d.gtld-servers.net.
com.172800INNS
e.gtld-servers.nethttp://e.gtld-servers.net.
com.172800INNS
f.gtld-servers.nethttp://f.gtld-servers.net.
com.172800INNS
g.gtld-servers.nethttp://g.gtld-servers.net.
com.172800INNS
h.gtld-servers.nethttp://h.gtld-servers.net.
com.172800INNS
i.gtld-servers.nethttp://i.gtld-servers.net.
com.172800INNS
j.gtld-servers.nethttp://j.gtld-servers.net.
com.172800INNS
k.gtld-servers.nethttp://k.gtld-servers.net.
com.172800INNS
l.gtld-servers.nethttp://l.gtld-servers.net.
com.172800INNS
m.gtld-servers.nethttp://m.gtld-servers.net.
;; Received 506 bytes from 192.203.230.10#53(192.203.230.10) in 33 ms

tiernanotoolephotography.comhttp://tiernanotoolephotography.com. 172800 IN
NS ns-99.awsdns-12.comhttp://ns-99.awsdns-12.com.
tiernanotoolephotography.comhttp://tiernanotoolephotography.com. 172800 IN
NS ns-718.awsdns-25.nethttp://ns-718.awsdns-25.net.
tiernanotoolephotography.comhttp://tiernanotoolephotography.com. 172800 IN
NS ns-1318.awsdns-36.orghttp://ns-1318.awsdns-36.org.
tiernanotoolephotography.comhttp://tiernanotoolephotography.com. 172800 IN
NS ns-1983.awsdns-55.co.ukhttp://ns-1983.awsdns-55.co.uk.
;; Received 214 bytes from 192.31.80.30#53(192.31.80.30) in 119 ms

tiernanotoolephotography.comhttp://tiernanotoolephotography.com. 300 INA  
  79.97.100.91
tiernanotoolephotography.comhttp://tiernanotoolephotography.com. 172800 IN
NS ns-1318.awsdns-36.orghttp://ns-1318.awsdns-36.org.
tiernanotoolephotography.comhttp

Re: [pfSense] Dynamic DNS and Route 53

[Moshe Katz]

Just three things to add to what Brian said.

For Windows hosts, run ipconfig /flushdns to clear the cache. (You can
also use /displaydns to set what's in the cache, but you're going to have
to ease through the entire thing so it's probably not worth it.)

If you are using Google Chrome (on any platform), you will also need to
clear its cache. Go to chrome://net-internals, click  DNS, and click
the clear button.

Finally, the easiest way to see the raw request and response is probably by
opening up the PHP file that runs DNS updates and adding a bunch of echo
statements.  I don't have a pfSense box in front of me at the moment to see
which file it is, but I'm guessing it's not too hard to find. Just make
sure to remove your changes when you are done.

Moshe

Sorry for top-posting. Sent from a mobile device.
 On Mar 11, 2015 8:48 AM, Brian Candler b.cand...@pobox.com wrote:

 On 11/03/2015 10:09, Tiernan OToole wrote:


 Any tips on checking this properly? How can i see what is being sent and
 received from the server?


  I don't know about that (tcpdump perhaps), but here's how to check
 what's published in the DNS:

 $ dig +trace @8.8.8.8 tiernanotoolephotography.com. a

 ;  DiG 9.8.3-P1  +trace @8.8.8.8 tiernanotoolephotography.com. a
 ; (1 server found)
 ;; global options: +cmd
 .2466INNSl.root-servers.net.
 .2466INNSh.root-servers.net.
 .2466INNSk.root-servers.net.
 .2466INNSi.root-servers.net.
 .2466INNSg.root-servers.net.
 .2466INNSj.root-servers.net.
 .2466INNSd.root-servers.net.
 .2466INNSa.root-servers.net.
 .2466INNSf.root-servers.net.
 .2466INNSb.root-servers.net.
 .2466INNSm.root-servers.net.
 .2466INNSe.root-servers.net.
 .2466INNSc.root-servers.net.
 ;; Received 228 bytes from 8.8.8.8#53(8.8.8.8) in 51 ms

 com.172800INNSa.gtld-servers.net.
 com.172800INNSb.gtld-servers.net.
 com.172800INNSc.gtld-servers.net.
 com.172800INNSd.gtld-servers.net.
 com.172800INNSe.gtld-servers.net.
 com.172800INNSf.gtld-servers.net.
 com.172800INNSg.gtld-servers.net.
 com.172800INNSh.gtld-servers.net.
 com.172800INNSi.gtld-servers.net.
 com.172800INNSj.gtld-servers.net.
 com.172800INNSk.gtld-servers.net.
 com.172800INNSl.gtld-servers.net.
 com.172800INNSm.gtld-servers.net.
 ;; Received 506 bytes from 192.203.230.10#53(192.203.230.10) in 33 ms

 tiernanotoolephotography.com. 172800 INNS ns-99.awsdns-12.com.
 tiernanotoolephotography.com. 172800 INNS ns-718.awsdns-25.net.
 tiernanotoolephotography.com. 172800 INNS ns-1318.awsdns-36.org.
 tiernanotoolephotography.com. 172800 INNS ns-1983.awsdns-55.co.uk.
 ;; Received 214 bytes from 192.31.80.30#53(192.31.80.30) in 119 ms

 tiernanotoolephotography.com. 300 INA79.97.100.91
 tiernanotoolephotography.com. 172800 INNS ns-1318.awsdns-36.org.
 tiernanotoolephotography.com. 172800 INNS ns-1983.awsdns-55.co.uk.
 tiernanotoolephotography.com. 172800 INNS ns-718.awsdns-25.net.
 tiernanotoolephotography.com. 172800 INNS ns-99.awsdns-12.com.
 ;; Received 198 bytes from 205.251.197.38#53(205.251.197.38) in 6 ms

 So to eliminate any local DNS caching as an issue, you should ask one of
 the four servers which is authoritative for your domain for the answer.

 $ dig +short +norec @ns-99.awsdns-12.com. tiernanotoolephotography.com. a
 79.97.100.91

 This seems to match what you were expecting, so it appears to have worked
 now.

 If you have a client which is still resolving to the old address then
 flush its cache, and check there's no static hosts entry.

 For OSX clients, you can flush their DNS cache like this:
 sudo killall -HUP mDNSResponder

 For Linux clients running nscd, even restarting nscd won't flush the
 cache. You need to do:
 nscd --invalidate=hosts

 For Windows clients, best to just reboot them :-)

 Regards,

 Brian.

 ___
 pfSense mailing list
 https://lists.pfsense.org/mailman/listinfo/list
 Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Dynamic DNS and Route 53

[Brian Candler]

On 11/03/2015 10:09, Tiernan OToole wrote:


Any tips on checking this properly? How can i see what is being sent 
and received from the server?



I don't know about that (tcpdump perhaps), but here's how to check 
what's published in the DNS:


$ dig +trace @8.8.8.8 tiernanotoolephotography.com. a

;  DiG 9.8.3-P1  +trace @8.8.8.8 tiernanotoolephotography.com. a
; (1 server found)
;; global options: +cmd
.2466INNSl.root-servers.net.
.2466INNSh.root-servers.net.
.2466INNSk.root-servers.net.
.2466INNSi.root-servers.net.
.2466INNSg.root-servers.net.
.2466INNSj.root-servers.net.
.2466INNSd.root-servers.net.
.2466INNSa.root-servers.net.
.2466INNSf.root-servers.net.
.2466INNSb.root-servers.net.
.2466INNSm.root-servers.net.
.2466INNSe.root-servers.net.
.2466INNSc.root-servers.net.
;; Received 228 bytes from 8.8.8.8#53(8.8.8.8) in 51 ms

com.172800INNSa.gtld-servers.net.
com.172800INNSb.gtld-servers.net.
com.172800INNSc.gtld-servers.net.
com.172800INNSd.gtld-servers.net.
com.172800INNSe.gtld-servers.net.
com.172800INNSf.gtld-servers.net.
com.172800INNSg.gtld-servers.net.
com.172800INNSh.gtld-servers.net.
com.172800INNSi.gtld-servers.net.
com.172800INNSj.gtld-servers.net.
com.172800INNSk.gtld-servers.net.
com.172800INNSl.gtld-servers.net.
com.172800INNSm.gtld-servers.net.
;; Received 506 bytes from 192.203.230.10#53(192.203.230.10) in 33 ms

tiernanotoolephotography.com. 172800 INNS ns-99.awsdns-12.com.
tiernanotoolephotography.com. 172800 INNS ns-718.awsdns-25.net.
tiernanotoolephotography.com. 172800 INNS ns-1318.awsdns-36.org.
tiernanotoolephotography.com. 172800 INNS ns-1983.awsdns-55.co.uk.
;; Received 214 bytes from 192.31.80.30#53(192.31.80.30) in 119 ms

tiernanotoolephotography.com. 300 INA79.97.100.91
tiernanotoolephotography.com. 172800 INNS ns-1318.awsdns-36.org.
tiernanotoolephotography.com. 172800 INNS ns-1983.awsdns-55.co.uk.
tiernanotoolephotography.com. 172800 INNS ns-718.awsdns-25.net.
tiernanotoolephotography.com. 172800 INNS ns-99.awsdns-12.com.
;; Received 198 bytes from 205.251.197.38#53(205.251.197.38) in 6 ms

So to eliminate any local DNS caching as an issue, you should ask one of 
the four servers which is authoritative for your domain for the answer.


$ dig +short +norec @ns-99.awsdns-12.com. tiernanotoolephotography.com. a
79.97.100.91

This seems to match what you were expecting, so it appears to have 
worked now.


If you have a client which is still resolving to the old address then 
flush its cache, and check there's no static hosts entry.


For OSX clients, you can flush their DNS cache like this:
sudo killall -HUP mDNSResponder

For Linux clients running nscd, even restarting nscd won't flush the 
cache. You need to do:

nscd --invalidate=hosts

For Windows clients, best to just reboot them :-)

Regards,

Brian.

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold