Hi Murphy,
firstly,Thanks for your great help :D
Actually, I'm now hard codding the addresses and for the moment I'll
use a file to make nox my dns server. I'll try to solve the reverse
lookups problem as you suggested, however ping is not what i want to do,
so if connectivity is achieved "ping -n" will work for me :)
Does this "the reverse lookups" solve the problem of dns cache?
Many thanks,
Ibrahim
Con fecha 26/8/2011, "Murphy McCauley" <jam...@nau.edu> escribió:
>How does your DNS component in NOX work? Does it just query some other
>server? Or have you entered your own list of addresses?
>
>I think what you are seeing is because ping *does* try to resolve a name for
>every ping. Specifically, I think something like the following is happening:
>ping does a reverse lookup on the IP of every returned ping so that it can
>print out the hostname. In your case, these are failing and apparently timing
>out, hence the long initial delay. Since there's no response, it keeps trying
>to look them up, which never works.
>
>Why there's no response could be due to a couple of things. If you're sending
>the requests to another server, it's certainly not going to know the answers,
>since the addresses from mininet are in the private class A. If you've
>hardcoded a list of name->address mappings, the problem is that you're not
>handling reverse (address->name) lookups and are maybe not returning an error
>instead.
>
>Reverse lookups for IPv4 look like normal name lookups, but the name is
>"<backwards-dotted-quad>.in-addr.arpa." So 10.0.0.1 is 1.0.0.10.in-addr.arpa.
> If you know the address, send back the hostname. I think one thing I have
>done in the past to get around a similar problem is just to always return the
>dotted quad (back in its normal arrangement) as if it were the hostname.
>
>-- Murphy
>
>On Aug 26, 2011, at 5:13 AM, ibrahim mun wrote:
>
>> Sorry!! I didn't see the -n :o
>> yes, with ping -n it works perfectly, the only problem is the DNS request
>> for every ping.
>>
>> Ibrahim,
>>
>> From: ibrahim.me...@alumnos.upm.es
>> To: jam...@nau.edu
>> CC: nox-dev@noxrepo.org
>> Subject: RE: [nox-dev] Adding DNS functionality to nox
>> Date: Fri, 26 Aug 2011 14:02:39 +0200
>>
>> It takes about 45 sec to respond, and it sends dns request for every ping!
>> however, nslookup responds in 0 sec. Also, no more unknown host messages.
>>
>> Ibrahim,
>>
>> Subject: Re: [nox-dev] Adding DNS functionality to nox
>> From: jam...@nau.edu
>> Date: Fri, 26 Aug 2011 04:24:53 -0700
>> CC: nox-dev@noxrepo.org
>> To: ibrahim.me...@alumnos.upm.es
>>
>> What's the behavior with "ping -n <host>" ?
>>
>> -- Murphy
>>
>> On Aug 26, 2011, at 4:05 AM, ibrahim mun wrote:
>>
>> Hi Murphy, Christian, All,
>>
>> The problem is partially solved. I've added the following code to
>> pyswitchpacket_in_callback
>>
>> # drop packets to dns 10.0.0.2
>> iph=packet.find("ipv4")
>> udph=packet.find("udp")
>> if iph!= None and udph!= None:
>> if iph.dstip==ipstr_to_int("10.0.0.2") and udph.dstport==53:
>> return CONTINUE
>>
>> Now I can always ping but:
>> 1. I have dns request for every ping (not cached?).
>> 2. It takes a lot of time to respond to ping, while as you suggested,
>> nslookup responds immediately. it seems something should be timed out before
>> ping responds.
>>
>> This is the traffic on "h3-eth0" for one " ping pc4"
>> http://codepad.org/DBZg46yB
>> And this is the expanded DNS reply packet as show in wireshark:
>> http://codepad.org/NEkkGH06
>>
>> Thank you,
>> Ibrahim
>>
>> Subject: Re: [nox-dev] Adding DNS functionality to nox
>> From: jam...@nau.edu
>> Date: Thu, 25 Aug 2011 13:34:58 -0700
>> CC: chest...@dca.fee.unicamp.br; nox-dev@noxrepo.org
>> To: ibrahim.me...@alumnos.upm.es
>>
>> What is generating these ICMP messages? You should be able to stop them by
>> dropping the packets you're intercepting. It strikes me as totally possible
>> that they are causing the problem.
>>
>> Also, I might try testing using nslookup or dig instead of ping.
>>
>> -- Murphy
>>
>> On Aug 25, 2011, at 9:55 AM, ibrahim mun wrote:
>>
>> Hi Christian,
>>
>> Wireshark shows standard dns replays, and that's why ping works sometimes.
>> The only irregularity I see are icmp "port unreachable" packets, generated
>> because nothing is listening on 10.0.0.2:53. but I think it's not the
>> problem!
>>
>> Thanks for you help.
>>
>> Ibrahim
>>
>> From: chest...@dca.fee.unicamp.br
>> Date: Thu, 25 Aug 2011 10:13:38 -0300
>> Subject: Re: [nox-dev] Adding DNS functionality to nox
>> To: ibrahim.me...@alumnos.upm.es
>>
>> Hi Ibrahim,
>>
>> I would try to trace back where the problem might be.
>>
>> As you pointed, this could be due to:
>> - nox and my reply packet,
>> - mininet,
>> - linux caches dns.
>> - ?
>>
>> For the first possibility, have you tried to capture the DNS traffic with
>> wireshark to see if they are correctly decoded?
>>
>> -Christian
>>
>> On Thu, Aug 25, 2011 at 07:22, ibrahim mun <ibrahim.me...@alumnos.upm.es>
>> wrote:
>> Hi again,
>>
>> One last question in this thread :) , about weird dns functionality:
>>
>> In mininet I have a single switch (s1), 4 hosts (h2,h3,h4,h5) (10.0.0.2 ->
>> 10.0.0.5)
>> resolve.conf points to 10.0.0.2 as dns server, but actually nox catchs dns
>> requests matching with dst port 53, builds the response packet and sends it
>> to the asker with src ip 10.0.0.2.
>>
>> first, I restart /etc/init.d/nscd, then
>> xterm h3
>> h3>> ping -c2 pc4
>> it works correctly for one time
>> ====================================
>> = PING pc4 (10.0.0.4) 56(84) bytes of data.
>> = 64 bytes from 10.0.0.4: icmp_seq=1 ttl=64 time=19.9 ms
>> = 64 bytes from 10.0.0.4: icmp_seq=2 ttl=64 time=3.39 ms
>> =
>> = --- pc4 ping statistics ---
>> = 2 packets transmitted, 2 received, 0% packet loss, time 1007ms
>> = rtt min/avg/max/mdev = 3.391/11.660/19.929/8.269 ms
>> ====================================
>>
>> then, for 3 to 5 times, it gives
>> ====================================
>> = ping: unknow host pc4
>> ====================================
>>
>> Then it works again for one time.
>>
>> Observations:
>> 1.. host sends dns request at every ping, even those with unknow host
>> 2. I changed TTL in the dns reply (the time to be cached) and it has no
>> effect.
>>
>> I don't know where is the problem (nox and my reply packet, mininet, how
>> linux caches dns)..
>>
>> Thanks,
>>
>> Ibrahim
>>
>> From: ibrahim.me...@alumnos.upm.es
>> To: jam...@nau.edu
>> CC: nox-dev@noxrepo.org
>> Subject: RE: [nox-dev] Adding DNS functionality to nox
>> Date: Fri, 19 Aug 2011 15:17:58 +0200
>>
>>
>> Hi murphy,
>>
>> Thank you very much, I stupidly thought that 0 is a special value which
>> means *full packet* instead of *zero bytes*, I've Added flows for both src
>> and dst ports with higher priorty than pyswitch rules and finally it
>> responses :D
>> thank you again!
>>
>> Ibrahim
>>
>> _______________________________________________
>> nox-dev mailing list
>> nox-dev@noxrepo.org
>> http://noxrepo.org/mailman/listinfo/nox-dev
>>
>>
>>
>>
>> --
>> Christian
>> _______________________________________________
>> nox-dev mailing list
>> nox-dev@noxrepo.org
>> http://noxrepo.org/mailman/listinfo/nox-dev
>>
>>
>>
>>
>
_______________________________________________
nox-dev mailing list
nox-dev@noxrepo.org
http://noxrepo.org/mailman/listinfo/nox-dev
