Unable to resolve LAN, can resolve internet

Network related discussions (including general TCP/IP stuff, routing, etc).

Unable to resolve LAN, can resolve internet

Postby v0idE » 27 Apr 2010, 04:44

Hi,

I have a FreeBSD router/firewall/DNS/DHCP server that has suddenly stopped resolving local machine IPs (192.168.3.84), but I can still resolve external IPs/hostnames. I can't give any insight into what might have changed with the machine because nothing has changed on it for quite a while - it's out of reach in the bottom of a closet.

I've spent a few hours last night and this morning trying different tests and slight changes to the BIND configuration but nothing has worked yet and I'm out of ideas/things to Google.

The FreeBSD machine is running FBSD 8.0-RELEASE-p1 and has BIND, ISC-DHCP, PF and PPP installed and running fine. I am positive it's not PF as it hasn't changed, but to be sure I have disabled it with [CMD="pfctl -d"][/CMD]

I am using these two computers to try to fix this:
blackhole - 192.168.3.101 (FBSD server)
hackedpackard - 192.168.3.84 (Arch Linux)


Below are the contents of the various files:

/etc/namedb/named.conf
http://pastebin.org/183802

/etc/namedb/master/gtfo-forward.db
http://pastebin.org/183796

/etc/namedb/master/3.168.192.db
http://pastebin.org/183800

/etc/namedb/master/localhost-forward.db (Standard from installation)
http://pastebin.org/183808

/etc/namedb/master/localhost-reverse.db (Standard from installation)
http://pastebin.org/183807

/var/log/messages
Code: Select all
Apr 27 15:20:36 blackhole named[1402]: starting BIND 9.7.0rc1 -t /var/named -u bind
Apr 27 15:20:36 blackhole named[1402]: built with '--localstatedir=/var' '--disable-linux-caps'
'--disable-symtable' '--with-randomdev=/dev/random' '--with-openssl=/usr' '--with-libxml2=/usr/local'
'--without-idn' '--enable-threads' '--sysconfdir=/etc/namedb' '--prefix=/usr' '--mandir=/usr/share/man'
'--infodir=/usr/share/info/' '--build=i386-portbld-freebsd8.0' 'build_alias=i386-portbld-freebsd8.0'
'CC=cc' 'CFLAGS=-O2 -pipe -fno-strict-aliasing' 'LDFLAGS= -rpath=/usr/lib:/usr/local/lib' 'CXX=c++'
'CXXFLAGS=-O2 -pipe -fno-strict-aliasing'
Apr 27 15:20:36 blackhole named[1402]: command channel listening on 127.0.0.1#953
Apr 27 15:20:36 blackhole named[1402]: the working directory is not writable


I can ping external IPs and hostnames without a problem:
Code: Select all
blackhole# ping google.com
PING google.com (66.102.11.104): 56 data bytes
64 bytes from 66.102.11.104: icmp_seq=0 ttl=58 time=65.855 ms

Code: Select all
blackhole# ping 66.102.11.104
PING 66.102.11.104 (66.102.11.104): 56 data bytes
64 bytes from 66.102.11.104: icmp_seq=0 ttl=58 time=16.766 ms


And I can dig external hostnames and IPs:
Code: Select all
blackhole# dig google.com

; <<>> DiG 9.7.0rc1 <<>> google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27263
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 4

;; QUESTION SECTION:
;google.com.                    IN      A

;; ANSWER SECTION:
google.com.             116     IN      A       66.102.11.104

;; AUTHORITY SECTION:
google.com.             86021   IN      NS      ns4.google.com.
google.com.             86021   IN      NS      ns3.google.com.
google.com.             86021   IN      NS      ns2.google.com.
google.com.             86021   IN      NS      ns1.google.com.

;; ADDITIONAL SECTION:
ns1.google.com.         84784   IN      A       216.239.32.10
ns2.google.com.         84800   IN      A       216.239.34.10
ns3.google.com.         84801   IN      A       216.239.36.10
ns4.google.com.         84801   IN      A       216.239.38.10

;; Query time: 5 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Apr 27 15:35:01 2010
;; MSG SIZE  rcvd: 180


Code: Select all
blackhole# dig -x 66.102.11.104

; <<>> DiG 9.7.0rc1 <<>> -x 66.102.11.104
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6099
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 4

;; QUESTION SECTION:
;104.11.102.66.in-addr.arpa.    IN      PTR

;; ANSWER SECTION:
104.11.102.66.in-addr.arpa. 84725 IN    PTR     syd01s01-in-f104.1e100.net.

;; AUTHORITY SECTION:
11.102.66.in-addr.arpa. 84725   IN      NS      ns2.google.com.
11.102.66.in-addr.arpa. 84725   IN      NS      ns3.google.com.
11.102.66.in-addr.arpa. 84725   IN      NS      ns1.google.com.
11.102.66.in-addr.arpa. 84725   IN      NS      ns4.google.com.

;; ADDITIONAL SECTION:
ns1.google.com.         84701   IN      A       216.239.32.10
ns2.google.com.         84717   IN      A       216.239.34.10
ns3.google.com.         84718   IN      A       216.239.36.10
ns4.google.com.         84718   IN      A       216.239.38.10

;; Query time: 56 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Apr 27 15:36:24 2010
;; MSG SIZE  rcvd: 230



But for internal IPs and hostnames, I can only ping IPs:
Code: Select all
blackhole# ping 192.168.3.84
PING 192.168.3.84 (192.168.3.84): 56 data bytes
64 bytes from 192.168.3.84: icmp_seq=0 ttl=64 time=0.444 ms

Code: Select all
blackhole# ping hackedpackard
ping: cannot resolve hackedpackard: Host name lookup failure

Code: Select all
blackhole# ping hackedpackard.gtfo.local
ping: cannot resolve hackedpackard.gtfo.local: Host name lookup failure


And I can't dig local hostnames but I can dig IPs:
Code: Select all
blackhole# dig hackedpackard

; <<>> DiG 9.7.0rc1 <<>> hackedpackard
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 7569
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;hackedpackard.                 IN      A

;; AUTHORITY SECTION:
.                       1147    IN      SOA     a.root-servers.net. nstld.verisign-grs.com. 2010042601 1800 900 604800 86400

;; Query time: 26 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Apr 27 15:37:06 2010
;; MSG SIZE  rcvd: 106


Code: Select all
blackhole# dig hackedpackard.gtfo.local

; <<>> DiG 9.7.0rc1 <<>> hackedpackard.gtfo.local
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 59439
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;hackedpackard.gtfo.local.      IN      A

;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Apr 27 15:38:30 2010
;; MSG SIZE  rcvd: 42


Code: Select all
blackhole# dig -x 192.168.3.84

; <<>> DiG 9.7.0rc1 <<>> -x 192.168.3.84
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33161
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;84.3.168.192.in-addr.arpa.     IN      PTR

;; ANSWER SECTION:
84.3.168.192.in-addr.arpa. 3600 IN      PTR     hackedpackard.gtfo.local.

;; AUTHORITY SECTION:
3.168.192.in-addr.arpa. 3600    IN      NS      blackhole.gtfo.local.

;; Query time: 2 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Apr 27 15:37:48 2010
;; MSG SIZE  rcvd: 105



hackedpackard:
Code: Select all
[thom@hackedpackard ~]$ cat /etc/resolv.conf
domain gtfo.local
nameserver 192.168.3.101

Code: Select all
[thom@hackedpackard ~]$ cat /etc/hosts
127.0.0.1               hackedpackard.gtfo.local hackedpackard localhost
192.168.3.84            hackedpackard.gtfo.local hackedpackard


blackhole:
Code: Select all
blackhole# cat /etc/resolv.conf
domain gtfo.local
nameserver 127.0.0.1
nameserver 192.168.3.101

Code: Select all
blackhole# cat /etc/hosts
::1                     localhost localhost.gtfo.local
127.0.0.1               localhost localhost.gtfo.local
192.168.3.101           blackhole.gtfo.local blackhole



I'm out of other ideas at the moment, so if you guys have anything please let me know.

Cheers.
v0idE
Junior Member
 
Posts: 16
Joined: 10 Sep 2009, 23:18

Postby SirDice » 27 Apr 2010, 06:48

Try [cmd=]dig hackedpackard.gtfo.local @192.168.3.101[/cmd]
Senior UNIX Engineer at Unix Support Nederland
Experience is something you don't get until just after you need it.
User avatar
SirDice
Old Fart
 
Posts: 16196
Joined: 17 Nov 2008, 16:50
Location: Rotterdam, Netherlands

Postby DutchDaemon » 27 Apr 2010, 13:14

Currently, your nameserver does not see itself as the authoritative nameserver for the gtfo.local domain (the aa flag is missing in the dig output). Use something like [cmd=]dig @192.168.3.101 $somehost +aaonly +norecurse[/cmd]

Also see other nice troubleshooting flags like [FILE]+trace[/FILE] in [man=1]dig[/man]. Use tcpdump on the DNS server's Internet interface to see whether 'local' queries are inadvertently forwarded to external nameservers.
User avatar
DutchDaemon
Old Fart
 
Posts: 10467
Joined: 16 Nov 2008, 20:17
Location: The Netherlands

Postby v0idE » 28 Apr 2010, 14:22

Thanks for the replies.

SirDice wrote:Try [cmd=]dig hackedpackard.gtfo.local @192.168.3.101[/cmd]

Here is the output:
Code: Select all
blackhole# dig hackedpackard.gtfo.local @192.168.3.101

; <<>> DiG 9.7.0rc1 <<>> hackedpackard.gtfo.local @192.168.3.101
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 20581
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;hackedpackard.gtfo.local.      IN      A

;; Query time: 3 msec
;; SERVER: 192.168.3.101#53(192.168.3.101)
;; WHEN: Thu Apr 29 01:06:52 2010
;; MSG SIZE  rcvd: 42


DutchDaemon wrote:Currently, your nameserver does not see itself as the authoritative nameserver for the gtfo.local domain (the aa flag is missing in the dig output). Use something like [cmd=]dig @192.168.3.101 $somehost +aaonly +norecurse[/cmd]

Also see other nice troubleshooting flags like [FILE]+trace[/FILE] in [man=1]dig[/man]. Use tcpdump on the DNS server's Internet interface to see whether 'local' queries are inadvertently forwarded to external nameservers.

Would it not see itself as the authoritative nameserver because I am forwarding to my ISPs nameservers in named.conf?
I will try your suggestion of tcpdump and post back with the results.
v0idE
Junior Member
 
Posts: 16
Joined: 10 Sep 2009, 23:18

Postby DutchDaemon » 28 Apr 2010, 14:37

Would it not see itself as the authoritative nameserver because I am forwarding to my ISPs nameservers in named.conf?


It should. We want to know if it does ;) These queries should not leave your server, and they should be answered authoritatively (aa).
User avatar
DutchDaemon
Old Fart
 
Posts: 10467
Joined: 16 Nov 2008, 20:17
Location: The Netherlands

Postby DutchDaemon » 28 Apr 2010, 14:40

Code: Select all
blackhole# dig hackedpackard.gtfo.local @192.168.3.101

; <<>> DiG 9.7.0rc1 <<>> hackedpackard.gtfo.local @192.168.3.101
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 20581
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0



Not good. You should see
Code: Select all
flags: qr aa rd;
on that query. If 192.168.3.101 is the authoritative namserver for gtfo.local, it must reply with 'aa'.
User avatar
DutchDaemon
Old Fart
 
Posts: 10467
Joined: 16 Nov 2008, 20:17
Location: The Netherlands

Postby DutchDaemon » 28 Apr 2010, 14:46

Note: I appear to be missing any active 'allow-query' statement in your named.conf. Try for example:
Code: Select all
zone "gtfo.local" {
        type master;
        file "master/gtfo-forward.db";
        allow-query { any; };
};
User avatar
DutchDaemon
Old Fart
 
Posts: 10467
Joined: 16 Nov 2008, 20:17
Location: The Netherlands


Return to Networking

Who is online

Users browsing this forum: No registered users and 0 guests