Re: DNS/DHCP problems
On 10/13/2011 06:37 PM, ~Stack~ wrote: Hello all, I have continued working on these problems this week and I have made decent progress. [snip] The problem I am still working on is that my FQDN does not seem to be working properly and I am not sure why. I still have not found an answer. As a refresher (so you don't have to dig through past emails): [snip] I really do need to find an answer to the FQDN. If anyone has any ideas, please let me know. I royally messed up my configuration today working on another problem. Since I have taken really good notes, I was back up and running in just an hour with a fresh install and all the configuration files I saved off before I broke things. I have no idea why, but the FQDN is working. It wasn't working before, and I have a very similar build now (same config files for the most part), but it works! I wish I knew why, in case it happens again, but I am not complaining. Thanks for the feedback! ~Stack~
Re: DNS/DHCP problems
I suggests you look at www.webmin.com and install on a test system to manage DNS. Then review the setup/config by webmin and use the setup files for named on your production, or use Webmin in production. At least this application gives you a setup/config framework and review for errors, etc. Mike On Mon, 17 Oct 2011, ~Stack~ wrote: On 10/13/2011 06:37 PM, ~Stack~ wrote: Hello all, I have continued working on these problems this week and I have made decent progress. [snip] The problem I am still working on is that my FQDN does not seem to be working properly and I am not sure why. I still have not found an answer. As a refresher (so you don't have to dig through past emails): [snip] I really do need to find an answer to the FQDN. If anyone has any ideas, please let me know. I royally messed up my configuration today working on another problem. Since I have taken really good notes, I was back up and running in just an hour with a fresh install and all the configuration files I saved off before I broke things. I have no idea why, but the FQDN is working. It wasn't working before, and I have a very similar build now (same config files for the most part), but it works! I wish I knew why, in case it happens again, but I am not complaining. Thanks for the feedback! ~Stack~
Re: DNS/DHCP problems
Hello all, I have continued working on these problems this week and I have made decent progress. I really appreciate the feedback I got as it helped point me to the right answers. I found answers for many of my questions but I still am looking for answers on a few. I will re-ask one question since it is in the theme of the thread, but the others I will post in a new email as they are significantly different (trying to keep one topic per thread). The problem I am still working on is that my FQDN does not seem to be working properly and I am not sure why. I still have not found an answer. As a refresher (so you don't have to dig through past emails): From host PXE1 `ping dev1` returns: 64 bytes from dev1.project.local (10.1.2.3) From host PXE1 `ping dev1.project.local` returns: ping unknown host dev1.project.local So the host lookup is working and it resolved the FQDN but using a FQDN to ping does not work. For those that care to hear my solutions I have found to my questions: A1) Do I need to create a dhcp-host entry for every hard set host on the 10.1.1.x network? As Alec said in the thread, yes. At least all the answers I have found so far say so and all the attempts I had done for the DNS to auto update from clients has failed. Creating a manual entry for them just works and is easy enough to manage . A2) When I set the tag for the pxeboot group, it was not honored by the DHCP. Why? There are two parts to setting a tag. One in the dhcp-range that matches a tag like this: dhcp-range=net:pxeboot,10.1.3.1,10.1.3.255,255.255.0.0,12h The second is in the dhcp-host that sets the tag like this: dhcp-host=08:00:27:63:C7:B9,net:pxeboot,PXE1 Also, one thing that messed with me is if you split the config up in the /etc/dnsmasq.d folder, you have to enable it. It does not appear to be enabled by default in /etc/dnsmasq.conf. conf-dir=/etc/dnsmasq.d A3) PXE booting. I had not attempted this when I first asked. However, once I got the proper DHCP range set for the PXE boot, it was rather easy to do. enable-tftp tftp-root=/tftpboot tftp-secure dhcp-boot=net:pxeboot,pxelinux.0 I had to set permissions for the user account (user permissions and SELinux permissions) and after that it was fairly standard PXE environment. (If someone wants more details, send me an email and I will post the full configuration). That is all the updates for this thread that I have for now. I really do need to find an answer to the FQDN. If anyone has any ideas, please let me know. Thanks! ~Stack~ signature.asc Description: OpenPGP digital signature
Re: DNS/DHCP problems
I have not used multiple dhcp-ranges before. but it seems to me for the problem 2) When I set the tag for the pxeboot group, it was not honored by the DHCP. Why? for the dhcp-range command should it be. dhcp-range=tag:devbox,10.1.2.1,10.1.2.255,255.255.0.0,12h
Re: DNS/DHCP problems
Hi i was looking somemore and saw an example were the clients vendor class is used to divide the clients into groups, and hence assigned to different dhcp ranges by the server, http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2005q1/000117.html i think in the new version of dnsmasq tag: can be used instead of net:
Re: DNS/DHCP problems
Hi, i use dnsmasq for a simple LAN to provide dhcp and dns, to start with it did not work as i did not open the correct ports in the firewall. UDP 67 and 68, as mentioned in the FAQ. I also have the trusted DNS service 53/tcp and 53/udp enabled i not sure if this is necaccery. http://www.thekelleys.org.uk/dnsmasq/docs/FAQ This new DHCP server is well and good, but it doesn't work for me. What's the problem? jon On Wed, 2011-10-05 at 16:42 -0500, ~Stack~ wrote: On 10/05/2011 02:23 PM, Alec T. Habig wrote: In a similar situation (although I don't PXE boot anything anymore) I use the dnsmasq package - it combines the basic functions of dhcp and dns servers with a whole lot less complexity: I looked into dnsmasq but the only way I could get it to work was to manage /etc/ethers and /etc/hosts manually. Then once I had it going, it was rather slow. Maybe I did something wrong and I should revisit it. How do you manage dnsmasq? Manually for every client? Thanks for your input. I do appreciate it! ~Stack~
Re: DNS/DHCP problems
Hello again everyone! After quite a bit of reading and thought I came to the conclusion that no matter how I did this project, I am stuck with having multiple subnets on one group of switches (I can't easily pull those apart). This means that I am going to have to maintain a list of MAC addresses/names/IP's somewhere just to differentiate between the servers, dev hosts, and the PXE booted hosts. Therefore it doesn't matter if it is maintained in DNSMasq or BIND/dhcpd. I have been doing some reading on DNSmasq today and attempting to get it working (since there appears to be several willing sources of help who use DNSMasq). I think I made significant progress today, but I still have a few issues and while I read the sections on PXE booting I have not yet attempted it (due to one of the problems listed below). The how is below but for those who just want to jump into it, my questions are these: 1) Do I need to create a dhcp-host entry for every hard set host on the 10.1.1.x network? 2) When I set the tag for the pxeboot group, it was not honored by the DHCP. Why? 3) My FQDN does not seem to be working properly and I am not sure why. Any thoughts on what to try? Here is what I have done: The server is named network1.project.local . * Standard install process using the default install GUI for SL 6.1. * Set network settings as follows IP: 10.1.1.10 Netmask: 255.255.0.0 Gateway:10.1.0.1 (the switches) DNS servers: 10.1.1.10 (in theory anyway) Search domains: project.local * Minimal install that pulls 242 packages From the 6.1 DVD I manually installed dnsmasq and firewall editor. `rpm -ivh dnsmasq-2.48-4.el6.i686.rpm system-config-firewall-tui-1.2.27-3.el6_0.2.noarch.rpm` I modified the firewall so that /etc/sysconfig/iptables now looks like: :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 53 -j ACCEPT -A INPUT -m state --state NEW -m udp -p udp --dport 53 -j ACCEPT -A INPUT -m state --state NEW -m udp -p udp --dport 67 -j ACCEPT -A INPUT -m state --state NEW -m udp -p udp --dport 68 -j ACCEPT -A INPUT -m state --state NEW -m udp -p udp --dport 69 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT I modified the /etc/dnsmasq.conf file (ran `sed -e '/^#/d' -e '/^$/d'` to strip out the excess) so it looks like this: domain-needed domain=project.local dhcp-range=devbox,10.1.2.1,10.1.2.255,255.255.0.0,12h dhcp-range=pxeboot,10.1.3.1,10.1.3.255,255.255.0.0,12h log-queries log-dhcp I modified /etc/dnsmasq.d/dev.hosts to include: dhcp-host=08:00:27:c3:a5:0b,set:devbox,Dev1,12h I modified /etc/dnsmasq.d/pxe.hosts to include: dhcp-host=08:00:27:7a:de:28,set:pxeboot,PXE1,12h I figured I would split them now before I started adding in all the other hosts. Should make it simpler later on. service iptables restart service dnsmasq restart DNSMasq threw a message dnsdomainname: Host name lookup failure. I am not sure this is the proper fix, but I just did a `echo 10.1.1.10 network1.project.local network1 /etc/hosts` and the problem went away... This brings me to the first question: Do I need to create a dhcp-host entry for every hard set host on the 10.1.1.x network? Was this just a special case? I have a feeling I might have to. I wasn't planning on having the server range DHCP'd but since it would be statically set on the host I guess I dont see a reason why it couldn't be DHCP on the host and statically set in the DNSMasq settings. Just not sure how to handle the entries in DNSMasq and would like some input. First host; Dev1.project.local. From here I did an install on the host with the network card that matched the MAC address for Dev1. It gets a DHCP IP address of 10.1.2.3. On the host network1 I can `ping Dev1` and I can `ping Dev1.project.local`. On the host Dev1 I can `ping Dev1` but I can not `ping Dev1.project.local`. :-/ Dev1 can not `ping network1` or `ping network1.project.local`. Hrm. More on this later. Second host; PXE1. Same setup as the laste using the host with the network card that matched the MAC address for PXE1. It got an IP address of 10.1.2.1...Err...That should have been in the 10.1.3.x range...So I went back to the man pages for dnsmasq ( web viewable [1] ). Under the -G, --dhcp-host section it seems to me that my configuration should work, right? This is my second question: When I set the tag for the pxeboot group, it was not honored by the DHCP. Why? [1] http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html Well until I can get that sorted, I am not going to try the tftpd mode of DNSMasq. It *looks* promising and a lot easier then the method I was initially going for. I am kinda excited to dig in, but I can't until I get
DNS/DHCP problems
Hello, I have been working on a problem for a week now and I just don't seem to be making much progress. In the name of easy I strayed down multiple alternate paths and just ended up with more issues that wasted days of work so I am returning back to the basics. I am hoping someone here can help as this is outside of my normal strengths (though I am obviously willing to learn). I have posted questions for help elsewhere on the net, but as of right now I either have not received a response or the response was not useful to my end goal (not that it wasn't helpful as I have had a few nice people answer, just that I was informed that I would not get the results I was after). I originally requested help from the webmin team [1] and then a second group suggested I look into prepackaged distros. Since then I have installed everything from firewall distros to those that claim to be united network platform distros . While I have used some of these products in the past (or still do) I have not been able to achieve what I am after with them. Many have just left me more frustrated (ex: a few of the firewall distros do not support multiple subnets in their DHCP and forcing it in the config file breaks the distro scripts pretty bad). [1] http://sourceforge.net/mailarchive/message.php?msg_id=28165685 The end goal is this: * I would like a server that serves up DHCP and DNS on a isolated LAN that does *not* have internet connection (one Ethernet cable from servers to giant bank of switches). * There will be three subnets: one is manually assigned 10.1.1.x, the DHCP server will have 10.1.2.x, and the DHCP/TFTPd server will server DHCP on 10.1.3.x. * All hosts should resolve their hostnames (and FQDN's! ) in the DNS regardless of if they are assigned via DHCP, manually, or PXE booted. * I would _really_ like to have a second server that is failover in case the first goes down, but I need the first working before I worry about that. The first time I did this was with a minimal install of SL 6.1 + DVD (to manually install rpms as I needed them). I didn't know much of anything about DHCP/DNS and failed to get it to work. I then started reading about webmin and I got DHCP to work but not in conjunction with DNS. I have since read a lot about DNS and DHCP so I am not completely ignorant on how they work but I am still very inexperienced in DNS and still having issues getting basic functionality. Webmin was great getting me started, but I am finding it easier to edit the config files directly then to figure out how to try to force webmin to do something. I have a minimal 6.1 install with DHCP and BIND DNS. Setting up the DHCP is now pretty easy; I can reinstall the minimal OS and DHCP pretty quick now (it may not be 100% correct but it works). I still have not messed with the PXE booting on the DHCP yet, but I can get a system to receive a DHCP address on the 10.1.2.x network and talk to the systems I manually set on the 10.1.1.x and 10.1.3.x networks. Right now, DNS (using the named service BIND provides) still doesn't work right. The closest I have gotten was by accident. Some how (not sure how as it was an accident) I managed to get the DNS server to work with the DHCP server. So the two systems that were setup to get a 10.1.2.x DHCP addresses could ping each other by hostname only. EG: `ping host1` and `ping host2` would work and it claimed it was resolving to 'host1.project.local' but `ping host1.project.local` would fail as hostname not found. Not only was this by accident, but it was REALLY slow. It was at least 10 seconds from the command being run to the first ping. However, none of the other systems were resolvable and they couldn't resolve the DHCP systems. I restarted the named service and then it all stopped working. I can't ping anyone by host name anymore. When BIND really started peeving me off, I looked into alternatives. I kinda got dnsmasq working. However, I had to manually assign every mac address with a IP in /etc/ethers and then manually add a hostname and IP in /etc/hosts. Also, it was /really/ slow as well (probably my fault for lack of experience). I realize I am probably going to have to manually manage each MAC, hostname, IP for the PXE booting systems but I don't want to have to manage all the servers (10.1.1.x) and desktops (10.1.2.x) as well. I would much rather have this managed by the DNS server and it needs to be flexible if I do get a secondary failover system working (I don't consider hard coding every MAC, host, and IP on two systems very flexible). I have since moved back to messing with BIND. Does anyone have any suggestions for me? Is there a better method to this then what I am doing? Should I be doing something different? I really didn't think this project was going to be as complicated as it has turned out to be. I have learned a lot so far, but it doesn't feel like I have made much progress after a week of this. There are a lot of tutorials on getting BIND to work with
Re: DNS/DHCP problems
On 10/05/2011 02:23 PM, Alec T. Habig wrote: In a similar situation (although I don't PXE boot anything anymore) I use the dnsmasq package - it combines the basic functions of dhcp and dns servers with a whole lot less complexity: I looked into dnsmasq but the only way I could get it to work was to manage /etc/ethers and /etc/hosts manually. Then once I had it going, it was rather slow. Maybe I did something wrong and I should revisit it. How do you manage dnsmasq? Manually for every client? Thanks for your input. I do appreciate it! ~Stack~
Re: DNS/DHCP problems
On 2011-10-05 12:15, Stack Kororā wrote: * I would like a server that serves up DHCP and DNS on a isolated LAN that does *not* have internet connection (one Ethernet cable from servers to giant bank of switches). * There will be three subnets: one is manually assigned 10.1.1.x, the DHCP server will have 10.1.2.x, and the DHCP/TFTPd server will server DHCP on 10.1.3.x. * All hosts should resolve their hostnames (and FQDN's! ) in the DNS regardless of if they are assigned via DHCP, manually, or PXE booted. * I would _really_ like to have a second server that is failover in case the first goes down, but I need the first working before I worry about that. snip I have a minimal 6.1 install with DHCP and BIND DNS. Setting up the DHCP is now pretty easy; I can reinstall the minimal OS and DHCP pretty quick now (it may not be 100% correct but it works). I still have not messed with the PXE booting on the DHCP yet, but I can get a system to receive a DHCP address on the 10.1.2.x network and talk to the systems I manually set on the 10.1.1.x and 10.1.3.x networks. Right now, DNS (using the named service BIND provides) still doesn't work right. The closest I have gotten was by accident. Some how (not sure how as it was an accident) I managed to get the DNS server to work with the DHCP server. So the two systems that were setup to get a 10.1.2.x DHCP addresses could ping each other by hostname only. EG: `ping host1` and `ping host2` would work and it claimed it was resolving to 'host1.project.local' but `ping host1.project.local` would fail as hostname not found. Not only was this by accident, but it was REALLY slow. It was at least 10 seconds from the command being run to the first ping. However, none of the other systems were resolvable and they couldn't resolve the DHCP systems. I restarted the named service and then it all stopped working. I can't ping anyone by host name anymore. I suggest you give some more details about your named and dhcpd configurations. Also remember that if your network is not connected to the Internet at all then you need to run your own root nameserver to make DNS work reliably. -- Garrett Holmstrom