lookup failure after netif and routing restart

[jemate18]

I have a gateway machine with 1 public and 1 private IP address.

It all works well.

We decided to change the IP address (public) because our primary ISP is down.

After changing the details of the rc.conf for the new defaultrouter and static IP for the
public ip. I did these commands

/etc/rc.d/netif restart && /etc/rc.d/routing restart

All works well again after checking the new IP address by using

ifconfig

But here is what the problem is, name resolution doesn't work.
I have to restart the server for name resolution to work.

is there something in rc.d service that I need to restart so that
name resolution will work without rebooting the entire server?

* We use openDNS in /etc/resolv.conf

Thanks

 

[sixtydoses]

AFAIK unless you're using DHCP nothing should touch your /etc/resolv.conf.

 

[jemate18]

AFAIK unless you're using DHCP nothing should touch your /etc/resolv.conf.

I have a DHCP server running in that gateway, so that clients will get their network configured.

So do I have to restart dhcpd too after the netif and routing restart?

 

[sixtydoses]

Well you're running dhcpd server, restarting dhcpd service will only affect the clients. And editing /etc/resolv.conf can be done on the fly, there's no need to restart any service, let alone restarting the server.

Last time I had my FreeBSD to act as gateway, but it was all static (except for public IP which I got from my ISP). So I'm not all sure about this whole dhcp server setup thing, sorry.

 

[sixtydoses]

Check your /etc/rc.conf for services that you've configured to start up on boot. That'll give you an idea on what service that you'd probably need to restart. Hmm.. was just wondering if your server acts as a DNS server as well?

 

[jemate18]

Check your /etc/rc.conf for services that you've configured to start up on boot. That'll give you an idea on what service that you'd probably need to restart. Hmm.. was just wondering if your server acts as a DNS server as well?

Yup... I have a dnsmasq (dns server) also.. The clients use this as their primary dns.

I've tried restarting it. But no luck.... To make things work, I need to reboot the system

 

[sixtydoses]

Gonna leave to the experts to chime in. Not sure about this, probably it's just OpenDNS has yet to update your IP after you switched ISP.

Good luck.

 

[DutchDaemon]

How does "name resolution doesn't work" present itself, e.g. when doing a 'dig' or a 'nslookup' command? Do you get timeouts, an NXDOMAIN response? Have you tried running a tcpdump on port 53 after you restart the routing? Does DNS resolving from your client network work, or does all of the resolving go wrong after restarting networking and routing? Any firewalling enabled?

 

[expl]

Post your rc.conf please of the machine you have resolve problems.

 

[jemate18]

Post your rc.conf please of the machine you have resolve problems.

Here is my rc.conf

defaultrouter="***.***.***.***"
gateway_enable="YES"
hostname="myserver.mydomain"

ifconfig_xl0="inet ***.***.***.*** netmask ***.***.***.***"
ifconfig_xl1="inet 192.168.0.1 netmask 255.255.255.0"

fsck_y_enable="YES"
background_fsck="NO"
pf_enable="YES"
pf_rules="/etc/pf.conf"
pflog_enable="YES"
sshd_enable="YES"
dhcpd_enable="YES"
dhcpd_iface="xl0"
ftpproxy_enable="YES"
dnsmasq_enable="YES"

 

[jemate18]

How does "name resolution doesn't work" present itself, e.g. when doing a 'dig' or a 'nslookup' command? Do you get timeouts, an NXDOMAIN response? Have you tried running a tcpdump on port 53 after you restart the routing? Does DNS resolving from your client network work, or does all of the resolving go wrong after restarting networking and routing? Any firewalling enabled?

1. How does "name resolution doesn't work" present itself

timeouts

2. Do you get timeouts, an NXDOMAIN response?

Yes

3. Have you tried running a tcpdump on port 53 after you restart the routing?

Nope

4. Does DNS resolving from your client network work, or does all of the resolving go wrong after restarting networking and routing?

all of the resolving goes wrong after restarting networking
and routing

5. Any firewalling enabled?

I have pf running.

Thanks

 

[robbak]

OK, then run tcpdump on port 53 (sudo tcpdump -i xl0 port 53). You will be able to determine if dns packets are going out, and if they are returning.

As you have pf running, we are going to want to check that, so we can confirm that it is not the problem.

Also, as you have pflog there, have you monitored the pf logging? The instructions to do that are in man pflog: search for EXAMPLES.

(Just a side-point: the thing that those trying to help others most dislike is having to pull the answers to basic questions out of the people asking for help. Believe it or not, we prefer to have to read overlong initial posts filled with surplus information! As long as it is reassonably formatted (using [code][/code] labels for file contents and terminal output, for instance) we can easily skim over things we don't need to know. Just helping!)