Topic: Can't resolve DNS names on SME 6.0.1

[Anonymous]

I am having some trouble (head/wall banging, losing sleep type trouble) getting an SME6.0.1 to resolve names. I can ping out to IPs, so the routing seems okay, but I simple can't resolve names.

The server is sitting on a fixed IP address, in server-only mode, behind a Draytek Vigor 2600Plus ADSL modem/router. The router provides DHCP services. A bunch of Windows PCs sat on the internal network have no problems accessing the Internet, resolving names etc.

I have spent many days on this problem, and still have got no closer to finding a solution.

The dig command tells me that no server could be found. If I explicitly tell it to use the ADSL router, I get the same result. From what I understand though, dnscache should go to the root DNS servers anyway.

If I 'dig' with one of the root DNS servers specified (from /etc/resolv.conf) then I do get a list of DNS servers that can resolve the name.

So - what I don't understand:

- Why do the DHCP Windows machines get supplied with DNS services, while my fixed IP SME does not?
- Why is the SME not going direct to the root servers, as I believe it is supposed to do.
- Where do I go from here? I simply don't know where to find the source of the problem. It is somewhere between the command-line and a DNS server somewhere - but no idea where

The dnscache log has been reporting input/output errors since 18 March this year, but I can't think of anything I changed on that day.

This is the same as the problem I posted on the general discussion board, but didn't get any response there. I'm starting from fresh here to see if anyone has any ideas where the problem could lie, and how I can weadle it out. The problem with the tools I've tried is that they either work or they time out - there is nothing in between, and no diagnostics as to why they haven't worked. The tools are used for analysing DNS conflicts, not why the DNS service isn't working as expected in the first place.

Thanks,

-- Jason

BTW I am really desperate to get this working, as it is already very late. I've had no troubles with 5.x in the past. This is my first 6.x installation, and I thought it was going to be smoother and easier.

[CharlieBrady]

The server is sitting on a fixed IP address, in server-only mode, behind a Draytek Vigor 2600Plus ADSL modem/router.

That's likely to be a significant part of the problem. The server works well as a router, in gateway mode.

If I 'dig' with one of the root DNS servers specified (from /etc/resolv.conf) then I do get a list of DNS servers that can resolve the name.

There should not be a list of servers in /etc/resolv.conf (which should point to your server's local IP).

The dnscache log has been reporting input/output errors since 18 March this year, but I can't think of anything I changed on that day.

See my reply on the other board. dnscache is querying 192.168.1.8, which is likely a local configuration issue.

[Anonymous]

If I 'dig' with one of the root DNS servers specified (from /etc/resolv.conf) then I do get a list of DNS servers that can resolve the name.

There should not be a list of servers in /etc/resolv.conf (which should point to your server's local IP).

Sorry - I meant /etc/dnsroots.cat. I'm completely confusing myself now.

I can do lookups and reverse lookups on the virtual names of the local machines, so I think tinydns is working. I am assuming that tinydns is just there to resolve just the local names and domains, while dnscache goes out to fetch details from external DNS servers.

I am wondering whether the problem is with the router. On the Draytek forums I am reading conflicting statements. On the one hand, it is stated that the router has a DNS proxy, so I should be able to use it as a DNS server to do the recursive lookups for me (i.e. for my SME server) on the Internet.

However, in other posts I read that the router does not do recursive lookups, which could well make sense. The local PCs that are being given IPs and DNS details through DHCP may well be handed the ISP's DNS server addresses, so they don't actually proxy using the router itself.

If that is the problem, then I am not sure how to solve it. Or perhaps it is simple - I don't know. I guess, I need to tell the SME server to use the router as a router, but NOT to use it as DNS server, but to go direct to the root servers. I don't have access to the console from where I am, so there needs to be a way for me to check those details and set them via ssh.

-- Jason

[NickR]

What happens if you put the SME into DHCP mode (i.e. get it to act as your Windows machines do)?

Assuming that it works this way, you need to start investigating why it won't work as you want.  I can confirm that it works here when pointed to another SME in gateway mode, so there's nothing fundamentally wrong with the SME in server-only mode.  A quick'n dirty fix might be to get the Vigor to assign a fixed IP address based on the MAC address of the SME.

[Kelvin]

I suppose one posible solution would be to set the Master DNS to point to your ISP's DNS server through the SME configuration screen.

Kelvin

[Anonymous]

I suppose one posible solution would be to set the Master DNS to point to your ISP's DNS server through the SME configuration screen.

The problem is: how do I know the IP for the ISP's DNS? The ISP allocates DNS dynamically to the ADSL router, so it is not something that can be hard-coded into the SME server.

I fixed this in the end by fiddling with the list of root servers in the dnscache folder. For some reason, SME was not copying the IPs from /etc/dnsroots.conf to the '@' file somewhere under /var/service/dnscache/env/...

I don't know if this is a bug or not. I have not set teh DNS in the console config screens, which should leave SME to go through the 16 root DNS IPs that it has, but the config files were not getting updated correctly. Could have been a permissions problem - no idea really, but it works now, and I know how to fix it if it happens again.

-- JJ

[Anonymous]

A quick'n dirty fix might be to get the Vigor to assign a fixed IP address based on the MAC address of the SME.

That's a handy hint - I will remember that one - thanks. It certainly sounds like it would have worked, if I had known the router could do that.

The problem in the end, was a template that was not getting expanded correctly. I manually created the config file and it works now.

So long as the SME does not point to a specific DNS server (whether allocated through DHCP, or manually through the console config screen) then it is supposed to work randomly through its internal list of 16 root DNS servers (i.e. it does not touch the ISPs DNS servers at all). The template that supplies those IPs was not getting expanded.

It is the dnscache service that does the lookups, first by going to tinydns (to lookup the names or IPs of local machines) and then to either the DHCP DNS, or the manually-allocated DNS, or the root servers).

I hope that helps anyone else who may be having the same problems.

Oh - and it looks like the Draytek/Vigor router is *not* providing DNS server or proxy services, even though the specifications says it does. I think that is a bug in the current firmware. Still no-one at Vigor has been able to confirm one way or the other whether the router is supposed to provide proxy services, so I guess they don't want to talk about until they have a fix

-- Jason

[Kelvin]

Oh - and it looks like the Draytek/Vigor router is *not* providing DNS server or proxy services, even though the specifications says it does.

That's not uncommon. Some of the DLink Routers I have come across also have the same problem even though the specs say otherwise.

The problem is: how do I know the IP for the ISP's DNS? The ISP allocates DNS dynamically to the ADSL router, so it is not something that can be hard-coded into the SME server.

I'm surprised that your ISP does not provide this information to you or have it on their website. In any case, the routers that I have used - Netgear, DLink, SMC, Accton all have a status page which shows you what the DNS servers are that have been provided to them by the ISP's DHCP server. I can only suggest that you check your router's setup pages to find that info.

I still think that if you have the DNS address to put into SME, it is a lot more straight forward than needing to edit config files manually - just an opinion, of course.

Cheers,

Kelvin

[Anonymous]

The problem is: how do I know the IP for the ISP's DNS? The ISP allocates DNS dynamically to the ADSL router, so it is not something that can be hard-coded into the SME server.

I'm surprised that your ISP does not provide this information to you or have it on their website. In any case, the routers that I have used - Netgear, DLink, SMC, Accton all have a status page which shows you what the DNS servers are that have been provided to them by the ISP's DHCP server. I can only suggest that you check your router's setup pages to find that info.

Yes - of course I can find out what the DNS servers are today, but they may change over time, and that was my point. The ISP has not guaranteed that they will remain fixed. DHCP gives us the DNS server addresses, and they will be on the same subnet as the dynamic IP they provide. Both may change at any time.

The ISP has given us a default 'router IP address', but there does not seem to be a DNS server there.

Yes - perhaps this is an odd combination of circumstances that contrive to ensure the configuration is difficult, but these days ISPs are beginning to lock down their services much more - they are being much less flexible - so SME is going to need a few more options to allow it to work with these ISPs.

-- Jason

[Kelvin]

Yes - of course I can find out what the DNS servers are today, but they may change over time, and that was my point. The ISP has not guaranteed that they will remain fixed. DHCP gives us the DNS server addresses, and they will be on the same subnet as the dynamic IP they provide. Both may change at any time.

That's entirely possible but I highly doubt that your ISP will change DNS server addresses that often (but your ISP may be different to all the ISPs - and there has been a good many - that I have dealt with and continue to deal with).

In any case, you have now found and shared a working solution that you are comfortable with and that's what's important.

Cheers,

Kelvin