| View previous topic :: View next topic |
| Author |
Message |
vespaman
Guru
Joined: 28 Aug 2002
Posts: 375
Location: Stockholm, Sweden
|
 Posted: Mon Aug 19, 2024 8:22 am Post subject: New installation - DNS client not working on lan [solved] |
 |
|
So I have this strange (to me, anyway!) issue with a new laptop; the name resolution does not work for local network. 
I have an old-ish dnsmasq server, which supplies addresses for local names, and it works fine with existing computers and mobile phones and so on.
But this new laptop will not ping, or browse to local network using name resolution. However, WAN names works just fine.
My /etc/resolv.conf has the correct setting showing my dnsmasq machine, and it is identical to another gentoo machine I have.
Could it be related to ipv6 somehow? I don't think most of my local (lan) stuff has ipv6 knowledge..
I learned by searching that there's a gai.conf in /etc/ that might be related, but this too looks identical to the working machines gai.conf.
Or more likely, did I miss to do something during installation? I used systemd on this machine, which I am not super confident with.
Edit: I should mention that I have tried both ethernet and wifi - same issue.
Edit2: So, now I realize that I do get name resolution on devices that are allocated dynamically from dnsmasq (i.e. devices in /var/lib/misc/dnsmasq.leases), but not from devices that exists in the hosts file on the dnsmasq server. 
And this is working on all other computers and devices..
Last edited by vespaman on Tue Aug 20, 2024 3:10 pm; edited 1 time in total |
|
| Back to top |
|
 |
Hu
Administrator
Joined: 06 Mar 2007
Posts: 22612
|
| Posted: Mon Aug 19, 2024 11:51 am Post subject: |
|
|
| On both a working and non-working system, what is the output of dig local-dynamic-name @dnsmasq.server; dig local-nondynamic-name @dnsmasq.server? I want to understand whether dnsmasq is serving nondynamic names to anyone. If it is, then the problem is that the non-working system is not asking dnsmasq about those names. If it is not, then the problem is that the working system is somehow resolving those names without relying on an answer from dnsmasq. |
|
| Back to top |
|
|
vespaman
Guru
Joined: 28 Aug 2002
Posts: 375
Location: Stockholm, Sweden
|
| Posted: Mon Aug 19, 2024 12:11 pm Post subject: |
|
|
Thanks for taking interest! 
So think2 is one of the working laptops, think3 is the new, non-working.
| Code: |
think2 /home/micke # dig keba_garage @oxygen
; <<>> DiG 9.16.48 <<>> keba_garage @oxygen
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37161
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;keba_garage. IN A
;; ANSWER SECTION:
keba_garage. 0 IN A 10.1.200.28
;; Query time: 0 msec
;; SERVER: 10.1.200.1#53(10.1.200.1)
;; WHEN: Mon Aug 19 14:03:30 CEST 2024
;; MSG SIZE rcvd: 56
think2 /home/micke # dig vaka @oxygen
; <<>> DiG 9.16.48 <<>> vaka @oxygen
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1329
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;vaka. IN A
;; ANSWER SECTION:
vaka. 0 IN A 10.1.200.22
;; Query time: 0 msec
;; SERVER: 10.1.200.1#53(10.1.200.1)
;; WHEN: Mon Aug 19 14:03:42 CEST 2024
;; MSG SIZE rcvd: 49
think2 /home/micke # ping vaka
PING vaka (10.1.200.22) 56(84) bytes of data.
64 bytes from vaka_kontor (10.1.200.22): icmp_seq=1 ttl=255 time=0.573 ms
64 bytes from vaka_kontor (10.1.200.22): icmp_seq=2 ttl=255 time=50.3 ms
^C
|
and
| Code: |
think3 /home/micke # dig keba_garage @oxygen
; <<>> DiG 9.16.48 <<>> keba_garage @oxygen
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50570
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;keba_garage. IN A
;; ANSWER SECTION:
keba_garage. 0 IN A 10.1.200.28
;; Query time: 13 msec
;; SERVER: 10.1.200.1#53(10.1.200.1)
;; WHEN: Mon Aug 19 13:58:16 CEST 2024
;; MSG SIZE rcvd: 56
think3 /home/micke # dig vaka @oxygen
; <<>> DiG 9.16.48 <<>> vaka @oxygen
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11453
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;vaka. IN A
;; ANSWER SECTION:
vaka. 0 IN A 10.1.200.22
;; Query time: 12 msec
;; SERVER: 10.1.200.1#53(10.1.200.1)
;; WHEN: Mon Aug 19 13:58:30 CEST 2024
;; MSG SIZE rcvd: 49
think3 /home/micke # ping vaka
ping: vaka: Name or service not known
|
Not sure this is related, but on both machines, if I ping a dynamic-name (such as keba_garage above), I get result in the form of "keba_garage.x.com" (x = my domain). |
|
| Back to top |
|
|
Hu
Administrator
Joined: 06 Mar 2007
Posts: 22612
|
| Posted: Mon Aug 19, 2024 12:22 pm Post subject: |
|
|
| I read that output to mean that dnsmasq provides the same, and presumably correct, answer to anyone who asks. Since I had you use the @server notation, think3 asked dnsmasq even if it otherwise would not. Therefore, I think the problem is that think3 is not asking dnsmasq for resolution when you use think3 normally. What if you run dig vaka without @server on each machine? I expect to see that think2 still asks dnsmasq, and that think3 asks something else - possibly a local systemd resolver. Also, what is the output of cat -n /etc/resolv.conf ; cat -n /etc/nsswitch.conf on think2 and on think3? |
|
| Back to top |
|
|
vespaman
Guru
Joined: 28 Aug 2002
Posts: 375
Location: Stockholm, Sweden
|
| Posted: Mon Aug 19, 2024 1:17 pm Post subject: |
|
|
I see what you mean. However, think3 does not know the answer, so how would it know to choose a different path for its question?
And to confirm;
| Code: |
think2 /home/micke # dig vaka
; <<>> DiG 9.16.48 <<>> vaka
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40520
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;vaka. IN A
;; ANSWER SECTION:
vaka. 0 IN A 10.1.200.22
;; Query time: 0 msec
;; SERVER: 10.1.200.1#53(10.1.200.1)
;; WHEN: Mon Aug 19 15:09:02 CEST 2024
;; MSG SIZE rcvd: 49
|
and
| Code: |
think3 /home/micke # dig vaka
; <<>> DiG 9.16.48 <<>> vaka
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17364
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;vaka. IN A
;; ANSWER SECTION:
vaka. 0 IN A 10.1.200.22
;; Query time: 16 msec
;; SERVER: 10.1.200.1#53(10.1.200.1)
;; WHEN: Mon Aug 19 14:10:42 CEST 2024
;; MSG SIZE rcvd: 49
think3 /home/micke #
|
And then, (x.com is really something else, but the same on both machines);
| Code: |
think2 /home/micke # cat -n /etc/resolv.conf ; cat -n /etc/nsswitch.conf
1 # Generated by NetworkManager
2 search x.com
3 nameserver 10.1.200.1
1 #
2 # /etc/nsswitch.conf
3 #
4 # An example Name Service Switch config file. This file should be
5 # sorted with the most-used services at the beginning.
6 #
7 # Valid databases are: aliases, ethers, group, gshadow, hosts,
8 # initgroups, netgroup, networks, passwd, protocols, publickey,
9 # rpc, services, and shadow.
10 #
11 # Valid service provider entries include (in alphabetical order):
12 #
13 # compat Use /etc files plus *_compat pseudo-db
14 # db Use the pre-processed /var/db files
15 # dns Use DNS (Domain Name Service)
16 # files Use the local files in /etc
17 # hesiod Use Hesiod (DNS) for user lookups
18 #
19 # See `info libc 'NSS Basics'` for more information.
20 #
21 # Commonly used alternative service providers (may need installation):
22 #
23 # ldap Use LDAP directory server
24 # myhostname Use systemd host names
25 # mymachines Use systemd machine names
26 # mdns*, mdns*_minimal Use Avahi mDNS/DNS-SD
27 # resolve Use systemd resolved resolver
28 # sss Use System Security Services Daemon (sssd)
29 # systemd Use systemd for dynamic user option
30 # winbind Use Samba winbind support
31 # wins Use Samba wins support
32 # wrapper Use wrapper module for testing
33 #
34 # Notes:
35 #
36 # 'sssd' performs its own 'files'-based caching, so it should generally
37 # come before 'files'.
38 #
39 # WARNING: Running nscd with a secondary caching service like sssd may
40 # lead to unexpected behaviour, especially with how long
41 # entries are cached.
42 #
43 # Installation instructions:
44 #
45 # To use 'db', install the appropriate package(s) (provide 'makedb' and
46 # libnss_db.so.*), and place the 'db' in front of 'files' for entries
47 # you want to be looked up first in the databases, like this:
48 #
49 # passwd: db files
50 # shadow: db files
51 # group: db files
52
53 # If you encounter slowdowns of file operations and do not use
54 # systemd-generated users and groups, you can disable the corresponding
55 # lookups by replacing the group and passwd lines with, e.g.,
56 # group: files
57 # passwd: files
58 # See also https://bugs.gentoo.org/773436
59
60 # In alphabetical order. Re-order as required to optimize peformance.
61
62 aliases: files
63 ethers: files
64 group: files [SUCCESS=merge] systemd
65 gshadow: files systemd
66 hosts: mymachines resolve [!UNAVAIL=return] files myhostname dns
67 # Allow initgroups to default to the setting for group.
68 # initgroups: files
69 netgroup: files
70 networks: files dns
71 passwd: files systemd
72 protocols: files
73 publickey: files
74 rpc: files
75 shadow: files [UNAVAIL=return] systemd
76 services: files
|
and
| Code: | think3 /home/micke # cat /etc/resolv.conf ; cat -n /etc/nsswitch.conf
# Generated by NetworkManager
search x.com
nameserver 10.1.200.1
1 #
2 # /etc/nsswitch.conf
3 #
4 # An example Name Service Switch config file. This file should be
5 # sorted with the most-used services at the beginning.
6 #
7 # Valid databases are: aliases, ethers, group, gshadow, hosts,
8 # initgroups, netgroup, networks, passwd, protocols, publickey,
9 # rpc, services, and shadow.
10 #
11 # Valid service provider entries include (in alphabetical order):
12 #
13 # compat Use /etc files plus *_compat pseudo-db
14 # db Use the pre-processed /var/db files
15 # dns Use DNS (Domain Name Service)
16 # files Use the local files in /etc
17 # hesiod Use Hesiod (DNS) for user lookups
18 #
19 # See `info libc 'NSS Basics'` for more information.
20 #
21 # Commonly used alternative service providers (may need installation):
22 #
23 # ldap Use LDAP directory server
24 # myhostname Use systemd host names
25 # mymachines Use systemd machine names
26 # mdns*, mdns*_minimal Use Avahi mDNS/DNS-SD
27 # resolve Use systemd resolved resolver
28 # sss Use System Security Services Daemon (sssd)
29 # systemd Use systemd for dynamic user option
30 # winbind Use Samba winbind support
31 # wins Use Samba wins support
32 # wrapper Use wrapper module for testing
33 #
34 # Notes:
35 #
36 # 'sssd' performs its own 'files'-based caching, so it should generally
37 # come before 'files'.
38 #
39 # WARNING: Running nscd with a secondary caching service like sssd may
40 # lead to unexpected behaviour, especially with how long
41 # entries are cached.
42 #
43 # Installation instructions:
44 #
45 # To use 'db', install the appropriate package(s) (provide 'makedb' and
46 # libnss_db.so.*), and place the 'db' in front of 'files' for entries
47 # you want to be looked up first in the databases, like this:
48 #
49 # passwd: db files
50 # shadow: db files
51 # group: db files
52
53 # If you encounter slowdowns of file operations and do not use
54 # systemd-generated users and groups, you can disable the corresponding
55 # lookups by replacing the group and passwd lines with, e.g.,
56 # group: files
57 # passwd: files
58 # See also https://bugs.gentoo.org/773436
59
60 # In alphabetical order. Re-order as required to optimize peformance.
61
62 aliases: files
63 ethers: files
64 group: files [SUCCESS=merge] systemd
65 gshadow: files systemd
66 hosts: mymachines resolve [!UNAVAIL=return] files myhostname dns
67 # Allow initgroups to default to the setting for group.
68 # initgroups: files
69 netgroup: files
70 networks: files dns
71 passwd: files systemd
72 protocols: files
73 publickey: files
74 rpc: files
75 shadow: files [UNAVAIL=return] systemd
76 services: files
|
|
|
| Back to top |
|
|
Hu
Administrator
Joined: 06 Mar 2007
Posts: 22612
|
| Posted: Mon Aug 19, 2024 3:10 pm Post subject: |
|
|
| vespaman wrote: | | I see what you mean. However, think3 does not know the answer, so how would it know to choose a different path for its question? |
I expected that think3 was using some resolver other than the dnsmasq on oxygen, and that this other resolver lacked some answers. However, the output you provided refutes my theory. As I read your output, both systems use the same DNS server, and their nsswitch directs them to follow the same order for obtaining answers. My only remaining guess is that one of mymachines or resolve is returning a result that causes the glibc resolver to return an error without reaching the dns database, and that this behavior happens only on think3. I am not familiar with those two providers, so I cannot provide further guidance on why they might be misbehaving. You could try changing the hosts: line to be only hosts: files dns. That is what I have, on a non-systemd system. If that works, then you need to add back the other entries, find which one breaks it, and then determine why that entry breaks it. |
|
| Back to top |
|
|
vespaman
Guru
Joined: 28 Aug 2002
Posts: 375
Location: Stockholm, Sweden
|
| Posted: Mon Aug 19, 2024 5:12 pm Post subject: |
|
|
Spot on! Looks as if it is the [!UNAVAIL=return] that is causing the trouble. Not sure what's going on here. I'll rebuild world, over night, just to be sure.
Thanks |
|
| Back to top |
|
|
vespaman
Guru
Joined: 28 Aug 2002
Posts: 375
Location: Stockholm, Sweden
|
| Posted: Tue Aug 20, 2024 3:10 pm Post subject: |
|
|
So rebuilding everything did not make any difference. I was hoping it would, since I had changed some CFLAGS (started with -znver3 and now -znver4) during installation of the machine.
In further inspection, 'mymachines resolve files myhostname dns' does work, but it takes a long time before the first ping result appears on screen.
The problem seems to be that I had systemd-resolved running on new machine, while not on other machine. So I simply stopped and disabled it, and now new laptop behaves better. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
