HI I setup dnsmasq on my computer. I tested with an entry in /etc/hosts for laptop.w530
I tested with "host laptop.w530" and I get unresolved (expected). If I add "nameserver 192.168.1.8" (my computer) to top of /etc/resolv.conf and do "host laptop.w530" I get 192.168.1.105 - so seems to be working.
Then I goto another machine, add the "nameserver 192.168.1.8" to /etc/resolv.conf and do the same "host laptop.w530" and it does not resolve.
I can "telnet 192.168.1.8 53" to my machine and I get a response.
Am I missing something to have "other" machines ask my machine for name resolution ?
Thanks,
Jerry
Le 31/10/2020 à 14:17, Jerry Geis a écrit :
HI I setup dnsmasq on my computer. I tested with an entry in /etc/hosts for laptop.w530
I tested with "host laptop.w530" and I get unresolved (expected). If I add "nameserver 192.168.1.8" (my computer) to top of /etc/resolv.conf and do "host laptop.w530" I get 192.168.1.105 - so seems to be working.
Then I goto another machine, add the "nameserver 192.168.1.8" to /etc/resolv.conf and do the same "host laptop.w530" and it does not resolve.
I can "telnet 192.168.1.8 53" to my machine and I get a response.
Am I missing something to have "other" machines ask my machine for name resolution ?
Here's a detailed blog article I wrote about Dnsmasq on CentOS 7:
https://blog.microlinux.fr/dnsmasq-centos-7/
It's in French, but the Linux bits are universal.
:o)
Niki
Hi Niki,
Thanks good article... I was close in what I did - but still not working.
I made this config file in /etc/dnsmasq.d
more lsi.conf domain-needed bogus-priv interface = eth0 expand-hosts local = / LayeredSolutionsInc.com / domain = LayeredSolutionsInc.com
# The address 192.168.1.14 is the static IP of this server # You can find this ip by running ifconfig and look for the # IP of the interface which is connected to the router. listen-address=127.0.0.1 listen-address=192.168.1.14 bind-interfaces
# Use open source DNS servers server=8.8.8.8
# Create custom 'domains'. # Custom 'domains' can also be added in /etc/hosts address=/LayeredSolutionsInc.com/192.168.1.14
I restart dnsmasq of course... The resolution works on the same machine - but not for any other linux box.
I add the nameserver 192.168.1.14 to the /etc/resolv.conf of that machine - but resolution does not work.
Thoughts? (note I moved from my original 192.168.1.8 to 192.168.1.14 machine) - same issue resolves locally but not for other machines.
Jerry
Are you sure you have opened 53/udp ?
Best Regards, Strahil Nikolov
В събота, 31 октомври 2020 г., 16:15:10 Гринуич+2, Jerry Geis jerry.geis@gmail.com написа:
Hi Niki,
Thanks good article... I was close in what I did - but still not working.
I made this config file in /etc/dnsmasq.d
more lsi.conf domain-needed bogus-priv interface = eth0 expand-hosts local = / LayeredSolutionsInc.com / domain = LayeredSolutionsInc.com
# The address 192.168.1.14 is the static IP of this server # You can find this ip by running ifconfig and look for the # IP of the interface which is connected to the router. listen-address=127.0.0.1 listen-address=192.168.1.14 bind-interfaces
# Use open source DNS servers server=8.8.8.8
# Create custom 'domains'. # Custom 'domains' can also be added in /etc/hosts address=/LayeredSolutionsInc.com/192.168.1.14
I restart dnsmasq of course... The resolution works on the same machine - but not for any other linux box.
I add the nameserver 192.168.1.14 to the /etc/resolv.conf of that machine - but resolution does not work.
Thoughts? (note I moved from my original 192.168.1.8 to 192.168.1.14 machine) - same issue resolves locally but not for other machines.
Jerry _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
On Oct 31, 2020, at 1:22 PM, Strahil Nikolov via CentOS centos@centos.org wrote:
Are you sure you have opened 53/udp ?
Good call, but you left out the “how”:
$ sudo firewall-cmd --add-service dns $ sudo firewall-cmd --add-service dns --permanent
Without the second command, it affects the runtime firewall only, and without the first, it doesn’t take effect until the next reboot.
To the OP: DNS needs both TCP *and* UDP service on port 53. Your telnet test is incomplete, and in fact covers only some of the lesser-used code paths in DNS servers. (Zone transfers, etc.) Most DNS service needs UDP only, and expects that to work; there is no fallback to TCP if UDP fails.
Thanks All for the suggestions. I was still using iptables - not firewalld - I did miss the UDP port 53. That was my issue. Thanks Niki for the article and everyone.
Thanks again.
Jerry
Le 01/11/2020 à 22:21, Jerry Geis a écrit :
Thanks All for the suggestions. I was still using iptables - not firewalld - I did miss the UDP port 53. That was my issue.
Your mileage may vary, but usually when I fiddle with a new service that I don't know well, I start out by disabling the firewall, putting SELinux in permissive mode or deactivating it altogether.
Then, when things start working as expected, I'll add them again progressively until everything works perfectly.
On 10/31/2020 6:17 AM, Jerry Geis wrote:
I tested with "host laptop.w530" and I get unresolved (expected). If I add "nameserver 192.168.1.8" (my computer) to top of /etc/resolv.conf and do "host laptop.w530" I get 192.168.1.105 - so seems to be working.
The canonical DNS testing tool is dig. It displays the outbound query packet and the reply, in great detail. You'll find it in the bind-utils package.
-
Jerry Geis -
Kenneth Porter -
Nicolas Kovacs -
Strahil Nikolov -
Warren Young