DNS & network news

Monthly Archive: November 2014

DNS at home

Maybe I’m creating my own problem but I’m kind of stuck. I have a handful of hosts at home and a 64 address DHCP block for which I have a TLD setup on a Solaris machine. nslookup from the Windows clients always works (it always asks the primary DNS server, the Solaris machine), but when I have a second DNS server listed sometimes the web browsers don’t properly look up internal hosts (e.g., the router or the printer), I get host name undefined errors. To resolve the problem I removed the secondary DNS server from all the windows clients (one of Google’s public DNS servers) and now everything works. Which would be fine but sometimes I have to take the Solaris machine down and for that time period no web surfing happens and that’s not good for SAF*…

Is it normal behavior for the resolver library (in Windows?) to round robin the DNS servers? When I run snoop on the Solaris box I see queries come in and get resolved, then suddenly nothing and that’s when that client’s web browser returns a host not found, it appears that my DNS server was not queried.

I wanted to setup a secondary name server in house, preferably on the router (if it’s down there’s no surfing anyway) but it doesn’t seem like any of the router firmwares support being a (secondary) DNS server (at least not by default). Am I missing something about the router firmwares? Am I configuring something on my Windows clients wrong?

My router is a NetGear WNR3500L, if I reserve IPs for various hosts and set the Windows client to use the router as a DNS server will it return addresses from names?

*Spouse Acceptance Factor

submitted by uprightHippie
[link] [6 comments]

Powered by WPeMatico

MRW when I set up my own caching server, configure my home router to use it, and wife's Android still hits Time Warner Cable's landing page

WTF?

The router is set to user the caching server and then roll over to OpenDNS. Her phone showed 192.168.1.1 (home router) as the primary and 8.8.8.8 (Google) as the secondary. This was under DHCP settings. I had to switch it to static IP to be able to change the IP settings, but I got it to receive NXDOMAIN again that way.

But how could TWC’s DNS ever still come into the equation???

EDIT: I noticed my lookup server is down. That’s another matter, and looking into it. But still don’t see how that would allow TWC’s stuff to seep in.

submitted by fongaboo
[link] [3 comments]

Powered by WPeMatico

Unbound – authoritative answers from NSD on LAN, but recursion-only on WAN?

Is there a way to get the same instance of Unbound to pass queries for a local zone (eg, internal.domain.tld) to an authoritative server (in my case NSD running on the same host) on one interface/subnet, but not on another? I suppose this is a split horizon scenario (which I’ve read Unbound doesn’t really do), except in my case I want LAN-side hosts to be able to resolve internal addresses, but WAN-side hosts should just get NXDOMAIN – I don’t care about serving different IPs to different subnets.

I’ve read the Unbound man page top to bottom, but I’m brand new to Unbound, pretty new to DNS in general, and also I’m just kinda dumb.

If the only way is to run two instances of Unbound, then so be it, but I’d really like to avoid this for simplicity.

submitted by phishpin
[link] [2 comments]

Powered by WPeMatico

Can't get Unbound to answer on outside IP (x-post from /r/freebsd)

Have a FreeBSD 10 machine. Have two outside IPs bound to it. First IP has NSD running as an authoritative server. THis is specified specifically in the interface entry of nsd.conf.

Trying to run caching/recursive nameserver with unbound on the second IP. I specified the following entries in unbound.conf:

interface: 127.0.0.1 interface: <Second IP> 

I followed the tutorial at https://calomel.org/unbound_dns.html. I added lines for unbound-control. But other than that, and the extra interface lines, its as specified in the tutorial… Oh, also the locations are modified from /var/unbound/etc/ to /var/unbound/.

I can get it to resolve when I run nslookup and set the server to 127.0.0.1, but not when I set it to the second IP.

I’m wondering if something else is floating around on 127.0.0.1 port 53? Because when I run unbound-control dump_requestlist, I get an empty list. I would think I would see the requests I made successfully on 127.0.0.1.

BTW, I have this in IPFW:

allow udp from any to any dst-port 53 in 

Any ideas why I can’t get answers on the second IP?

submitted by fongaboo
[link] [4 comments]

Powered by WPeMatico