0

I'm currently trying to solve a problem within a heterogeneous network (Linux servers with Arch, Windows clients).

Current Situation:

I got a NAT gateway which runs dnsmasq as DNS and DHCP server. It has 3 interfaces (WAN, home, guest) with different networks. Interfaces have static IPs via systemd-networkd. The files are located at /etc/systemd/network/eth*.network:

eth0 (wan):

[Match]
Name=eth0

[Network]
Address=192.168.0.4/24
Gateway=192.168.0.254
DNS=192.168.0.254

eth1(guest):

[Match]
Name=eth1

[Network]
Address=172.17.0.254/16

eth2(home):

[Match]
Name=eth2

[Network]
Address=172.16.0.254/16

nsswitch.conf looks like that:

# Name Service Switch configuration file.
# See nsswitch.conf(5) for details.

passwd: files mymachines systemd
group: files mymachines systemd
shadow: files

publickey: files

hosts: files mymachines myhostname resolve [!UNAVAIL=return] dns
networks: files

protocols: files
services: files
ethers: files
rpc: files

netgroup: files

dnsmasq is setup this way:

domain-needed
bogus-priv
no-resolv
dhcp-sequential-ip

interface=lo
interface=eth1
interface=eth2
bind-interfaces

domain=local
expand-hosts
local=/local/

server=192.168.0.254
#server=8.8.8.8
#server=8.8.4.4

dhcp-range=eth1,172.17.2.1,172.17.2.200,255.255.0.0,168h
dhcp-range=eth2,172.16.2.1,172.16.2.200,255.255.0.0,168h
dhcp-option=eth1,3,172.17.0.254
dhcp-option=eth2,3,172.16.0.254
dhcp-option=eth1,6,172.17.0.254
dhcp-option=eth2,6,172.16.0.254

Behind the NAT gateway there is another router (192.168.0.254) which provides DNS-Services. I have another Linux-Server on 172.16.0.1 (server01). I configured the /etc/hosts on the nat gateway like this:

Static table lookup for hostnames.
# See hosts(5) for details.
127.0.0.1       localhost
172.16.0.254     server02
172.17.0.254     server02
192.168.0.4       server02
172.16.0.1     server01

There is nothing written in /etc/resolv.conf on NAT gateway.

I can ping www.google.de or similar from every device within my network and it resolves fine. If I use drill with any hostname (no matter if they are looking for local hosts or in the internet) on my Linux machines I get this error:

Error: error sending query: No (valid) nameservers defined in the resolver

If i use nslookup on my Linux machines they time out (no matter if it's looked for local hosts or in the internet).

Pinging www.google works. Pinging for server02 (or server02.local, .lan or whatever) on server01 doesn't.

I am using systemd-resolved as my dns-service on server01. Interface config for server01 is this:

[Match]
Name=eth0

[Network]
Address=172.16.0.1/16
Gateway=172.16.0.254
DNS=172.16.0.254

resolvectl status on server01:

Global
       LLMNR setting: yes
MulticastDNS setting: yes
  DNSOverTLS setting: no
      DNSSEC setting: allow-downgrade
    DNSSEC supported: yes
Fallback DNS Servers: 1.1.1.1
                      9.9.9.10
                      8.8.8.8
                      2606:4700:4700::1111
                      2620:fe::10
                      2001:4860:4860::8888
          DNSSEC NTA: 10.in-addr.arpa
                      16.172.in-addr.arpa
                      168.192.in-addr.arpa
                      17.172.in-addr.arpa
                      18.172.in-addr.arpa
                      19.172.in-addr.arpa
                      20.172.in-addr.arpa
                      21.172.in-addr.arpa
                      22.172.in-addr.arpa
                      23.172.in-addr.arpa
                      24.172.in-addr.arpa
                      25.172.in-addr.arpa
                      26.172.in-addr.arpa
                      27.172.in-addr.arpa
                      28.172.in-addr.arpa
                      29.172.in-addr.arpa
                      30.172.in-addr.arpa
                      31.172.in-addr.arpa
                      corp
                      d.f.ip6.arpa
                      home
                      internal
                      intranet
                      lan
                      local
                      private
                      test

Link 2 (eth0)
      Current Scopes: DNS LLMNR/IPv4
DefaultRoute setting: yes
       LLMNR setting: yes
MulticastDNS setting: no
  DNSOverTLS setting: no
      DNSSEC setting: allow-downgrade
    DNSSEC supported: yes
  Current DNS Server: 172.16.0.254
         DNS Servers: 172.16.0.254

If I use nslookup on my Windows machines I get a resolution for any hostname (server01, server01.local, etc) (no matter if they are local or in the internet). If I ping for server02 it can't resolve. if I ping for server02.local or server01.local it resolves.

I really can't explain this behavior. My best guess is that it has something to do with another DNS server that is running somewhere hidden in my network. But this must be a client or whatever, since there are only two servers with very minimal setup. I have looked for avahi-daemons running anywhere but I don't find any or I am doing it the wrong way.

Can someone give me a hint where to look at to solve my problems? My biggest problem is that I want to access my samba shares at server01 via hostname resolution, which doesn't work.

Improve this question
2
  • There's lots of detail here, but I am slightly confused what exactly the problem is here? Can you please clarify this in the question?
    – Daniel K
    Commented Jun 8, 2019 at 12:58
  • I cant use hostnames to connect to my servers. For example if i want to access my sambashare on server01 i have to use the ip and cant just type \\server01. Same is if i for example want to reverselookup which ips have which hostname
    – raiden_87
    Commented Jun 8, 2019 at 14:24

2 Answers 2

Reset to default
0

I have a similar dnsmasq setup,and from playing around it only resolves if you tack on the domain you set in dnsmasq config. --> domain=local expand-hosts local=/local/ . After a lot of research, it pushes the host file as : name.domain to the ip as configured in dnsmasq config, but not the name standalone. does tacking the domain on it work? I'm using a FQDN and I'm still struggling through documentation. if I stumble across anything I'll post it. I'm just trying to hone in on what you're asking for a bit more: does name.domain work? (as per above) I have it working that way without issue and can post my configs if you like?

Improve this answer
2
  • my setup: router is dhcp/dns server for network. ns1 is dnsmasq mapping name.domain -> local ip. ns1 forwards requests to ns2. ns2 is a pihole forwards requests to 1.1.1.1/8.8.8.8. router set wan dns ns1/ns2. resolves external and internal domains without issues, but can;t simply call a name only (wwwsrv needs to be wwwsrv.mydomain.xyz) but using the local fqdn works flawlessly for samba/ftp/ssh etc
    – XcaV8
    Commented Jun 9, 2019 at 5:47
  • yeah it works with the domain tacked on. Is there a way to make it work without needing to do it? Its not very clear why windows nslookup resolves "server01" and "server01.local", but ping just "server01" (or everything else without .local) doesnt work...
    – raiden_87
    Commented Jun 9, 2019 at 7:11
0

i got a it partially solved. At least my linux machines can now communicate via dns.

I added 172.16.0.254 as nameserver in /etc/resolv.conf and activated llmnr in /etc/systemd/resolved.conf. Ping now works via llmnr and nslookup resolves via dns server.

I still dont get it why i have to activate llmnr for pinging and why it doesnt use my dns server... For my Windows clients the situation is still the same

EDIT

so i got it working i guess. What i did:

disable llmnr (its activated by default) in /etc/systemd/resolved.conf, in hosts (nat server02 with dnsmasq) i set for every server an entry which looks like this: 

ip server*.local server* (* is the number in my case, so 01 or 02)

Now my windows and linux clients can resolve hostnames without having to put .local behind them. One minor problem is that it is very inconsistent which ip i get back for pinging server02

Improve this answer
1
  • ok i was able to deactivate llmnr by setting dns in /etc/nsswitch.conf before [!UNAVAIL=return]
    – raiden_87
    Commented Jun 9, 2019 at 7:43

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .