1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Unable to resolve LAN, can resolve internet

Discussion in 'Networking' started by v0idE, Apr 27, 2010.

  1. v0idE

    v0idE New Member

    Messages:
    16
    Likes Received:
    0
    Hi,

    I have a FreeBSD router/firewall/DNS/DHCP server that has suddenly stopped resolving local machine IPs (192.168.3.84), but I can still resolve external IPs/hostnames. I can't give any insight into what might have changed with the machine because nothing has changed on it for quite a while - it's out of reach in the bottom of a closet.

    I've spent a few hours last night and this morning trying different tests and slight changes to the BIND configuration but nothing has worked yet and I'm out of ideas/things to Google.

    The FreeBSD machine is running FBSD 8.0-RELEASE-p1 and has BIND, ISC-DHCP, PF and PPP installed and running fine. I am positive it's not PF as it hasn't changed, but to be sure I have disabled it with [CMD="pfctl -d"][/CMD]

    I am using these two computers to try to fix this:
    blackhole - 192.168.3.101 (FBSD server)
    hackedpackard - 192.168.3.84 (Arch Linux)


    Below are the contents of the various files:

    /etc/namedb/named.conf
    http://pastebin.org/183802

    /etc/namedb/master/gtfo-forward.db
    http://pastebin.org/183796

    /etc/namedb/master/3.168.192.db
    http://pastebin.org/183800

    /etc/namedb/master/localhost-forward.db (Standard from installation)
    http://pastebin.org/183808

    /etc/namedb/master/localhost-reverse.db (Standard from installation)
    http://pastebin.org/183807

    /var/log/messages
    Code:
    Apr 27 15:20:36 blackhole named[1402]: starting BIND 9.7.0rc1 -t /var/named -u bind
    Apr 27 15:20:36 blackhole named[1402]: built with '--localstatedir=/var' '--disable-linux-caps'
    '--disable-symtable' '--with-randomdev=/dev/random' '--with-openssl=/usr' '--with-libxml2=/usr/local'
    '--without-idn' '--enable-threads' '--sysconfdir=/etc/namedb' '--prefix=/usr' '--mandir=/usr/share/man'
    '--infodir=/usr/share/info/' '--build=i386-portbld-freebsd8.0' 'build_alias=i386-portbld-freebsd8.0'
    'CC=cc' 'CFLAGS=-O2 -pipe -fno-strict-aliasing' 'LDFLAGS= -rpath=/usr/lib:/usr/local/lib' 'CXX=c++'
    'CXXFLAGS=-O2 -pipe -fno-strict-aliasing'
    Apr 27 15:20:36 blackhole named[1402]: command channel listening on 127.0.0.1#953
    Apr 27 15:20:36 blackhole named[1402]: the working directory is not writable
    
    I can ping external IPs and hostnames without a problem:
    Code:
    blackhole# ping google.com
    PING google.com (66.102.11.104): 56 data bytes
    64 bytes from 66.102.11.104: icmp_seq=0 ttl=58 time=65.855 ms
    
    Code:
    blackhole# ping 66.102.11.104
    PING 66.102.11.104 (66.102.11.104): 56 data bytes
    64 bytes from 66.102.11.104: icmp_seq=0 ttl=58 time=16.766 ms
    
    And I can dig external hostnames and IPs:
    Code:
    blackhole# dig google.com
    
    ; <<>> DiG 9.7.0rc1 <<>> google.com
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27263
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 4
    
    ;; QUESTION SECTION:
    ;google.com.                    IN      A
    
    ;; ANSWER SECTION:
    google.com.             116     IN      A       66.102.11.104
    
    ;; AUTHORITY SECTION:
    google.com.             86021   IN      NS      ns4.google.com.
    google.com.             86021   IN      NS      ns3.google.com.
    google.com.             86021   IN      NS      ns2.google.com.
    google.com.             86021   IN      NS      ns1.google.com.
    
    ;; ADDITIONAL SECTION:
    ns1.google.com.         84784   IN      A       216.239.32.10
    ns2.google.com.         84800   IN      A       216.239.34.10
    ns3.google.com.         84801   IN      A       216.239.36.10
    ns4.google.com.         84801   IN      A       216.239.38.10
    
    ;; Query time: 5 msec
    ;; SERVER: 127.0.0.1#53(127.0.0.1)
    ;; WHEN: Tue Apr 27 15:35:01 2010
    ;; MSG SIZE  rcvd: 180
    
    Code:
    blackhole# dig -x 66.102.11.104
    
    ; <<>> DiG 9.7.0rc1 <<>> -x 66.102.11.104
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6099
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 4
    
    ;; QUESTION SECTION:
    ;104.11.102.66.in-addr.arpa.    IN      PTR
    
    ;; ANSWER SECTION:
    104.11.102.66.in-addr.arpa. 84725 IN    PTR     syd01s01-in-f104.1e100.net.
    
    ;; AUTHORITY SECTION:
    11.102.66.in-addr.arpa. 84725   IN      NS      ns2.google.com.
    11.102.66.in-addr.arpa. 84725   IN      NS      ns3.google.com.
    11.102.66.in-addr.arpa. 84725   IN      NS      ns1.google.com.
    11.102.66.in-addr.arpa. 84725   IN      NS      ns4.google.com.
    
    ;; ADDITIONAL SECTION:
    ns1.google.com.         84701   IN      A       216.239.32.10
    ns2.google.com.         84717   IN      A       216.239.34.10
    ns3.google.com.         84718   IN      A       216.239.36.10
    ns4.google.com.         84718   IN      A       216.239.38.10
    
    ;; Query time: 56 msec
    ;; SERVER: 127.0.0.1#53(127.0.0.1)
    ;; WHEN: Tue Apr 27 15:36:24 2010
    ;; MSG SIZE  rcvd: 230
    

    But for internal IPs and hostnames, I can only ping IPs:
    Code:
    blackhole# ping 192.168.3.84
    PING 192.168.3.84 (192.168.3.84): 56 data bytes
    64 bytes from 192.168.3.84: icmp_seq=0 ttl=64 time=0.444 ms
    
    Code:
    blackhole# ping hackedpackard
    ping: cannot resolve hackedpackard: Host name lookup failure
    
    Code:
    blackhole# ping hackedpackard.gtfo.local
    ping: cannot resolve hackedpackard.gtfo.local: Host name lookup failure
    
    And I can't dig local hostnames but I can dig IPs:
    Code:
    blackhole# dig hackedpackard
    
    ; <<>> DiG 9.7.0rc1 <<>> hackedpackard
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 7569
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
    
    ;; QUESTION SECTION:
    ;hackedpackard.                 IN      A
    
    ;; AUTHORITY SECTION:
    .                       1147    IN      SOA     a.root-servers.net. nstld.verisign-grs.com. 2010042601 1800 900 604800 86400
    
    ;; Query time: 26 msec
    ;; SERVER: 127.0.0.1#53(127.0.0.1)
    ;; WHEN: Tue Apr 27 15:37:06 2010
    ;; MSG SIZE  rcvd: 106
    
    Code:
    blackhole# dig hackedpackard.gtfo.local
    
    ; <<>> DiG 9.7.0rc1 <<>> hackedpackard.gtfo.local
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 59439
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
    
    ;; QUESTION SECTION:
    ;hackedpackard.gtfo.local.      IN      A
    
    ;; Query time: 1 msec
    ;; SERVER: 127.0.0.1#53(127.0.0.1)
    ;; WHEN: Tue Apr 27 15:38:30 2010
    ;; MSG SIZE  rcvd: 42
    
    Code:
    blackhole# dig -x 192.168.3.84
    
    ; <<>> DiG 9.7.0rc1 <<>> -x 192.168.3.84
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33161
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
    
    ;; QUESTION SECTION:
    ;84.3.168.192.in-addr.arpa.     IN      PTR
    
    ;; ANSWER SECTION:
    84.3.168.192.in-addr.arpa. 3600 IN      PTR     hackedpackard.gtfo.local.
    
    ;; AUTHORITY SECTION:
    3.168.192.in-addr.arpa. 3600    IN      NS      blackhole.gtfo.local.
    
    ;; Query time: 2 msec
    ;; SERVER: 127.0.0.1#53(127.0.0.1)
    ;; WHEN: Tue Apr 27 15:37:48 2010
    ;; MSG SIZE  rcvd: 105
    

    hackedpackard:
    Code:
    [thom@hackedpackard ~]$ cat /etc/resolv.conf
    domain gtfo.local
    nameserver 192.168.3.101
    
    Code:
    [thom@hackedpackard ~]$ cat /etc/hosts
    127.0.0.1               hackedpackard.gtfo.local hackedpackard localhost
    192.168.3.84            hackedpackard.gtfo.local hackedpackard
    
    blackhole:
    Code:
    blackhole# cat /etc/resolv.conf
    domain gtfo.local
    nameserver 127.0.0.1
    nameserver 192.168.3.101
    
    Code:
    blackhole# cat /etc/hosts
    ::1                     localhost localhost.gtfo.local
    127.0.0.1               localhost localhost.gtfo.local
    192.168.3.101           blackhole.gtfo.local blackhole
    

    I'm out of other ideas at the moment, so if you guys have anything please let me know.

    Cheers.
     
  2. SirDice

    SirDice Moderator Staff Member Moderator

    Messages:
    17,418
    Likes Received:
    14
    Try dig hackedpackard.gtfo.local @192.168.3.101
     
  3. DutchDaemon

    DutchDaemon Administrator Staff Member Administrator Moderator

    Messages:
    10,672
    Likes Received:
    26
    Currently, your nameserver does not see itself as the authoritative nameserver for the gtfo.local domain (the aa flag is missing in the dig output). Use something like dig @192.168.3.101 $somehost +aaonly +norecurse

    Also see other nice troubleshooting flags like +trace in dig(1). Use tcpdump on the DNS server's Internet interface to see whether 'local' queries are inadvertently forwarded to external nameservers.
     
  4. v0idE

    v0idE New Member

    Messages:
    16
    Likes Received:
    0
    Thanks for the replies.

    Here is the output:
    Code:
    blackhole# dig hackedpackard.gtfo.local @192.168.3.101
    
    ; <<>> DiG 9.7.0rc1 <<>> hackedpackard.gtfo.local @192.168.3.101
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 20581
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
    
    ;; QUESTION SECTION:
    ;hackedpackard.gtfo.local.      IN      A
    
    ;; Query time: 3 msec
    ;; SERVER: 192.168.3.101#53(192.168.3.101)
    ;; WHEN: Thu Apr 29 01:06:52 2010
    ;; MSG SIZE  rcvd: 42
    
    Would it not see itself as the authoritative nameserver because I am forwarding to my ISPs nameservers in named.conf?
    I will try your suggestion of tcpdump and post back with the results.
     
  5. DutchDaemon

    DutchDaemon Administrator Staff Member Administrator Moderator

    Messages:
    10,672
    Likes Received:
    26
    It should. We want to know if it does ;) These queries should not leave your server, and they should be answered authoritatively (aa).
     
  6. DutchDaemon

    DutchDaemon Administrator Staff Member Administrator Moderator

    Messages:
    10,672
    Likes Received:
    26
    Not good. You should see
    Code:
    flags: qr aa rd;
    on that query. If 192.168.3.101 is the authoritative namserver for gtfo.local, it must reply with 'aa'.
     
  7. DutchDaemon

    DutchDaemon Administrator Staff Member Administrator Moderator

    Messages:
    10,672
    Likes Received:
    26
    Note: I appear to be missing any active 'allow-query' statement in your named.conf. Try for example:
    Code:
    zone "gtfo.local" {
            type master;
            file "master/gtfo-forward.db";
            allow-query { any; };
    };