Re: DNS/DHCP problems

2011-10-17 Thread ~Stack~
On 10/13/2011 06:37 PM, ~Stack~ wrote:
 Hello all,
 
 I have continued working on these problems this week and I have made
 decent progress.

[snip]

 The problem I am still working on is that my FQDN does not seem to be
 working properly and I am not sure why. I still have not found an
 answer. As a refresher (so you don't have to dig through past emails):

[snip]

 I really do
 need to find an answer to the FQDN. If anyone has any ideas, please let
 me know.

I royally messed up my configuration today working on another problem.
Since I have taken really good notes, I was back up and running in just
an hour with a fresh install and all the configuration files I saved off
before I broke things.

I have no idea why, but the FQDN is working. It wasn't working before,
and I have a very similar build now (same config files for the most
part), but it works!

I wish I knew why, in case it happens again, but I am not complaining.

Thanks for the feedback!

~Stack~


Re: DNS/DHCP problems

2011-10-17 Thread Mike's List

I suggests you look at www.webmin.com and install on a  test system to
manage DNS.  Then review the setup/config by webmin and use the setup
files for named on your production, or use Webmin in production.  At
least this application gives you a setup/config framework and review for
errors, etc.


Mike


On Mon, 17 Oct 2011, ~Stack~ wrote:


On 10/13/2011 06:37 PM, ~Stack~ wrote:

Hello all,

I have continued working on these problems this week and I have made
decent progress.


[snip]


The problem I am still working on is that my FQDN does not seem to be
working properly and I am not sure why. I still have not found an
answer. As a refresher (so you don't have to dig through past emails):


[snip]


I really do
need to find an answer to the FQDN. If anyone has any ideas, please let
me know.


I royally messed up my configuration today working on another problem.
Since I have taken really good notes, I was back up and running in just
an hour with a fresh install and all the configuration files I saved off
before I broke things.

I have no idea why, but the FQDN is working. It wasn't working before,
and I have a very similar build now (same config files for the most
part), but it works!

I wish I knew why, in case it happens again, but I am not complaining.

Thanks for the feedback!

~Stack~



Re: DNS/DHCP problems

2011-10-13 Thread ~Stack~
Hello all,

I have continued working on these problems this week and I have made
decent progress. I really appreciate the feedback I got as it helped
point me to the right answers. I found answers for many of my questions
but I still am looking for answers on a few. I will re-ask one question
since it is in the theme of the thread, but the others I will post in a
new email as they are significantly different (trying to keep one topic
per thread).

The problem I am still working on is that my FQDN does not seem to be
working properly and I am not sure why. I still have not found an
answer. As a refresher (so you don't have to dig through past emails):

From host PXE1 `ping dev1` returns:
64 bytes from dev1.project.local (10.1.2.3)
From host PXE1 `ping dev1.project.local` returns:
ping unknown host dev1.project.local

So the host lookup is working and it resolved the FQDN but using a FQDN
to ping does not work.




For those that care to hear my solutions I have found to my questions:

A1) Do I need to create a dhcp-host entry for every hard set host on the
10.1.1.x network?
As Alec said in the thread, yes. At least all the answers I have found
so far say so and all the attempts I had done for the DNS to auto update
from clients has failed. Creating a manual entry for them just works and
is easy enough to manage .

A2) When I set the tag for the pxeboot group, it was not honored by the
DHCP. Why?
There are two parts to setting a tag. One in the dhcp-range that matches
a tag like this:
dhcp-range=net:pxeboot,10.1.3.1,10.1.3.255,255.255.0.0,12h

The second is in the dhcp-host that sets the tag like this:
dhcp-host=08:00:27:63:C7:B9,net:pxeboot,PXE1

Also, one thing that messed with me is if you split the config up in the
/etc/dnsmasq.d folder, you have to enable it. It does not appear to be
enabled by default in /etc/dnsmasq.conf.
conf-dir=/etc/dnsmasq.d

A3) PXE booting.
I had not attempted this when I first asked. However, once I got the
proper DHCP range set for the PXE boot, it was rather easy to do.

enable-tftp
tftp-root=/tftpboot
tftp-secure
dhcp-boot=net:pxeboot,pxelinux.0

I had to set permissions for the user account (user permissions and
SELinux permissions) and after that it was fairly standard PXE
environment. (If someone wants more details, send me an email and I will
post the full configuration).


That is all the updates for this thread that I have for now. I really do
need to find an answer to the FQDN. If anyone has any ideas, please let
me know.

Thanks!

~Stack~



signature.asc
Description: OpenPGP digital signature


Re: DNS/DHCP problems

2011-10-07 Thread Jon B
I have not used multiple dhcp-ranges before. but it seems to me for the problem 
2) When I set the tag for the pxeboot group, it was not honored by the
DHCP. Why?

for the dhcp-range command should it be.
dhcp-range=tag:devbox,10.1.2.1,10.1.2.255,255.255.0.0,12h


Re: DNS/DHCP problems

2011-10-07 Thread Jon B
Hi i was looking somemore and saw an example were the clients vendor class
is used to divide the clients into groups, and hence assigned to different
dhcp ranges by the server,

http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2005q1/000117.html

i think in the new version of dnsmasq tag: can be used instead of net:


Re: DNS/DHCP problems

2011-10-06 Thread jonathan
Hi, i use dnsmasq for a simple LAN to provide dhcp and dns, to start
with it did not work as i did not open the correct ports in the
firewall. UDP 67 and 68, as mentioned in the FAQ. I also have the
trusted DNS service 53/tcp and 53/udp enabled i not sure if this is
necaccery.
http://www.thekelleys.org.uk/dnsmasq/docs/FAQ
This new DHCP server is well and good, but it doesn't work for me.
   What's the problem?

jon
On Wed, 2011-10-05 at 16:42 -0500, ~Stack~ wrote:
 On 10/05/2011 02:23 PM, Alec T. Habig wrote:
  In a similar situation (although I don't PXE boot anything anymore) I
  use the dnsmasq package - it combines the basic functions of dhcp and
  dns servers with a whole lot less complexity:
 
 I looked into dnsmasq but the only way I could get it to work was to
 manage /etc/ethers and /etc/hosts manually. Then once I had it going, it
 was rather slow. Maybe I did something wrong and I should revisit it.
 How do you manage dnsmasq? Manually for every client?
 
 Thanks for your input. I do appreciate it!
 
 ~Stack~


Re: DNS/DHCP problems

2011-10-06 Thread ~Stack~
Hello again everyone!

After quite a bit of reading and thought I came to the conclusion that
no matter how I did this project, I am stuck with having multiple
subnets on one group of switches (I can't easily pull those apart). This
means that I am going to have to maintain a list of MAC
addresses/names/IP's somewhere just to differentiate between the
servers, dev hosts, and the PXE booted hosts. Therefore it doesn't
matter if it is maintained in DNSMasq or BIND/dhcpd. I have been doing
some reading on DNSmasq today and attempting to get it working (since
there appears to be several willing sources of help who use DNSMasq). I
think I made significant progress today, but I still have a few issues
and while I read the sections on PXE booting I have not yet attempted it
(due to one of the problems listed below).

The how is below but for those who just want to jump into it, my
questions are these:
1) Do I need to create a dhcp-host entry for every hard set host on the
10.1.1.x network?
2) When I set the tag for the pxeboot group, it was not honored by the
DHCP. Why?
3) My FQDN does not seem to be working properly and I am not sure why.
Any thoughts on what to try?


Here is what I have done:

The server is named network1.project.local .
* Standard install process using the default install GUI for SL 6.1.
* Set network settings as follows
IP: 10.1.1.10
Netmask: 255.255.0.0
Gateway:10.1.0.1 (the switches)
DNS servers: 10.1.1.10 (in theory anyway)
Search domains: project.local
* Minimal install that pulls 242 packages

From the 6.1 DVD I manually installed dnsmasq and firewall editor.
`rpm -ivh dnsmasq-2.48-4.el6.i686.rpm
system-config-firewall-tui-1.2.27-3.el6_0.2.noarch.rpm`

I modified the firewall so that /etc/sysconfig/iptables now looks like:
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 53 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 53 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 67 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 68 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 69 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

I modified the /etc/dnsmasq.conf file (ran `sed -e '/^#/d' -e '/^$/d'`
to strip out the excess) so it looks like this:
domain-needed
domain=project.local
dhcp-range=devbox,10.1.2.1,10.1.2.255,255.255.0.0,12h
dhcp-range=pxeboot,10.1.3.1,10.1.3.255,255.255.0.0,12h
log-queries
log-dhcp

I modified /etc/dnsmasq.d/dev.hosts to include:
dhcp-host=08:00:27:c3:a5:0b,set:devbox,Dev1,12h

I modified /etc/dnsmasq.d/pxe.hosts to include:
dhcp-host=08:00:27:7a:de:28,set:pxeboot,PXE1,12h

I figured I would split them now before I started adding in all the
other hosts. Should make it simpler later on.

service iptables restart
service dnsmasq restart

DNSMasq threw a message dnsdomainname: Host name lookup failure. I am
not sure this is the proper fix, but I just did a
`echo 10.1.1.10 network1.project.local network1  /etc/hosts`
and the problem went away...

This brings me to the first question: Do I need to create a dhcp-host
entry for every hard set host on the 10.1.1.x network? Was this just a
special case? I have a feeling I might have to. I wasn't planning on
having the server range DHCP'd but since it would be statically set on
the host I guess I dont see a reason why it couldn't be DHCP on the host
and statically set in the DNSMasq settings. Just not sure how to handle
the entries in DNSMasq and would like some input.

First host; Dev1.project.local.

From here I did an install on the host with the network card that
matched the MAC address for Dev1.
It gets a DHCP IP address of 10.1.2.3.
On the host network1 I can `ping Dev1` and I can `ping Dev1.project.local`.
On the host Dev1 I can `ping Dev1` but I can not `ping Dev1.project.local`.
:-/

Dev1 can not `ping network1` or `ping network1.project.local`. Hrm. More
on this later.

Second host; PXE1.

Same setup as the laste using the host with the network card that
matched the MAC address for PXE1.
It got an IP address of 10.1.2.1...Err...That should have been in the
10.1.3.x range...So I went back to the man pages for dnsmasq ( web
viewable [1] ). Under the -G, --dhcp-host section it seems to me that
my configuration should work, right? This is my second question: When I
set the tag for the pxeboot group, it was not honored by the DHCP. Why?
[1] http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html

Well until I can get that sorted, I am not going to try the tftpd mode
of DNSMasq. It *looks* promising and a lot easier then the method I was
initially going for. I am kinda excited to dig in, but I can't until I
get 

DNS/DHCP problems

2011-10-05 Thread Stack Kororā
Hello,

I have been working on a problem for a week now and I just don't seem to be
making much progress. In the name of easy I strayed down multiple
alternate paths and just ended up with more issues that wasted days of work
so I am returning back to the basics. I am hoping someone here can help as
this is outside of my normal strengths (though I am obviously willing to
learn).

I have posted questions for help elsewhere on the net, but as of right now I
either have not received a response or the response was not useful to my end
goal (not that it wasn't helpful as I have had a few nice people answer,
just that I was informed that I would not get the results I was after). I
originally requested help from the webmin team [1] and then a second group
suggested I look into prepackaged distros. Since then I have installed
everything from firewall distros to those that claim to be united network
platform distros . While I have used some of these products in the past (or
still do) I have not been able to achieve what I am after with them. Many
have just left me more frustrated (ex: a few of the firewall distros do not
support multiple subnets in their DHCP and forcing it in the config file
breaks the distro scripts pretty bad).
[1] http://sourceforge.net/mailarchive/message.php?msg_id=28165685


The end goal is this:

* I would like a server that serves up DHCP and DNS on a isolated LAN that
does *not* have internet connection (one Ethernet cable from servers to
giant bank of switches).
* There will be three subnets: one is manually assigned 10.1.1.x, the DHCP
server will have 10.1.2.x, and the DHCP/TFTPd server will server DHCP on
10.1.3.x.
* All hosts should resolve their hostnames (and FQDN's! ) in the DNS
regardless of if they are assigned via DHCP, manually, or PXE booted.
* I would _really_ like to have a second server that is failover in case
the first goes down, but I need the first working before I worry about that.


The first time I did this was with a minimal install of SL 6.1 + DVD (to
manually install rpms as I needed them). I didn't know much of anything
about DHCP/DNS and failed to get it to work. I then started reading about
webmin and I got DHCP to work but not in conjunction with DNS. I have since
read a lot about DNS and DHCP so I am not completely ignorant on how they
work but I am still very inexperienced in DNS and still having issues
getting basic functionality. Webmin was great getting me started, but I am
finding it easier to edit the config files directly then to figure out how
to try to force webmin to do something.

I have a minimal 6.1 install with DHCP and BIND DNS. Setting up the DHCP is
now pretty easy; I can reinstall the minimal OS and DHCP pretty quick now
(it may not be 100% correct but it works). I still have not messed with the
PXE booting on the DHCP yet, but I can get a system to receive a DHCP
address on the 10.1.2.x network and talk to the systems I manually set on
the 10.1.1.x and 10.1.3.x networks.

Right now, DNS (using the named service BIND provides) still doesn't work
right. The closest I have gotten was by accident. Some how (not sure how as
it was an accident) I managed to get the DNS server to work with the DHCP
server. So the two systems that were setup to get a 10.1.2.x DHCP addresses
could ping each other by hostname only. EG: `ping host1` and `ping host2`
would work and it claimed it was resolving to 'host1.project.local' but
`ping host1.project.local` would fail as hostname not found. Not only was
this by accident, but it was REALLY slow. It was at least 10 seconds from
the command being run to the first ping. However, none of the other systems
were resolvable and they couldn't resolve the DHCP systems. I restarted the
named service and then it all stopped working. I can't ping anyone by host
name anymore.

When BIND really started peeving me off, I looked into alternatives. I kinda
got dnsmasq working. However, I had to manually assign every mac address
with a IP in /etc/ethers and then manually add a hostname and IP in
/etc/hosts. Also, it was /really/ slow as well (probably my fault for lack
of experience). I realize I am probably going to have to manually manage
each MAC, hostname, IP for the PXE booting systems but I don't want to have
to manage all the servers (10.1.1.x) and desktops (10.1.2.x) as well. I
would much rather have this managed by the DNS server and it needs to be
flexible if I do get a secondary failover system working (I don't consider
hard coding every MAC, host, and IP on two systems very flexible). I have
since moved back to messing with BIND.

Does anyone have any suggestions for me? Is there a better method to this
then what I am doing? Should I be doing something different?

I really didn't think this project was going to be as complicated as it has
turned out to be. I have learned a lot so far, but it doesn't feel like I
have made much progress after a week of this. There are a lot of tutorials
on getting BIND to work with 

Re: DNS/DHCP problems

2011-10-05 Thread ~Stack~
On 10/05/2011 02:23 PM, Alec T. Habig wrote:
 In a similar situation (although I don't PXE boot anything anymore) I
 use the dnsmasq package - it combines the basic functions of dhcp and
 dns servers with a whole lot less complexity:

I looked into dnsmasq but the only way I could get it to work was to
manage /etc/ethers and /etc/hosts manually. Then once I had it going, it
was rather slow. Maybe I did something wrong and I should revisit it.
How do you manage dnsmasq? Manually for every client?

Thanks for your input. I do appreciate it!

~Stack~


Re: DNS/DHCP problems

2011-10-05 Thread Garrett Holmstrom

On 2011-10-05 12:15, Stack Kororā wrote:

* I would like a server that serves up DHCP and DNS on a isolated LAN
that does *not* have internet connection (one Ethernet cable from
servers to giant bank of switches).
* There will be three subnets: one is manually assigned 10.1.1.x, the
DHCP server will have 10.1.2.x, and the DHCP/TFTPd server will server
DHCP on 10.1.3.x.
* All hosts should resolve their hostnames (and FQDN's! ) in the DNS
regardless of if they are assigned via DHCP, manually, or PXE booted.
* I would _really_ like to have a second server that is failover in
case the first goes down, but I need the first working before I worry
about that.


snip


I have a minimal 6.1 install with DHCP and BIND DNS. Setting up the DHCP
is now pretty easy; I can reinstall the minimal OS and DHCP pretty quick
now (it may not be 100% correct but it works). I still have not messed
with the PXE booting on the DHCP yet, but I can get a system to receive
a DHCP address on the 10.1.2.x network and talk to the systems I
manually set on the 10.1.1.x and 10.1.3.x networks.

Right now, DNS (using the named service BIND provides) still doesn't
work right. The closest I have gotten was by accident. Some how (not
sure how as it was an accident) I managed to get the DNS server to work
with the DHCP server. So the two systems that were setup to get a
10.1.2.x DHCP addresses could ping each other by hostname only. EG:
`ping host1` and `ping host2` would work and it claimed it was resolving
to 'host1.project.local' but `ping host1.project.local` would fail as
hostname not found. Not only was this by accident, but it was REALLY
slow. It was at least 10 seconds from the command being run to the first
ping. However, none of the other systems were resolvable and they
couldn't resolve the DHCP systems. I restarted the named service and
then it all stopped working. I can't ping anyone by host name anymore.


I suggest you give some more details about your named and dhcpd 
configurations.  Also remember that if your network is not connected to 
the Internet at all then you need to run your own root nameserver to 
make DNS work reliably.


--
Garrett Holmstrom