Enhancement #3054

Reverse dns fails if an internal DNS is configured

Added by Alessio Fattorini over 6 years ago. Updated about 6 years ago.

Status:CLOSEDStart date:
Priority:NormalDue date:
Assignee:-% Done:

100%

Category:nethserver-dnsmasq
Target version:v6.6
Resolution: NEEDINFO:No

Description

Configuring NethServer with an internal DNS it doesn't resolve inversly internal IP

Step to reproduce:
  • configure an internal dns
    # config show dns
    dns=configuration
        NameServers=10.0.0.10,10.0.0.11
    
  • try to resolve an internal name, it works # dig +short pc-smith.bc.local
    10.0.0.121
  • try to resolve inversly, it doesn't

This is due to this parameter into dnsmasq.conf

# Never forward addresses in the non-routed address spaces.
bogus-priv

Without it works like a charm


Related issues

Related to NethServer 6 - Feature #2717: DNS forward CLOSED

Associated revisions

Revision bb5e6d05
Added by Giacomo Sanchietti about 6 years ago

dnsmasq.conf: disable bogus-priv if all DNS are in private nets. Refs #3054

Revision 38e6e674
Added by Giacomo Sanchietti about 6 years ago

dnsmasq.conf: fix bogus-priv template ouput. Refs #3054

History

#1 Updated by Alessio Fattorini over 6 years ago

We can't always disable it, because we can't permit that dnsmasq forwards requests to global dns (like google) but we can check if DNS server configured is into Local Network or not.

#2 Updated by Alessio Fattorini over 6 years ago

  • Subject changed from Reverse dns fails if an internal DNS is configured to Reverse dns fails if a different internal DNS server is configured
  • Description updated (diff)

#3 Updated by Filippo Carletti over 6 years ago

  • Tracker changed from Bug to Enhancement
  • Subject changed from Reverse dns fails if a different internal DNS server is configured to Reverse dns fails if an internal DNS is configured
  • Description updated (diff)

If both configured dns are in the same network of nethserver we could assume they're internal and remove "bogus-priv" option from dnsmasq.

#4 Updated by Filippo Carletti over 6 years ago

Another option is to add a checkbox to "mark " a dns as private. If private add bogus-priv option.

#5 Updated by Filippo Carletti over 6 years ago

  • Status changed from NEW to TRIAGED
  • Target version set to v6.6
  • % Done changed from 0 to 20

#6 Updated by Filippo Carletti over 6 years ago

#7 Updated by Giacomo Sanchietti over 6 years ago

  • NEEDINFO changed from No to Yes

#8 Updated by Filippo Carletti about 6 years ago

  • NEEDINFO changed from Yes to No

If both DNS are in one of the following networks, disable bogus-priv:
127.0.0.0/8
192.168.0.0/16
10.0.0.0/8
172.16.0.0/12
169.254.0.0/16

#9 Updated by Giacomo Sanchietti about 6 years ago

  • Status changed from TRIAGED to ON_DEV
  • Assignee set to Giacomo Sanchietti
  • % Done changed from 20 to 30

#10 Updated by Giacomo Sanchietti about 6 years ago

  • Status changed from ON_DEV to MODIFIED
  • % Done changed from 30 to 60

#11 Updated by Giacomo Sanchietti about 6 years ago

  • Status changed from MODIFIED to ON_QA
  • Assignee deleted (Giacomo Sanchietti)
  • % Done changed from 60 to 70
Package in nethserver-testing:
  • nethserver-dnsmasq-1.4.3-1.3.gbb5e6d0.ns6.noarch.rpm
  • nethserver-dnsmasq-1.4.3-1.4.g38e6e67.ns6.noarch.rpm
Test case 1
  • Set both dns as private
    config setprop dns NameServers 10.0.0.1,192.168.1.1
    expand-template /etc/dnsmasq.conf
    
  • Check bogus-priv option is not present
Test case 2
  • Set both dns as public
    config setprop dns NameServers 8.8.8.8,8.8.4.4
    expand-template /etc/dnsmasq.conf
    
  • Check bogus-priv option is present
Test case 3
  • Set un dns as public and one as private
    config setprop dns NameServers 8.8.8.8,192.168.1.1
    expand-template /etc/dnsmasq.conf
    
  • Check bogus-priv option is present

#12 Updated by Filippo Carletti about 6 years ago

  • Status changed from ON_QA to VERIFIED
  • % Done changed from 70 to 90

All 3 test case passed. I tested a 4th case with only one private dns:
[root@ns65 ~]# config show dns
dns=configuration
NameServers=192.168.5.253
[root@ns65 ~]# host 192.168.5.5
5.5.168.192.in-addr.arpa domain name pointer filippo-eth.nethesis.it.

#13 Updated by Giacomo Sanchietti about 6 years ago

  • Status changed from VERIFIED to CLOSED
  • % Done changed from 90 to 100
Released in nethserver-updates:
  • nethserver-dnsmasq-1.4.4-1.ns6.noarch.rpm

Also available in: Atom PDF