Working network connectivity, not working DNS resolutions

Prev: PPTP VPN + radius on lenny
Next: glxinfo setting to verbose mode outputs no extra info?

From: Mike Viau on 25 Mar 2010 15:00

---

Hello debian-users,

I have run into an interesting issue with the DNS resolution on only one of my debian lenny systems on my network.

I have confirmed that this system has working network connectivity but I would like to restore the ability to query DNS records from my local DNS server which is also in my case my network gateway. Additionally I can ssh into the system easily while connected to the same local network 10.254.2.0/24

The working (as in with other systems on my network) DNS and router is at 10.254.2.254/24. The IP statically set for the debian system is 10.254.2.1/24

Some info from this AMD64 architecture system is below.

root(a)localhost:~# cat /etc/debian_version
5.0.4


root(a)localhost:~# cat /etc/resolv.conf
domain site
search site
nameserver 10.254.2.254


root(a)localhost:~# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.254.2.0 * 255.255.255.0 U 0 0 0 br200
default 10.254.2.254 0.0.0.0 UG 0 0 0 br200


Snippet from /etc/network/interfaces:

# LAN bridge
iface eth1.200 inet manual
auto br200
iface br200 inet static
address 10.254.2.1
network 10.254.2.0
netmask 255.255.255.0
broadcast 10.254.2.255
gateway 10.254.2.254
bridge-ports eth1.200


root(a)localhost:~# ping 66.249.90.104 (a google IP beyond local router)
PING 66.249.90.104 (66.249.90.104) 56(84) bytes of data.
64 bytes from 66.249.90.104: icmp_seq=1 ttl=53 time=25.7 ms
64 bytes from 66.249.90.104: icmp_seq=2 ttl=53 time=24.3 ms
64 bytes from 66.249.90.104: icmp_seq=3 ttl=53 time=25.0 ms


root(a)localhost:~# traceroute 66.249.90.104
traceroute to 66.249.90.104 (66.249.90.104), 30 hops max, 40 byte packets
1 * * *
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *


http://packages.debian.org/search?searchon=contents&keywords=resolv.conf&mode=filename&suite=stable&arch=amd64


Advice on how to troubleshoot further would be much appreciated, thanks.



-M

_________________________________________________________________
Live connected with Messenger on your phone
http://go.microsoft.com/?linkid=9712958

From: Ron Johnson on 25 Mar 2010 15:20

---

On 2010-03-25 13:54, Mike Viau wrote:
> Hello debian-users,
>
> I have run into an interesting issue with the DNS resolution on only
> _one_ of my debian lenny systems on my network.
>
> I have confirmed that this system has working network connectivity but I
> would like to restore the ability to query DNS records from my local DNS
> server which is also in my case my network gateway. Additionally I can
> ssh into the system easily while connected to the same local network
> 10.254.2.0/24
>
> The working (as in with other systems on my network) DNS and router is
> at 10.254.2.254/24. The IP statically set for the debian system is
> 10.254.2.1/24

How is this machine configured differently than the other two?

> Some info from this AMD64 architecture system is below.
>
> root(a)localhost:~# cat /etc/debian_version
> 5.0.4
>
>
> root(a)localhost:~# cat /etc/resolv.conf
> domain site
> search site

Why these two lines?

Why *before* the nameserver?

> nameserver 10.254.2.254
>

How are you populating this file?

> root(a)localhost:~# route
> Kernel IP routing table
> Destination Gateway Genmask Flags Metric Ref Use
> Iface
> 10.254.2.0 * 255.255.255.0 U 0 0 0
> br200
> default 10.254.2.254 0.0.0.0 UG 0 0 0
> br200
>
>
> Snippet from /etc/network/interfaces:
>
> # LAN bridge
> iface eth1.200 inet manual
> auto br200
> iface br200 inet static
> address 10.254.2.1

Why the non-standard interface name?

> network 10.254.2.0
> netmask 255.255.255.0
> broadcast 10.254.2.255
> gateway 10.254.2.254
> bridge-ports eth1.200
>

Why not add a dns-nameservers to "iface br200"?

> root(a)localhost:~# ping 66.249.90.104 (a google IP beyond local router)
> PING 66.249.90.104 (66.249.90.104) 56(84) bytes of data.
> 64 bytes from 66.249.90.104: icmp_seq=1 ttl=53 time=25.7 ms
> 64 bytes from 66.249.90.104: icmp_seq=2 ttl=53 time=24.3 ms
> 64 bytes from 66.249.90.104: icmp_seq=3 ttl=53 time=25.0 ms
>

Can you ping 10.254.2.254? I'm sure you can, but just asking.

> root(a)localhost:~# traceroute 66.249.90.104
> traceroute to 66.249.90.104 (66.249.90.104), 30 hops max, 40 byte packets
> 1 * * *
> 2 * * *

Try mtr-tiny instead.


--
"History does not long entrust the care of freedom to the weak
or the timid." Dwight Eisenhower


--
To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org
Archive: http://lists.debian.org/4BABB736.909(a)cox.net

From: Mike Viau on 25 Mar 2010 15:50

---

Thu, 25 Mar 2010 14:19:18 -0500 <ron.l.johnson(a)cox.net> wrote:
>
> On 2010-03-25 13:54, Mike Viau wrote:
> > Hello debian-users,
> >
> > I have run into an interesting issue with the DNS resolution on only
> > _one_ of my debian lenny systems on my network.
> >
> > I have confirmed that this system has working network connectivity but I
> > would like to restore the ability to query DNS records from my local DNS
> > server which is also in my case my network gateway. Additionally I can
> > ssh into the system easily while connected to the same local network
> > 10.254.2.0/24
> >
> > The working (as in with other systems on my network) DNS and router is
> > at 10.254.2.254/24. The IP statically set for the debian system is
> > 10.254.2.1/24
>
> How is this machine configured differently than the other two?
>

This machine is configured statically, while the others get their IP from DHCP, however when they are set statically they work fine too.

> > Some info from this AMD64 architecture system is below.
> >
> > root(a)localhost:~# cat /etc/debian_version
> > 5.0.4
> >
> >
> > root(a)localhost:~# cat /etc/resolv.conf
> > domain site
> > search site
>
> Why these two lines?
>
> Why *before* the nameserver?
>

I never changed the /etc/resolv.conf after running dhclient br200, so its my quess that this is the dhclient behaviour.

> > nameserver 10.254.2.254
> >
>
> How are you populating this file?
>

dhclient behaviour.

> > root(a)localhost:~# route
> > Kernel IP routing table
> > Destination Gateway Genmask Flags Metric Ref Use
> > Iface
> > 10.254.2.0 * 255.255.255.0 U 0 0 0
> > br200
> > default 10.254.2.254 0.0.0.0 UG 0 0 0
> > br200
> >
> >
> > Snippet from /etc/network/interfaces:
> >
> > # LAN bridge
> > iface eth1.200 inet manual
> > auto br200
> > iface br200 inet static
> > address 10.254.2.1
>
> Why the non-standard interface name?
>

This interface is bridged to VLAN. That way my host machine can run a 802.1q trunk to my network switch while remaining communicating with untagged machines on the vlan ID 200.

> > network 10.254.2.0
> > netmask 255.255.255.0
> > broadcast 10.254.2.255
> > gateway 10.254.2.254
> > bridge-ports eth1.200
> >
>
> Why not add a dns-nameservers to "iface br200"?
>

I am going to try this next ;)

> > root(a)localhost:~# ping 66.249.90.104 (a google IP beyond local router)
> > PING 66.249.90.104 (66.249.90.104) 56(84) bytes of data.
> > 64 bytes from 66.249.90.104: icmp_seq=1 ttl=53 time=25.7 ms
> > 64 bytes from 66.249.90.104: icmp_seq=2 ttl=53 time=24.3 ms
> > 64 bytes from 66.249.90.104: icmp_seq=3 ttl=53 time=25.0 ms
> >
>
> Can you ping 10.254.2.254? I'm sure you can, but just asking.
>

Yes and your correct as well.

> > root(a)localhost:~# traceroute 66.249.90.104
> > traceroute to 66.249.90.104 (66.249.90.104), 30 hops max, 40 byte packets
> > 1 * * *
> > 2 * * *
>
> Try mtr-tiny instead.

I am unable to make a connection to "http.us.debian.org."

It worth mentioning that I was able to update this system from the debian repos previously, but I am unware of what I might have done to break the DNS functionality.

>
>
> --
> "History does not long entrust the care of freedom to the weak
> or the timid." Dwight Eisenhower
>
>
> --
> To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian..org
> Archive: http://lists.debian.org/4BABB736.909(a)cox.net
>

-M

_________________________________________________________________
Check your Hotmail from your phone.
http://go.microsoft.com/?linkid=9712957

From: Mike Viau on 25 Mar 2010 16:10

---

Thu, 25 Mar 2010 14:19:18 -0500 <ron.l.johnson(a)cox.net> wrote:
>
> On 2010-03-25 13:54, Mike Viau wrote:
> > Hello debian-users,
> >
> > I have run into an interesting issue with the DNS resolution on only
> > _one_ of my debian lenny systems on my network.
> >
> > I have confirmed that this system has working network connectivity but I
> > would like to restore the ability to query DNS records from my local DNS
> > server which is also in my case my network gateway. Additionally I can
> > ssh into the system easily while connected to the same local network
> > 10.254.2.0/24
> >
> > The working (as in with other systems on my network) DNS and router is
> > at 10.254.2.254/24. The IP statically set for the debian system is
> > 10.254.2.1/24
>
> How is this machine configured differently than the other two?
>

This machine is configured statically, while the others get their IP from DHCP, however when they are set statically they work fine too.

> > Some info from this AMD64 architecture system is below.
> >
> > root(a)localhost:~# cat /etc/debian_version
> > 5.0.4
> >
> >
> > root(a)localhost:~# cat /etc/resolv.conf
> > domain site
> > search site
>
> Why these two lines?
>
> Why *before* the nameserver?
>

I never changed the /etc/resolv.conf after running dhclient br200, so its my quess that this is the dhclient behaviour.

> > nameserver 10.254.2.254
> >
>
> How are you populating this file?
>

dhclient behaviour.

> > root(a)localhost:~# route
> > Kernel IP routing table
> > Destination Gateway Genmask Flags Metric Ref Use
> > Iface
> > 10.254.2.0 * 255.255.255.0 U 0 0 0
> > br200
> > default 10.254.2.254 0.0.0.0 UG 0 0 0
> > br200
> >
> >
> > Snippet from /etc/network/interfaces:
> >
> > # LAN bridge
> > iface eth1.200 inet manual
> > auto br200
> > iface br200 inet static
> > address 10.254.2.1
>
> Why the non-standard interface name?
>

This interface is bridged to VLAN. That way my host machine can run a 802.1q trunk to my network switch while remaining communicating with untagged machines on the vlan ID 200.

> > network 10.254.2.0
> > netmask 255.255.255.0
> > broadcast 10.254.2.255
> > gateway 10.254.2.254
> > bridge-ports eth1.200
> >
>
> Why not add a dns-nameservers to "iface br200"?
>

Updated my /etc/network/interfaces with:

# INTERNAL LAN VLAN/BRIDGE
iface eth1.200 inet manual
auto br200
iface br200 inet static
dns-nameservers 10.254.2.254
address 10.254.2.1
netmask 255.255.255.0
network 10.254.2.0
broadcast 10.254.2.255
gateway 10.254.2.254
bridge-ports eth1.200


But I still experience the same output including an unmodified /etc/resolv.conf

> > root(a)localhost:~# ping 66.249.90.104 (a google IP beyond local router)
> > PING 66.249.90.104 (66.249.90.104) 56(84) bytes of data.
> > 64 bytes from 66.249.90.104: icmp_seq=1 ttl=53 time=25.7 ms
> > 64 bytes from 66.249.90.104: icmp_seq=2 ttl=53 time=24.3 ms
> > 64 bytes from 66.249.90.104: icmp_seq=3 ttl=53 time=25.0 ms
> >
>
> Can you ping 10.254.2.254? I'm sure you can, but just asking.
>

Yes and your correct as well.

> > root(a)localhost:~# traceroute 66.249.90.104
> > traceroute to 66.249.90.104 (66.249.90.104), 30 hops max, 40 byte packets
> > 1 * * *
> > 2 * * *
>
> Try mtr-tiny instead.

I am unable to make a connection to "http.us.debian.org."

It worth mentioning that I was able to update this system from the debian repos previously, but I am unware of what I might have done to break the DNS functionality.

>
>
> --
> "History does not long entrust the care of freedom to the weak
> or the timid." Dwight Eisenhower
>
>
> --
> To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian..org
> Archive: http://lists.debian.org/4BABB736.909(a)cox.net
>

-M


_________________________________________________________________
Take your contacts everywhere
http://go.microsoft.com/?linkid=9712959

From: Alexander Samad on 25 Mar 2010 18:30

---

On Fri, Mar 26, 2010 at 5:54 AM, Mike Viau <viaum(a)sheridanc.on.ca> wrote:
> Hello debian-users,
>
> I have run into an interesting issue with the DNS resolution on only one of
> my debian lenny systems on my network.
>
[snip]

So 10.254.2.254 is router, dgw, dns and it working
10.254.2.1 is machine you are on that can't do dns

* Have you check any firewall issues
* dig is your friend

dpkg -S /usr/bin/dig
dnsutils: /usr/bin/dig
link http://packages.debian.org/sid/dnsutils

with this you can query you dns and test the setup so something like
this from the .1 machine (and even test from the .254 machine to test
as well)

dig @10.254.2.254 google.com

this tells dig to talk to 10.254.2.254 and make a request for
google.com (this by passes the local resolv library and make a direct
request to the dns server)

see if that give you any answers - check the difference between doing
this on .1 and .254.

also try using you ISP's dns server address instead of 10.254.2.254

another tool would be tcpdump, in another windows/screen try this
tcpdump -pni <interface> host 10.254.2.254 and port 53 and then run
the dig command again, you should see requests being sent to the dns
server and you should see replies from there.

depending on the results would depend on what to do next :)


[snip]

In another email you said you can't install any packages because you
can't download to that machine.

if you download them to another machine and then scp over you can use
dpkg -i <packagename>

>
>
> Advice on how to troubleshoot further would be much appreciated, thanks.
>
>
> -M
>
> ________________________________
> Take your contacts everywhere. Try Messenger for mobile


--
To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org
Archive: http://lists.debian.org/836a6dcf1003251522x53388116saa2d741091dea02a(a)mail.gmail.com

 |  Next  |  Last
Pages: 1 2 3
Prev: PPTP VPN + radius on lenny
Next: glxinfo setting to verbose mode outputs no extra info?