Internal DNS (over a VPN)

Hello,

I have RUT240 router in a branch office. There is a IPsec VPN with the main office, and the Internal DNS are in the main office.
The clients in the branch office LAN receice the IP address by the DHCP service of the RUT240.
But sometimes the DNS stops resolving the internal names (a .local domain). At the moment, the only workaround is to invert the orded of the DNS server in the DNS menu.
I think that maybe the “DNS process” is not working properly… how can I check if the service is running? What is the name of the process?

Thank you

Hello,
The name of the dns process is dnsmasq.
Do you use static leases ? Have you set dns forwarders in the main office ? How is the local dns configured ?

Regards,

Hello,
thank you for your reply.
Yes, I use static lease (DHCP section) on the Teltonika router. In the DNS section used the internal DNS server as forwarders.
Looking at the configuration files, this is the resolv.conf:

root@RUT241:~# cat /etc/resolv.conf
search lan
nameserver 127.0.0.1
nameserver ::1


and this is /etc/config/dhcp

root@RUT241:~# cat /etc/config/dhcp

config dnsmasq
option domainneeded ‘1’
option filterwin2k ‘0’
option localise_queries ‘1’
option rebind_localhost ‘1’
option local ‘/lan/’
option domain ‘lan’
option expandhosts ‘1’
option nonegcache ‘0’
option authoritative ‘1’
option readethers ‘1’
option leasefile ‘/tmp/dhcp.leases’
option nonwildcard ‘1’
option ednspacket_max ‘1232’
option dhcpscript ‘/usr/sbin/dhcpinfo.sh’
option boguspriv ‘0’
option interface ‘mob1s1a1 lan’
option rebind_protection ‘1’
option localservice ‘1’
option logqueries ‘1’
list server ‘10.10.1.1’
list server ‘10.10.1.2’

config dhcp ‘wan’
option interface ‘wan’
option ignore ‘1’

config dhcp ‘lan’
option interface ‘lan’
option relay_enabled ‘0’
option force ‘0’
option leasetime ‘12h’
option start ‘100’
option limit ‘51’

config host
option name ‘Zebra’
option ip ‘192.168.1.68’
option mac ‘AC:3F:A4:D1:BD:8E’


The crazy thing is that, if I use nslookup, I have two answers:

oot@RUT241:~# nslookup servizi.newims.local
Server: 127.0.0.1
Address: 127.0.0.1#53

Name: servizi.newims.local
Address 1: 10.10.1.21
*** Can’t find servizi.newims.local: No answer


The name is correctly resolved (servizi.newims.local → 10.10.1.21) but, at the same time, there is a “No answer” message!

1 - disable rebind_protection and localservice
2 - add the IPaddr / name pairs to /etc/hosts, this way dnsmasq will be able to reply even if the dhcp client isn’t connected
3 - *** Can’t find servizi.newims.local: No answer ==> this happens if you don’t have IPv6 configured.

Hello,

I disabled rebind_protection and localservice, I edited the /etc/hosts file, but the problem is still there :frowning:
The only trick I can use is to switch the order of rded of the DNS server in the DNS menu.

I will try another configuration: I will use DHCP option 6 and option 15 to force the clients to contact directly the remote DNS and not to send requests to the RUT240

Hello,

I’d also recommend trying to disable the following option in System → Administration → Access Control:


Additionally, verify that the rebind protection was disabled in Network → DNS menu:
image

Best regards,

OK I will try. But there is a thing I still don’t undestand: I’m looking at the /etc/resolv.conf file and at the /etc/dnsmasq.conf file. The first one only contains
search lan
nameserver 127.0.0.1
The second one only contains lines starting with “#” (comments). Where can I find the DNS used bye the RUT240?

Hello,

If you’re referring to the hosts file, then it can be added to /etc/resolv.conf. The hosts that are being resolved from their hostname are taken from the DHCP leases list at /tmp/dhcp.leases.
Let me know if I misunderstood your question.

Best regards,

This topic was automatically closed after 15 days. New replies are no longer allowed.