DNS problem after upgrade

R

rblon

I have upgraded from 7.2 to 8.1, but now I have a DNS problem

The router assigns an IP address.
I can ping that IP address.
I can ping any other IP address (also outside my LAN)

However, I cannot ping using a host name

Code: 
#ping example.com
ping: cannot resolve example.com: Host name lookup failure

In /etc/resolv.conf, I have

Code: 
search lan
nameserver 10.0.1.1

where 10.0.1.1 is my routers address.
When I remove resolv.conf, the above file is auto-generated at boot.
When I remove the "search lan" line, it is added at boot.

However, there are two boot error messages
Code: 
route: writing to routing socket: Network is unreachable
add net default: gateway 10.0.1.1: Network is unreachable

Any ideas to troubleshoot this issue?

PS: On my Mac (which doesn't have any DNS issues), /etc/resolv.conf is

Code: 
domain lan
nameserver 10.0.1.1
 
rblon said:
In /etc/resolv.conf, I have

Code: 
search lan
nameserver 10.0.1.1

where 10.0.1.1 is my routers address.
When I remove resolv.conf, the above file is auto-generated at boot.
When I remove the "search lan" line, it is added at boot.
Click to expand...
More specifically, it's being generated by dhclient(8).

However, there are two boot error messages
Code: 
route: writing to routing socket: Network is unreachable
add net default: gateway 10.0.1.1: Network is unreachable

Any ideas to troubleshoot this issue?
Click to expand...
What IP address is your FreeBSD box being assigned to? It looks like it's getting a default gateway that isn't in it's subnet.
 
SirDice said:
What IP address is your FreeBSD box being assigned to? It looks like it's getting a default gateway that isn't in it's subnet.
Click to expand...

Code: 
#ifconfig -a
fxp0: flags=8843<UP, BROADCAST, RUNNING, SIMPLEX, MULTICAST> metric 0 mtu 1500
            options=2009<RXCSUM,VLAN_MTU,WOL_MAGIC>
            ether 00:08:02:52:04:0c
            inet 10.0.1.8 netmask 0xffffff00 broadcast 10.0.1.255
            media: Ethernet autoselect (100baseTX <full-duplex>)
            status: active
rl0: ....

10.0.1.8 is a fixed address (a DHCP reservation in the router based on the MAC address)

The DHCP Ending Address is 10.0.1.124 (mentioning that as the broadcast address is outside this range, but the Mac has also this broadcast address)
 
Try setting fxp0 to SYNCDHCP in /etc/rc.conf, it might help:
Code: 
ifconfig_fxp0="SYNCDHCP"
 
SirDice said:
Try setting fxp0 to SYNCDHCP in /etc/rc.conf, it might help:
Code: 
ifconfig_fxp0="SYNCDHCP"
Click to expand...

My /etc/rc.conf starts with:

Code: 
defaultrouter="10.0.1.1"
hostname="sub.mydomain.com"
ifconfig_fxp0="DHCP"

commenting out the first line or changing fxp0 to SYNCDHCP doesn't help

With the latter change, the boot error changes to

Code: 
route: writing to routing socket: File exists
add net default: gateway 10.0.1.1: route already in table
 
Ah. Remove the defaultrouter line. It's getting that information from dhclient (DHCP), so there's no need to specify it.

After that it should boot without errors and function properly.
 
but unfortunately the problem is still there (without ifconfig_fxp0, or equal to DHCP, or equal to SYNCDHCP)
 
Can you post your current rc.conf? Because I'm lost now. The only line(s) you should have are:
Code: 
hostname="server.example.com"
ifconfig_fxp0="SYNCDHCP"

Anything other than that? If you still have problems can you boot with rc_debug="YES" and post the result?
 
There are quite a few other lines in /etc/rc.conf

Code: 
sshd_enable="YES"

syslogd_enable="YES"
syslogd_flags="-ss"

ntpdate_enable="YES"

....

using rc_debug="YES" gives a lot of output, which I cannot copy-paste here (as I'm typing this on different machine, and I'm not able to ssh to the FreeBSD machine, which is a different problem), but I don't see obvious hints.
 
rblon said:
yes I am
Click to expand...
Ok then since you can ping your gateway lets proceed with some more network troubleshooting. Try to ping an IP in the Internet. A working one would be 195.170.0.2 See how this goes.
Also show us the output of your routing table:
Code: 
netstat -rn
 
Yes I can ping IPs outside my LAN.

Code: 
#netstat -rn
Routing tables

Internet:
Destination     Gateway    Flags    Refs    Use   Netif   Expire
default         10.0.1.1   UGS         0      0    fxp0
10.0.1.0/24     link#1     U           0     41    fxp0
10.0.1.8        link#1     UHS         0      0     lo0
127.0.0.1       link#4     UH          0      2     lo0

Internet6:
....
 
Ok. That seems to work fine. Basic networking works at least. Now try resolving something using your DNS server:
% dig @10.0.1.1 [url]http://www.google.com[/url]
 
FreeBSD:
Code: 
#dig @10.0.1.1 www.google.com

; <<>> DiG 9.6.-ESV-R2 <<>> @10.0.1.1 www.google.com
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached

Mac:
Code: 
#dig @10.0.1.1 www.google.com

; <<>> DiG 9.6.0-APPLE-P2 <<>> @10.0.1.1 wwww.google.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 31198
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;wwww.google.com.		IN	A

;; Query time: 32 msec
;; SERVER: 10.0.1.1#53(10.0.1.1)
;; WHEN: Wed Nov 17 08:57:39 2010
;; MSG SIZE  rcvd: 33
 
It is obvious that resolution doesn't work in your router. Therefor no issues with your FreeBSD box. Use an alternative DNS and you will be fine.

Regards,
George
 
gkontos said:
It is obvious that resolution doesn't work in your router. Therefor no issues with your FreeBSD box. Use an alternative DNS and you will be fine.

Regards,
George
Click to expand...

I am not sure how you reach this conclusion. Doesn't the fact that it seems to work from my Mac show that the problem is not with the router? Also, before the upgrade, FreeBSD worked fine in combination with the router.
 
Apparently, it is a firewall issue. When I set
Code: 
ipfilter_enable="NO"
it works fine.

Sorry for not presenting the problem very clear, but I appreciate the help

(it remains strange as ipf.rules hasn't changed, but I will post that in another thread if I can't figure it out)
 
rblon said:
I am not sure how you reach this conclusion. Doesn't the fact that it seems to work from my Mac show that the problem is not with the router?
Click to expand...
It doesn't work on your Mac either, there's no answer section. It should look like this:
Code: 
dice@molly:~>dig @192.168.1.1 www.google.com

; <<>> DiG 9.6.2-P2 <<>> @192.168.1.1 www.google.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48757
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 4, ADDITIONAL: 4

;; QUESTION SECTION:
;www.google.com.                        IN      A

;; ANSWER SECTION:
www.google.com.         166170  IN      CNAME   www.l.google.com.
www.l.google.com.       279     IN      A       209.85.229.104
www.l.google.com.       279     IN      A       209.85.229.147
www.l.google.com.       279     IN      A       209.85.229.99

;; AUTHORITY SECTION:
google.com.             78745   IN      NS      ns1.google.com.
google.com.             78745   IN      NS      ns2.google.com.
google.com.             78745   IN      NS      ns3.google.com.
google.com.             78745   IN      NS      ns4.google.com.

;; ADDITIONAL SECTION:
ns1.google.com.         251545  IN      A       216.239.32.10
ns2.google.com.         251545  IN      A       216.239.34.10
ns3.google.com.         251545  IN      A       216.239.36.10
ns4.google.com.         251545  IN      A       216.239.38.10

;; Query time: 11 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Wed Nov 17 11:09:00 2010
;; MSG SIZE  rcvd: 236
 
Ok, now that I have disabled the firewall, I get the following response
Code: 
#dig @10.0.1.1 www.google.com

; <<>> DiG 9.6.-ESV-R2 <<>> @10.0.1.1 www.google.com
; (1 server found)
;; global options: +cmd

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16577
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.google.com.			IN	A

;; ANSWER SECTION:
www.google.com.		598383	IN	CNAME	www.l.google.com.
www.l.google.com.	118	IN	A	173.194.36.104

;; Query time: 2 msec
;; SERVER: 10.0.1.1#53(10.0.1.1)
;; WHEN: Wed Nov 17 10:38:11 2010
;; MSG SIZE  rcvd: 68

So I guess that is ok, right?
Not sure why the Mac is not giving that
 
SirDice said:
Read the thread, it's been solved.
Click to expand...

The DNS problem was solved, but I haven't been able to sort out the firewall problem.

I think it is related to this bug.

However, it makes more sense to continue that discussion in this thread.
 
You must log in or register to reply here.
Back
Top