Name resolution with unqualified names

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
14 messages Options
Reply | Threaded
Open this post in threaded view
|

Name resolution with unqualified names

Kevin O'Gorman
First an admission: I have only a general understanding of IP and name resolution.

My issue has to do with my local subnet, so let me describe it:
1. there's a fairly new LinkSys AC1900 MU-MIMO gigabity router connected to my cable modem.  Most of the things attached to it have reserved IP numbers in the 10.x.x.x range.

2. Since I have more than 4 wired connections, I have 2 TP-LINK TP-SG105E switches, one in my garage (where my 4 desktop computers live), one in my office where there are also a printer, 2 laptops and some other stuff.

3. The desktop I spend most of my time on (Camelot) also has a wireless connection to the router, which bypasses the switches.  The same is true of my laptops.

I'll ignore the laptops because they're usually running Windows.

What I don't really understand is that on Camelot, I can use a command like
    ssh -X plato
to get to the desktop named plato with the same login name that I'm using on Camelot, presumably because the unqualified "plato" is the name I gave it the router when reserving IP numbers.  I cannot do this from the other desktops; I get a warning that the name cannot be found.

On Camelot, /etc/resolv.conf shows DNS service from 127.0.1.1 which appears to be Camelot itself.

On the other desktops, /etc/resolv.conf shows the 10.x.x.x IP number for the switch they're connected to.  And the switch apparently can resolve fully qualified names, but not the local names.

I'm guessing that Camelot is pulling this off by doing name resolution directly with the router over its wireless connection.

I'd like some way to give the other desktops access to the same information, but of course these days /etc/resolv.conf is not a static file, so I can't just edit it.  This is important because I want to make a team of them (probably using ZeroMQ) and they need to be able to find eachother.  The desktops do not have qualified names, though if there's a way to set that up I might use it.

I'd be happy with a way to get the other desktops to use Camelot as the DNS server.  But of course they'd have to be able to find it.

--
Kevin O'Gorman
#define QUESTION ((bb) || (!bb))   /* Shakespeare */

Please consider the environment before printing this email.


--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: Name resolution with unqualified names

compdoc
On 11/24/2017 03:39 PM, Kevin O'Gorman wrote:

> I'd be happy with a way to get the other desktops to use Camelot as
> the DNS server.  But of course they'd have to be able to find it.
>

After you install a dns server, you just configure all machines to use
the ip address of Camelot as their first dns server. This is better done
using DHCP, which the router can provide, Im sure.

Also, usually faster to wire the desktop to the router, and might be
safer if wifi isnt locked down.


--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: Name resolution with unqualified names

Kevin O'Gorman


On Fri, Nov 24, 2017 at 2:48 PM, compdoc <[hidden email]> wrote:
On 11/24/2017 03:39 PM, Kevin O'Gorman wrote:

I'd be happy with a way to get the other desktops to use Camelot as the DNS server.  But of course they'd have to be able to find it.


After you install a dns server, you just configure all machines to use the ip address of Camelot as their first dns server. This is better done using DHCP, which the router can provide, Im sure.

Also, usually faster to wire the desktop to the router, and might be safer if wifi isnt locked down.
 
Some problems / observations with that

1. I'm not aware of having installed a DNS server.  Camelot is running Xubuntu, one other machine is running Ubuntu, two are running a server version of Ubuntu.  Perhaps some or all have a DNS server, but it's not because of anything I planned, so I don't know much about it.

2. The means to do the configuration you mention was exactly my question.  I used to edit /etc/resolv.conf, but it is no longer a file.

3. All are already getting their IP addresses via DHCP from the router, probably by wire through a switch for the wired interfaces, by WiFi for the Wifi ports.

4. There are 4 desktops, a printer, and a monitoring device for my solar panels, all using wires.  Only one of these (Camelot) also has WiFi.  Not enough router ports (there are just 4).  It happens the laptops also use both wires and WiFi.  Thus the switches.

5. I'm not sure what it takes to qualify as "locked down".  It's got a long password, and I know all the devices that show up in its device map.

If you can help me with item #2, I'll be very grateful.

--
Kevin O'Gorman
#define QUESTION ((bb) || (!bb))   /* Shakespeare */

Please consider the environment before printing this email.


--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: Name resolution with unqualified names

Ralf Mardorf-2
On Fri, 24 Nov 2017 21:10:12 -0800, Kevin O'Gorman wrote:
>I used to edit /etc/resolv.conf, but it is no longer a file.

Replace the link by a file. I've done this to use systemd-nspawn
without the -b option.


--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Xen
Reply | Threaded
Open this post in threaded view
|

Re: Name resolution with unqualified names

Xen
In reply to this post by Kevin O'Gorman
Kevin O'Gorman schreef op 25-11-2017 5:10:

1. I'm not aware of having installed a DNS server.  Camelot is running
Xubuntu, one other machine is running Ubuntu, two are running a server
version of Ubuntu.  Perhaps some or all have a DNS server, but it's not
because of anything I planned, so I don't know much about it.

2. The means to do the configuration you mention was exactly my
question.  I used to edit /etc/resolv.conf, but it is no longer a file.

   If you can help me with item #2, I'll be very grateful.


If one server is always running you can install dnsmasq on it, switch
off DHCP on the router, create a minimal dnsmasq configuration that I
can tell you,

Tell dnsmasq to either use the router or some global thing for DNS.

But at that point you:

- are dependent on that server for your entire network
- may not have an easy interface to see DHCP leases, until you point a
webserver to its leases file.

So it would be easy enough to configure e.g. lighttpd on port 81 to
point directly to /var/lib/dnsmasq/lease/dnsmasq.lease

At this point your server does both DNS and DHCP.

Because it does DHCP, it gives itself as the DNS server for your
network.

If all your computers have hostnames configured, they will send this
hostname over DHCP to the dnsmasq server, which will add it to the list
of hosts it has.

This list is then used for DNS.

The only issue is the .local issue mentioned, but this only happens when
you use .local explicitly.

As long as you don't use .local explicitly, your ordinary unqualified
names will still resolve to .local, but the mdns_minimal plugin will not
stop it.

This is the minimal dnsmasq.conf setup as mentioned:


no-resolv
expand-hosts
domain-needed
bogus-priv

server=8.8.8.8        <-- upstream dns server, can be your router
local=/local/         <-- domain you use for automatic resolving
auth-zone=local       <-- only adds a SOA record

domain=local,192.168.0.0/24    <- attaches the subnet to the domain
dhcp-option=option:router,192.168.0.1    <-- configures the gateway

dhcp-range=192.168.0.100,192.168.0.199,12h    <-- configures the dhcp
range

dhcp-host=hostname,192.168.0.50   <-- configures a static DHCP IP for a
given hostname

dhcp-host=00:1f:c6:25:10:e8,192.168.0.6,40000s   <-- does the same based
on MAC address

and adds a timeout.

dhcp-option=option:classless-static-route,10.8.0.0/24,<serverip>    <--
if you have additional static routes such as VPN

                                                                         
that you want all clients to have.

mx-host=server.local,server.local             <-- if you want anything
to be a mailserver

You can set up an internal mailserver in this way.

You can have emails like kevin@local

Or [hidden email]

Or kevin@camelot

You can add mx records to each individual host so that each individual
host can now receive emails from other hosts.

"self-mx"

and so on and so on.

But this is all you need with a bit more.

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: Name resolution with unqualified names

Liam Proven
In reply to this post by Kevin O'Gorman
On 24 November 2017 at 23:39, Kevin O'Gorman <[hidden email]> wrote:
>
> First an admission: I have only a general understanding of IP and name resolution.
>
> My issue has to do with my local subnet, so let me describe it:
> 1. there's a fairly new LinkSys AC1900 MU-MIMO gigabity router connected to my cable modem.  Most of the things attached to it have reserved IP numbers in the 10.x.x.x range.

First what is becoming my standard advice:

Make sure your router's firmware is up to date.

I've looked into it. It depends whether your router is v1 or v2.

https://www.linksys.com/us/support-article?articleNum=183933

Second: it looks like the router has at least some DNS support of its own.

https://www.linksys.com/us/support-article?articleNum=205507

Have you tried accessing the other machines as plato.local,
chronos.local or whatever? That is, add ``.local'' onto the end of
their names and see.

It can forward DNS requests to your ISP, but that is normal:

https://www.linksys.com/us/support-article?articleNum=132349

Hint -- if you have problems with ISP DNS servers, Google offers free
ones at very easy-to-remember addresses.

https://developers.google.com/speed/public-dns/



--
Liam Proven • Profile: https://about.me/liamproven
Email: [hidden email] • Google Mail/Talk/Plus: [hidden email]
Twitter/Facebook/Flickr: lproven • Skype/LinkedIn/AIM/Yahoo: liamproven
UK: +44 7939-087884 • ČR/WhatsApp/Telegram/Signal: +420 702 829 053

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: Name resolution with unqualified names

Gene Heskett-2
In reply to this post by Xen
On Saturday 25 November 2017 05:30:47 Xen wrote:

> Kevin O'Gorman schreef op 25-11-2017 5:10:
>
> 1. I'm not aware of having installed a DNS server.  Camelot is running
> Xubuntu, one other machine is running Ubuntu, two are running a server
> version of Ubuntu.  Perhaps some or all have a DNS server, but it's
> not because of anything I planned, so I don't know much about it.
>
> 2. The means to do the configuration you mention was exactly my
> question.  I used to edit /etc/resolv.conf, but it is no longer a
> file.
>
>    If you can help me with item #2, I'll be very grateful.
>
So quit mewling about it and make it a file, put what works for you in
it, and make it immutable. NM and ALL its ilk are solutions that usually
don't work in search of a problem that doesn't exist on the typical home
sized network. Run dd-wrt and dnsmasq on the router. Do NOT bridge the
wifi to your local lan unless your lappy needs access to the local net.
That way nobody can drive by, get access to the local net and have fun
seeing how much damage they can do, because all they can do is steal
some bandwidth, which you may not know about until you get your net bill
at the end of the month and an extra 80GB has been used while you were
snoozing.  Lesson? Turn off the radio unless its in local use.

>
> If one server is always running you can install dnsmasq on it, switch
> off DHCP on the router, create a minimal dnsmasq configuration that I
> can tell you,
>
> Tell dnsmasq to either use the router or some global thing for DNS.
>
> But at that point you:
>
> - are dependent on that server for your entire network
> - may not have an easy interface to see DHCP leases, until you point a
> webserver to its leases file.
>
> So it would be easy enough to configure e.g. lighttpd on port 81 to
> point directly to /var/lib/dnsmasq/lease/dnsmasq.lease
>
> At this point your server does both DNS and DHCP.
>
> Because it does DHCP, it gives itself as the DNS server for your
> network.
>
> If all your computers have hostnames configured, they will send this
> hostname over DHCP to the dnsmasq server, which will add it to the
> list of hosts it has.
>
> This list is then used for DNS.
>
> The only issue is the .local issue mentioned, but this only happens
> when you use .local explicitly.
>
> As long as you don't use .local explicitly, your ordinary unqualified
> names will still resolve to .local, but the mdns_minimal plugin will
> not stop it.
>
> This is the minimal dnsmasq.conf setup as mentioned:
>
>
> no-resolv
> expand-hosts
> domain-needed
> bogus-priv
>
> server=8.8.8.8        <-- upstream dns server, can be your router
> local=/local/         <-- domain you use for automatic resolving
> auth-zone=local       <-- only adds a SOA record
>
> domain=local,192.168.0.0/24    <- attaches the subnet to the domain
> dhcp-option=option:router,192.168.0.1    <-- configures the gateway
>
> dhcp-range=192.168.0.100,192.168.0.199,12h    <-- configures the dhcp
> range
>
> dhcp-host=hostname,192.168.0.50   <-- configures a static DHCP IP for
> a given hostname
>
> dhcp-host=00:1f:c6:25:10:e8,192.168.0.6,40000s   <-- does the same
> based on MAC address
>
> and adds a timeout.
>
> dhcp-option=option:classless-static-route,10.8.0.0/24,<serverip>  
> <-- if you have additional static routes such as VPN
>
>
> that you want all clients to have.
>
> mx-host=server.local,server.local             <-- if you want anything
> to be a mailserver
>
> You can set up an internal mailserver in this way.
>
> You can have emails like kevin@local
>
> Or [hidden email]
>
> Or kevin@camelot
>
> You can add mx records to each individual host so that each individual
> host can now receive emails from other hosts.
>
> "self-mx"
>
> and so on and so on.
>
> But this is all you need with a bit more.


Cheers, Gene Heskett
--
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page <http://geneslinuxbox.net:6309/gene>

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: Name resolution with unqualified names

Kevin O'Gorman
In reply to this post by Xen


On Sat, Nov 25, 2017 at 2:30 AM, Xen <[hidden email]> wrote:
Kevin O'Gorman schreef op 25-11-2017 5:10:

1. I'm not aware of having installed a DNS server.  Camelot is running Xubuntu, one other machine is running Ubuntu, two are running a server version of Ubuntu.  Perhaps some or all have a DNS server, but it's not because of anything I planned, so I don't know much about it.

2. The means to do the configuration you mention was exactly my question.  I used to edit /etc/resolv.conf, but it is no longer a file.

  If you can help me with item #2, I'll be very grateful.


If one server is always running you can install dnsmasq on it, switch off DHCP on the router, create a minimal dnsmasq configuration that I can tell you,

Tell dnsmasq to either use the router or some global thing for DNS.

But at that point you:

- are dependent on that server for your entire network
- may not have an easy interface to see DHCP leases, until you point a webserver to its leases file.

So it would be easy enough to configure e.g. lighttpd on port 81 to point directly to /var/lib/dnsmasq/lease/dnsmasq.lease

At this point your server does both DNS and DHCP.

Because it does DHCP, it gives itself as the DNS server for your network.

If all your computers have hostnames configured, they will send this hostname over DHCP to the dnsmasq server, which will add it to the list of hosts it has.

This list is then used for DNS.

The only issue is the .local issue mentioned, but this only happens when you use .local explicitly.

As long as you don't use .local explicitly, your ordinary unqualified names will still resolve to .local, but the mdns_minimal plugin will not stop it.

This is the minimal dnsmasq.conf setup as mentioned:


no-resolv
expand-hosts
domain-needed
bogus-priv

server=8.8.8.8        <-- upstream dns server, can be your router
local=/local/         <-- domain you use for automatic resolving
auth-zone=local       <-- only adds a SOA record

domain=local,192.168.0.0/24    <- attaches the subnet to the domain
dhcp-option=option:router,192.168.0.1    <-- configures the gateway

dhcp-range=192.168.0.100,192.168.0.199,12h    <-- configures the dhcp range

dhcp-host=hostname,192.168.0.50   <-- configures a static DHCP IP for a given hostname

dhcp-host=00:1f:c6:25:10:e8,192.168.0.6,40000s   <-- does the same based on MAC address

and adds a timeout.

dhcp-option=option:classless-static-route,10.8.0.0/24,<serverip>    <-- if you have additional static routes such as VPN

                                                                        that you want all clients to have.

mx-host=server.local,server.local             <-- if you want anything to be a mailserver

You can set up an internal mailserver in this way.

You can have emails like kevin@local

Or [hidden email]

Or kevin@camelot

You can add mx records to each individual host so that each individual host can now receive emails from other hosts.

"self-mx"

and so on and so on.

But this is all you need with a bit more.

Finding all that to be somewhat less than immediately intelligible, I anticipated a considerable learning curve.  Another approach occurred to me.  Since all of the IP numbers are reserved, there's no need to get them from a DNS server of any kind, or interfere with the organization of /etc/resolv.conf.

Also: /etc/hosts is still a file, and can hold this information.

Accordingly, I'm working on scripts to gather and distribute the relevant information in such a way that any future changes can be propagated quickly.

--
Kevin O'Gorman
#define QUESTION ((bb) || (!bb))   /* Shakespeare */

Please consider the environment before printing this email.


--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Xen
Reply | Threaded
Open this post in threaded view
|

Re: Name resolution with unqualified names

Xen
Kevin O'Gorman schreef op 26-11-2017 6:58:

> Finding all that to be somewhat less than immediately intelligible, I
> anticipated a considerable learning curve.  Another approach occurred
> to me.  Since all of the IP numbers are reserved, there's no need to
> get them from a DNS server of any kind, or interfere with the
> organization of /etc/resolv.conf.
>
> Also: /etc/hosts is still a file, and can hold this information.
>
> Accordingly, I'm working on scripts to gather and distribute the
> relevant information in such a way that any future changes can be
> propagated quickly.

Well it's cool that you do your own thing.

But let me condense the material then a bit.

- dnsmasq is a DNS and DHCP server and is a very small program.
- if you install it on one of your servers it can take over the job that
the router is currently doing with regards to DNS and DHCP

- every computer has a hostname

- every computer that gets an IP through DHCP gives that hostname to the
DHCP server.

- the DHCP server can use this hostname to give a fixed IP address to
the client.

This was the:      dhcp-host=hostname,192.168.0.50       that I
mentioned.

(hostname == camelot)



- dnsmasq takes all of the hostnames acquired from DHCP clients and puts
them in a list.

- this list is then used for DNS.




So again if you care. This is the contents of your /etc/dnsmasq.conf if
you were to go this "route" ;-).

no-resolv
expand-hosts
domain-needed
bogus-priv
server=8.8.8.8                   <-- mentions the google DNS server but
can be your router
local=/local/                    <-- the local domain you want
auth-zone=local
domain=local,192.168.0.0/24      <-- specify which 10.0.0.0/8 network
belongs to ".local"
dhcp-option=option:router,192.168.0.1     <-- address your router has
dhcp-range=192.168.0.100,192.168.0.199,12h    <-- DHCP range

Replace 192.168.0.X with 10.0.0.X if you must.

You would have immediate name resolution.

But you would have to go to your router settings and turn off DHCP.

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: Name resolution with unqualified names

Ralf Mardorf-2
On Sun, 26 Nov 2017 07:57:57 +0100, Xen wrote:
>server=8.8.8.8                   <-- mentions the google DNS server
>but can be your router

...or any other name server instead of 8.8.8.8 or 8.8.4.4., since
Google already gets to much information for misusage, they don't need
to get the most visited IPs that way, too.

A starting point: https://wiki.archlinux.org/index.php/resolv.conf

By way of exception Google could be your friend to find e.g. family
friendly name servers or just the name server of your ISP, that anyway
could collect all your connections.


--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: Name resolution with unqualified names

Kevin O'Gorman
In reply to this post by Xen


On Sat, Nov 25, 2017 at 10:57 PM, Xen <[hidden email]> wrote:
Kevin O'Gorman schreef op 26-11-2017 6:58:

Finding all that to be somewhat less than immediately intelligible, I anticipated a considerable learning curve.  Another approach occurred to me.  Since all of the IP numbers are reserved, there's no need to get them from a DNS server of any kind, or interfere with the organization of /etc/resolv.conf.

Also: /etc/hosts is still a file, and can hold this information.

Accordingly, I'm working on scripts to gather and distribute the relevant information in such a way that any future changes can be propagated quickly.

Well it's cool that you do your own thing.

But let me condense the material then a bit.

- dnsmasq is a DNS and DHCP server and is a very small program.
- if you install it on one of your servers it can take over the job that the router is currently doing with regards to DNS and DHCP

- every computer has a hostname

- every computer that gets an IP through DHCP gives that hostname to the DHCP server.

- the DHCP server can use this hostname to give a fixed IP address to the client.

This was the:      dhcp-host=hostname,192.168.0.50       that I mentioned.

(hostname == camelot)



- dnsmasq takes all of the hostnames acquired from DHCP clients and puts them in a list.

- this list is then used for DNS.




So again if you care. This is the contents of your /etc/dnsmasq.conf if you were to go this "route" ;-).

no-resolv
expand-hosts
domain-needed
bogus-priv
server=8.8.8.8                   <-- mentions the google DNS server but can be your router
local=/local/                    <-- the local domain you want
auth-zone=local
domain=local,192.168.0.0/24      <-- specify which 10.0.0.0/8 network belongs to ".local"
dhcp-option=option:router,192.168.0.1     <-- address your router has
dhcp-range=192.168.0.100,192.168.0.199,12h    <-- DHCP range

Replace 192.168.0.X with 10.0.0.X if you must.

You would have immediate name resolution.

But you would have to go to your router settings and turn off DHCP.


On reflection, I am not satisfied with this approach.  Since a large part of my purpose was to understand my existing equipment, this is a bit like sweeping the problem under the rug.  The thing I find hardest to understand is that I have four desktops connected to the same switch, all running Ubuntu or Xubuntu 16.04 LTS, pretty much the same way and getting their IPs from the router through the switch.  So why do just two of them have 127.0.1.1 listed as its name resolver, and the others list the IP of the router?

Come to that, how does it work for camelot's /etc/resolv.conf (actually linked to /run/resolveconf/resolv.conf) list 127.0.1.1 as its resolver.  Plato's too. 

On Camelot running Xubuntu and Plato running Ubuntu (both in desktop versions), /run/resolveconf/resolv.conf is:
    # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
    #     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
    nameserver 127.0.1.1

On gog and magog, running Ubuntu server 127.0.1.1 is replaced by an IP that seems to be the router; at least pointing a browser at that IP gets me the internal support page from the router.

Other oddities:
  gog and magog can find each other using nslookup(1), which reports using the router as its server; neither one can find camelot or plato in that way unless i add the parameter to make them use the router.
  camelot and plato cannot find each other or the other hosts by their unqualified names using nslookup, which reports using 127.0.1.1

Camelot is running Xubuntu because I like the xfce desktop.  Plato is running Ubuntu because it's still under warranty from System76 and that's the OS it was supplied with.  Gog and magog are running server because I only access them via SSH, and they don't need an X server for that.  None of them is actually headless, but I spend my time on Camelot, and have a workspace for each and 3 HD monitors to make each workspace big.  It just happens the motherboard I last put into Camelot has 3 HD outputs, and I had 3 identical HD montiors.  Voila!

Now on reflection (a day later) there is one ray of hope.  The the two that use the router for DNS are running Ubuntu server, and they are the ones that behave as I would prefer -- able to discover eachother by their unqualified names (I can't really give them qualified names anyway, because I only have one externally visible IP address, or can I?).  I vaguely remember that the server install had a bunch of extras, most of which I declined.  I think one of them may have been a DNS server.  Seeing no need, I declined.  Could it be that the desktop installs have a DNS server by default and that the installed DNS server is exposing 127.0.1.1 and it is inferior to the router or needs further configuration?

How do I test this idea?  How do I find out what software corresponds to those options on installation?

--
Kevin O'Gorman
#define QUESTION ((bb) || (!bb))   /* Shakespeare */

Please consider the environment before printing this email.


--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: Name resolution with unqualified names

Paul Smith-2
On Mon, 2017-11-27 at 12:57 -0800, Kevin O'Gorman wrote:
So why do just two of them have 127.0.1.1 listed as its name resolver, and the others list the IP of the router?

Come to that, how does it work for camelot's /etc/resolv.conf (actually linked to /run/resolveconf/resolv.conf) list 127.0.1.1 as its resolver

I haven't followed closely the differences between your systems that would lead to different behaviors.

But, I can explain the above configuration.

In the old days when life was simple, network connections were static, and a DNS server was forever, you could just put the upstream IP address of your favorite DNS server into /etc/resolv.conf and call it a day.

These days, where you have wireless devices that roam, VPNs with private domains, virtual machines, etc. configuring name resolution is a morass of different requirements and capabilities, and a simple IP address (or four) in your /etc/resolv.conf very often simply can't get the job done.

So, systems started providing dnsmasq which is a super-cool, lightweight DNS caching server. It can run on your system and be configured to handle all the fancy bits above: for example, deal with virtual machines running locally, send DNS requests for VPN private domains to one DNS server and DNS requests for google.com etc. to another DNS server (for split tunneling), etc.

In order to use dnsmasq, you put 127.0.1.1 or 127.0.0.1 or whatever as your DNS IP address, then the resolver library (in libc) will connect to the DNS port on your local host, which is... your dnsmasq service! Network Manager will configure all the things for you, if you want it to.

That worked great (IMO) but apparently the systemd people decided it was all too complicated or something (I'm not sure really what the impetus was) and created systemd-resolved which, like dnsmasq, is a local DNS caching service. Ubuntu switched over to that instead of dnsmasq and now many things that used to work are broken (like VPN split tunneling short name lookup), but I suppose they'll get fixed sooner or later.

In any event, that's why you see these IP addresses in your /etc/resolv.conf.

For the systems where you don't see this, it means you're using the old-school simple DNS service and not the local dnsmasq or systemd-resolved versions. I don't know if that's because you specifically configured it like that at some point, or those systems are using a different distribution, or what.

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: Name resolution with unqualified names

Karl Auer
In reply to this post by Kevin O'Gorman
On Mon, 2017-11-27 at 12:57 -0800, Kevin O'Gorman wrote:
> I have four desktops connected to the same switch, all
> running Ubuntu or Xubuntu 16.04 LTS, pretty much the same way and
> getting their IPs from the router through the switch.  So why do just
> two of them have 127.0.1.1 listed as its name resolver, and the
> others list the IP of the router?

Systems running dnsmasq will have a local loopback address as their
nameserver. Systems not running dnsmasq will generally have either
nothing, or whatever nameserver address they received via DHCP.

There are other possibilities, but for out of the box systems that's
the most likely difference, especially if you were declining stuff
during the installs. It would have been easy to decline dnsmasq.

Check in the process table for each server to see whether it is running
dnsmasq:

   ps ax | grep dnsmasq

Not sure about the DNS names you are able to use for gog and magog, but
that is a secondary investigation...

Regards, K.

--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer ([hidden email])
http://www.biplane.com.au/kauer
http://twitter.com/kauer389

GPG fingerprint: A52E F6B9 708B 51C4 85E6 1634 0571 ADF9 3C1C 6A3A
Old fingerprint: E00D 64ED 9C6A 8605 21E0 0ED0 EE64 2BEE CBCB C38B



--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Xen
Reply | Threaded
Open this post in threaded view
|

Re: Name resolution with unqualified names

Xen
In reply to this post by Kevin O'Gorman
Kevin O'Gorman schreef op 27-11-2017 21:57:

On reflection, I am not satisfied with this approach.
---

I understand


---
On Camelot running Xubuntu and Plato running Ubuntu (both in desktop
versions), /run/resolveconf/resolv.conf is:
     # Dynamic resolv.conf(5) file for glibc resolver(3) generated by
resolvconf(8)
     #     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE
OVERWRITTEN
     nameserver 127.0.1.1
---

Like other people say, this points to dnsmasq as employed by
NetworkManager.

---

On gog and magog, running Ubuntu server 127.0.1.1 is replaced by an IP
that seems to be the router; at least pointing a browser at that IP gets
me the internal support page from the router.

---

This reveals that you are not running NetworkManager on the server.

---

Other oddities:
   gog and magog can find each other using nslookup(1), which reports
using the router as its server; neither one can find camelot or plato in
that way unless i add the parameter to make them use the router.

---

type "nmcli device show | grep DNS" on Camelot and Plato to see which
DNS servers they have automatically configured"

gog and magog don't have each other in /etc/hosts? Just checking.

---



Now on reflection (a day later) there is one ray of hope.  The the two
that use the router for DNS are running Ubuntu server, and they are the
ones that behave as I would prefer -- able to discover eachother by
their unqualified names (I can't really give them qualified names
anyway, because I only have one externally visible IP address, or can
I?).

---

Well there are two types of qualified names: private and internal to
your network, or public.

If you did have a public domain then.... dnsmasq running on one of your
servers could be configured as authorative for that public domain. That
means your internal hosts would get external names as well.

So camelot.kevinogorman would start to exist on the internet.

I mean camelot.kevinogorman.com, for example.

If you only have a private domain, then "camelot.local" is a "qualified
name" however this creates the issues we talked about in the other
thread. So if you want to not have to deal with that, you would pick
"camelot.l...", I mean "camelot.home" for instance, and that also is a
qualified name.

Now I don't know WHY your servers resolve those names.

- Do they have fixed IPs?
- Do they have router-supplied fixed IPS because you gave them a 'static
lease' ?

- Does the router supply a domain using DHCP?

- Do the servers have a "search" parameter in /etc/resolv.conf that
mentions that domain?

---
   I vaguely remember that the server install had a bunch of extras, most
of which I declined.  I think one of them may have been a DNS server.  
Seeing no need, I declined.  Could it be that the desktop installs have
a DNS server by default and that the installed DNS server is exposing
127.0.1.1 and it is inferior to the router or needs further
configuration?
---

The desktops are running a stripped down version of "dnsmasq" controlled
by NetworkManager.

"nmcli device show" and look for:

IP4.DOMAIN[1]:                          local

This domain is the domain that should be configured on your server.

On your router.

You must try to find if there is any "qualified" domain that is secretly
getting used.

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users