#StackBounty: #16.04 #dns How do I allow more than 3 DNS servers in Ubuntu 16?

Bounty: 50

In my /etc/network/interfaces I have multiple servers listed on dns-nameservers, one set of ubuntu servers has 3, another 4. We had no issues until we were forced to add yet 2 more to each, but we still could not successfully resolve using the new DNS servers. After some investigation, we found that only 3 DNS servers were copied into /etc/resolv.conf. We are able to resolve our immediate issue by putting the 3 primary servers in there and omitting the backup DNS servers, but I’d like to get keep all necessary DNS servers available.

As for why so many:

  • 8.8.8.8 is used because it gets updated information faster than our internal ones
  • Our internal network DNS
  • Another DNS for a DB cluster


Get this bounty!!!

#StackBounty: #dns #hosts-file `.dev` TLD resolves to 127.0.0.1

Bounty: 150

My Mac (Mojave 10.14) is unable to access any website with a .dev domain name, such as get.dev. I tried running $ ping get.dev and got the following output:

PING get.dev (127.0.0.1): 56 data bytes
64 bytes from 127.0.0.1: icmp_seq=0 ttl=64 time=0.044 ms
64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.161 ms
64 bytes from 127.0.0.1: icmp_seq=2 ttl=64 time=0.070 ms
64 bytes from 127.0.0.1: icmp_seq=3 ttl=64 time=0.166 ms
64 bytes from 127.0.0.1: icmp_seq=4 ttl=64 time=0.189 ms
64 bytes from 127.0.0.1: icmp_seq=5 ttl=64 time=0.056 ms
^C
--- get.dev ping statistics ---
6 packets transmitted, 6 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.044/0.114/0.189/0.059 ms

I know it’s been popular to remap .dev to localhost, and thought I might have done that at some point in the past and forgot about it. However, when I run $ cat /etc/hosts:

##
# Host Database
#
# localhost is used to configure the loopback interface
# when the system is booting.  Do not change this entry.
##
127.0.0.1   localhost
255.255.255.255 broadcasthost
::1             localhost

I’m not sure where to continue troubleshooting this. Are there any other hosts files that might add additional entries?

EDIT: My DNS is set up to use 1.1.1.1, according to their instructions.


Get this bounty!!!

#StackBounty: #heroku #dns #cname Heroku's DNS is causing conflicts with Google Suite MX records

Bounty: 100

Heroku DNS is causing troubles: cannot recieve any email at myuser@stickersgallito.com that uses Google Suite as Mailbox.

My host provider is Punto.pe a peruvian company.

My projects is hosted in Heroku, in there I’ve 2 DNS:

1) www.stickersgallito.pe -> ancient-crab-bwwmzXXXXXXXXXXXX.herokudns.com
2) stickersgallito.pe -> functional-wallaby-XXXXXXXXXXXXXXXX.herokudns.com

enter image description here

I need that people can visit the site entering: www.stickersgallito.pe or just stickersgallito.pe.

So I’ve entered these 2 records as CNAMEs in my Host Provider Registry Panel.

Problem:

I’ve also set up other tools like MailGun and Google Suite (to have mailboxes like omar@stickersgallito.pe). MailGun functions correctly, I can visit the page either using: www.stickersgallito.pe or stickersgallito.pe.

But I cannot recieve emails at omar@stickersgallito.pe.

I’ve consulted my Host Provider and the say that the record for
stickersgallito.pe ->
functional-wallaby-XXXXXXXXXXXXXXXX.herokudns.com is the
problem
. It’s interfering with other records.

They don’t offer any solution, but point to Heroku for a response.
Heroku point me to their documentation and if after following it’s steps it doesn’t work I should talk to my Host Provider.

My host provider says that if I can provide an IP Address from Heroku we could solve this. Heroku’s doesn’t offer an IP address as far as I know.

Google Documentation to Set Up MX Records:

https://support.google.com/a/answer/140034?hl=en

What can I do?

DNSs in Host Provider:

enter image description here

Registers:

enter image description here


Get this bounty!!!

#StackBounty: #networking #server #dns Network Troubles – Cannot Ping Windows PC

Bounty: 50

I’ve seen a lot of similar questions but nothing seems to quite describe my situation.

I have a few devices on my network, LinuxPC, WindowsPC, Laptop, and NAS.

From my LinuxPc running Ubunutu 18.04 I can successfully ping Laptop and NAS:

ping Laptop
PING LAPTOP (192.168.1.5) 56(84) bytes of data.
64 bytes from LAPTOP.local (192.168.1.5): icmp_seq=1 ttl=128 time=1.04 ms

ping NAS
PING NAS (192.168.1.12) 56(84) bytes of data.
64 bytes from NAS.local (192.168.1.12): icmp_seq=1 ttl=128 time=1.04 ms

However, when I try to ping the WindowsPc it fails

ping WindowsPc
ping: WindowsPc: System error

Now, it’s not that WindowsPc isn’t the correct type. If I ping a random name that doesn’t exist – ping asdfasdf – I get a different message entirely: ping: asdfasdf: Name or service not known

I also thought it might be a firewall issue, but if I use my Windows Laptop, I can ping WindowsPC without any trouble. And if I ping the IP address directly from my Linux PC it works great.

So every other device on the network can access WindowsPC by name, except Ubuntu.

I’ve done things like install netbind and added ‘wins’ to my /etc/nsswitch.conf file and that allowed me to ping everything else. But not my PC.

What am I doing wrong here?


Get this bounty!!!

#StackBounty: #dns #dhcp #amazon-web-services #amazon-ec2 dhclient lease renewal occasionally breaks DNS resolution

Bounty: 50

I have a set of ec2 instances (ubuntu trusty 14.04) that I have never done any special dhcp configuration with. It’s on a VPC with the default dhcp options.

For some reason, roughly ever 25 minutes, I see this in my logs

(IP’s and xid are scrubbed)

DHCPREQUEST of 172.16.1.111 on eth0 to 172.16.0.1 port 67 (xid=0x0000000c)
DHCPACK of 172.16.1.111 from 172.16.0.1
bound to 172.16.1.111 -- renewal in 1693 seconds.

(The exact number of seconds changes between 1300 and 1700.)

Occasionally, like once every 10 days, this renewal will break DNS, and my running application will start giving errors like getaddrinfo: Name or service not known. Once the renewal runs again in about 25 minutes, the problem is resolved. I have tested this by waiting for a failure and manually renewing the dhclient lease (sudo dhclient -v -r eth0 then sudo dhclient -v eth0), and seeing that fix the issue instantly.

I have 2 questions:

  1. Why is the renewal time this strange ~25 minute number? I know that I can set this through a conf file, but this seems like it’s a strange default.

  2. Why does it sometimes break DNS resolution? This is the main issue here. My other sets of ec2 instances also have this short DHCP renewal time, but only this one set of instances has the issue where, occasionally, DNS breaks when DHCP is renewed.


Get this bounty!!!

#StackBounty: #networking #wireless-networking #dns #bluetooth How does expressjs serve website over bluetooth without internet?

Bounty: 100

Trying to make an app that would work for clubs that meet in locations without internet or wifi (ie church basements).

I found this question and answer, but found no hope https://stackoverflow.com/questions/10502645/serving-a-local-website-via-bluetooth-to-a-cellphone-without-using-the-internet since the top answer was super high level from 2011.

I then found this from 2014
https://discussions.apple.com/thread/4308091

This part worked:

You need to make it work, by assigning blutooth PAN a
manually assigned ip address.

192.168.2.1 subnet 255.255.255.0 and in router address field 192.168.2.1, provide DNS as 8.8.8.8 and second dns 8.8.4.4. Of course enable the internet sharing beforehand.

My Mac was serving on localhost:9190 and I was able to go to http://macname.local:9190 to hit my website where macname is what showed up in my “Sharing” system settings when doing Internet Sharing from Bluetooth PAN to computers using Bluetooth PAN.

I celebrated this working, but I have no idea what the DNS bit is for, given I never type those numbers. What am I doing manually that makes this work? Ensuring that the ip and router are the same address? I tested this with zero internet (wifi off) on my laptop. Really just looking to understand why/how this works


Get this bounty!!!

#StackBounty: #networking #browser #dns #xmlhttprequest Stale host addresses in Chrome

Bounty: 50

I’m tracking down a problem with our web application whereby a CNAME record swap of our site’s domain is not picked up by Chrome for a long time, far exceeding the 300 second TTL of the DNS record. The remote address reported in Chrome inspector network tab for all XHR requests to our server is stale.

If I copy the XHR requests as curl and run it in the terminal then I can confirm it uses the IP addresses of the newly swapped-to domain, as expected. nslookup also reports the same addresses, so my local DNS cache appears to be fine.

In Chrome’s netlog viewer (catapult) I can see our website’s domain has an expired entry in the DNS cache with a TTL set to 10 seconds. I can also see requests made well after the entry expired, so it seems like Chrome isn’t even checking the cache at all!

Curiously, when I flush the idle sockets on chrome://net-internals/#sockets then the host resolver does trigger as part of the SSL handshake and the new IP address is picked up.

My feeling is this is our web application is doing something to cause this weird behaviour. I’ve checked another one of our sites but cannot reproduce the problem. I thought we might be hanging on to a connection somewhere, but we’re not using websockets and I can’t see any other hanging network requests.

Any help greatly appreciated!


Get this bounty!!!

#StackBounty: #vpn #dns Clients connected through OpenVPN unable to process DNS requests through Pi-hole

Bounty: 100

I am on Rasbian Stretch. I installed OpenVPN (via PiVPN) and Pi-Hole (4.2).
I setup my Pi-Hole (that runs on 192.168.1.6 on the LAN) to use Cloudflare DNS over TLS (using the cloudflared service on port 5054).
Pi-Hole works great locally (other clients on the LAN pointing their DNS to 192.168.1.6 can navigate properly and I see their stats in the admin panel).

The problem is when I try to setup OpenVPN to use 192.168.1.6 (port 5054) as DNS server. I see no specific error in the logs but clients connected through the VPN just don’t navigate. Everything starts working again if I change the setting in server.conf to use other DNS (like 1.1.1.1 directly).

This is my /etc/openvpn/server.conf

dev tun
proto udp
port 50001
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/server_wohFvJ5DCWXXXXXX.crt
key /etc/openvpn/easy-rsa/pki/private/server_wohFvJ5DCWXXXXXX.key
dh none
topology subnet
server 10.8.0.0 255.255.255.0
# Set your primary domain name server address for clients
push "dhcp-option DNS 192.168.1.6"
push "dhcp-option DNS 1.0.0.1"
push "block-outside-dns"
# Override the Client default gateway by using 0.0.0.0/1 and
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
# overriding but not wiping out the original default gateway.
push "redirect-gateway def1"
client-to-client
keepalive 1800 3600
remote-cert-tls client
tls-version-min 1.2
tls-crypt /etc/openvpn/easy-rsa/pki/ta.key
cipher AES-256-CBC
auth SHA256
user nobody
group nogroup
persist-key
persist-tun
crl-verify /etc/openvpn/crl.pem
status /var/log/openvpn-status.log 20
status-version 3
syslog
verb 3
#DuplicateCNs allow access control on a less-granular, per user basis.
#Remove # if you will manage access by user instead of device. 
#duplicate-cn
# Generated for use by PiVPN.io

And this is /etc/dnsmasq.d/01-pihole.conf:

addn-hosts=/etc/pihole/gravity.list
addn-hosts=/etc/pihole/black.list
addn-hosts=/etc/pihole/local.list

user=pihole
group=pihole

localise-queries

no-resolv

cache-size=10000

log-queries
log-facility=/var/log/pihole.log

local-ttl=2

log-async

# If a DHCP client claims that its name is "wpad", ignore that.
# This fixes a security hole. see CERT Vulnerability VU#598349
dhcp-name-match=set:wpad-ignore,wpad
dhcp-ignore-names=tag:wpad-ignore
server=127.0.0.1#5054
domain-needed
bogus-priv
interface=eth0

I tried changing push "dhcp-option DNS 192.168.1.6" to push "dhcp-option DNS 10.8.0.0" or 10.8.0.1 but nothing changes.

Any ideas why clients connected through OpenVPN can’t navigate? What’s wrong in my config? I want them to process DNS queries using cloudflared on port 5054 of the Pi.


Get this bounty!!!

#StackBounty: #dns #query #qnap DNS queries "DomainServer.dom.local.dev.null" by QNAP NAS

Bounty: 50

We encounter strange DNS queries intiated by a QNAP NAS:

DomainServer.dom.local.dev.null

DomainServer.dom.local (name is obfuscated here) is the valid name of the domain controller. But the NAS adds .dev.null to the name.

This looks to me as if a default DNS name is configured which is added automatically. But I can not find such a setting on the NAS.

Can someone explain this?


From the DNS log of the domain controller

Devices in the log

  • 192.168.0.1 = domain controller (DomainServer.dom.local)
  • 192.168.0.16 = QNAP NAS
  • 192.168.0.254 = Sophos UTM

15.01.2019 11:53:39 2728 PACKET  000000E796562170 UDP Rcv 192.168.0.16    4c9e   Q [0001   D   NOERROR] AAAA   (12)NameOfServer(3)dom(5)local(3)dev(4)null(0)
UDP question info at 000000E796562170
  Socket = 556
  Remote addr 192.168.0.16, port 56856
  Time Query=533586, Queued=0, Expire=0
  Buf length = 0x0fa0 (4000)
  Msg length = 0x0031 (49)
  Message:
    XID       0x4c9e
    Flags     0x0100
      QR        0 (QUESTION)
      OPCODE    0 (QUERY)
      AA        0
      TC        0
      RD        1
      RA        0
      Z         0
      CD        0
      AD        0
      RCODE     0 (NOERROR)
    QCOUNT    1
    ACOUNT    0
    NSCOUNT   0
    ARCOUNT   0
    QUESTION SECTION:
    Offset = 0x000c, RR count = 0
    Name      "(12)NameOfServer(3)dom(5)local(3)dev(4)null(0)"
      QTYPE   AAAA (28)
      QCLASS  1
    ANSWER SECTION:
      empty
    AUTHORITY SECTION:
      empty
    ADDITIONAL SECTION:
      empty

15.01.2019 11:53:39 2728 PACKET  000000E7932A4220 UDP Snd 192.168.0.254   4eb1   Q [0001   D   NOERROR] AAAA   (12)NameOfServer(3)dom(5)local(3)dev(4)null(0)
UDP question info at 000000E7932A4220
  Socket = 11688
  Remote addr 192.168.0.254, port 53
  Time Query=0, Queued=0, Expire=0
  Buf length = 0x0fa0 (4000)
  Msg length = 0x003c (60)
  Message:
    XID       0x4eb1
    Flags     0x0100
      QR        0 (QUESTION)
      OPCODE    0 (QUERY)
      AA        0
      TC        0
      RD        1
      RA        0
      Z         0
      CD        0
      AD        0
      RCODE     0 (NOERROR)
    QCOUNT    1
    ACOUNT    0
    NSCOUNT   0
    ARCOUNT   1
    QUESTION SECTION:
    Offset = 0x000c, RR count = 0
    Name      "(12)NameOfServer(3)dom(5)local(3)dev(4)null(0)"
      QTYPE   AAAA (28)
      QCLASS  1
    ANSWER SECTION:
      empty
    AUTHORITY SECTION:
      empty
    ADDITIONAL SECTION:
    Offset = 0x0031, RR count = 0
    Name      "(0)"
      TYPE   OPT  (41)
      CLASS  4000
      TTL    32768
      DLEN   0
      DATA   
        Buffer Size  = 4000
        Rcode Ext    = 0
        Rcode Full   = 0
        Version      = 0
        Flags        = 80 DO


Get this bounty!!!