SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264

0000258: Cannot nslookup hosts that where ip address is provided by DHCP - MantisBT
MantisBT - Endian Firewall
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0000258Endian FirewallNetwork related (VPN, uplinks)public2007-09-10 05:342011-12-29 16:37
Reporterjaebird 
Assigned Topeter-endian 
PrioritynormalSeverityminorReproducibilityalways
StatusassignedResolutionopen 
PlatformOSOS Version
Product Version2.1.2 
Target VersionfutureFixed in Version 
Customer Importance
Customer Occurrences
Queue
Summary0000258: Cannot nslookup hosts that where ip address is provided by DHCP
DescriptionAlthough this works fine in IPCop, it doesn't seem to work in EFW. Not sure if there is a configuration issue or a bug in EFW. Hosts that are in the "Edit Hosts" can be looked up fine.
Steps To Reproduce
Additional Information
TagsNo tags attached.
Relationships
has duplicate 0000520confirmed  dhcp does not update DNS information 
Attached Filesgz watchleaseshosts.tar.gz (5,162) 2008-02-03 02:26
https://bugs.endian.com/file_download.php?file_id=78&type=bug
gz watchleaseshosts_0.0.2.tar.gz (4,937) 2008-04-11 14:41
https://bugs.endian.com/file_download.php?file_id=101&type=bug
Issue History
Date ModifiedUsernameFieldChange
2007-09-10 05:34jaebirdNew Issue
2007-10-06 01:00PikkoriNote Added: 0000522
2007-10-06 01:57jaebirdNote Added: 0000523
2007-10-06 01:59jaebirdNote Edited: 0000523
2007-10-06 01:59jaebirdNote Edited: 0000523
2007-10-06 02:36PikkoriNote Added: 0000524
2007-10-06 02:36PikkoriNote Edited: 0000524
2007-10-06 14:16jaebirdNote Added: 0000525
2007-10-06 17:43PikkoriNote Added: 0000526
2007-10-27 17:53peter-endianNote Added: 0000541
2007-10-27 17:53peter-endianAssigned To => peter-endian
2007-10-27 17:53peter-endianStatusnew => confirmed
2008-01-24 20:43jaebirdNote Added: 0000851
2008-01-24 20:45jaebirdNote Edited: 0000851
2008-01-31 23:27wyc_93Note Added: 0000875
2008-02-01 01:36jaebirdNote Added: 0000876
2008-02-01 13:40wyc_93Note Added: 0000877
2008-02-03 02:26jaebirdFile Added: watchleaseshosts.tar.gz
2008-02-03 02:27jaebirdNote Added: 0000882
2008-03-04 15:25peter-endianTarget Version => 2.2-beta4
2008-03-04 15:25peter-endianRelationship addedhas duplicate 0000520
2008-04-11 14:41jaebirdFile Added: watchleaseshosts_0.0.2.tar.gz
2008-04-11 14:46jaebirdNote Added: 0000986
2008-04-12 02:23jaebirdNote Edited: 0000986
2008-04-22 14:45ra-endianTarget Version2.2-beta4 => 2.2-rc1
2008-05-09 15:00peter-endianTarget Version2.2-rc1 => 2.2
2008-05-20 12:15DevroushNote Added: 0001210
2008-05-20 12:57peter-endianNote Added: 0001211
2008-09-10 15:41chris-endianTarget Version2.2 => 2.3
2008-09-10 15:58chris-endianTarget Version2.3 => future
2009-12-19 01:38jaebirdNote Added: 0003599
2010-01-21 18:10peter-endianTarget Versionfuture => codename: angry armadillo
2010-01-21 18:10peter-endianStatusconfirmed => assigned
2010-06-14 16:01peter-endianTarget Version2.4 => future
2011-12-29 16:37jaebirdNote Added: 0007587

Notes
(0000522)
Pikkori   
2007-10-06 01:00   
Make ssh session
Check Your resolv.conf
it should reside here : /var/efw/red/resolv.conf
do cat /var/efw/red/resolv.conf
what it says ? It should prompt You with Youre nameservers.

or use netwizard in configuring nameservers If You haven't done that.

Regards
Tom-Pele
(0000523)
jaebird   
2007-10-06 01:57   
(edited on: 2007-10-06 01:59)
My resolv.conf has both primary and secondary nameservers as it should, and the configuration is working for external DNS lookups (web browsing, ftp, etc), ie Internet. But my internal networked PCs that have a DHCP lease are not added to the dnsmasq and they are not reachable by name from within the network.

machine1 on green gets IP from EndianFirewall through dhcp
machine2 on green gets IP from EndianFirewall through dhcp

Both machine1 and machine2 are using EndianFirewall as DNS server as per the DHCP pushed out settings.

machine1 cannot ping machine2 by name. Ping by IP address works of course.

Like I mentioned initially, this behavior works in the current version of IPCop

There must be something with the ipchains (i have no idea actually) that is causing this.

Thanks,

Jae
(0000524)
Pikkori   
2007-10-06 02:36   
From GUI (https://mydomain:10443 [^]) / https://IP:10443 [^])
Services
 - DHCP Server
   - DHCP Configuration

On Green interface
Be sure to fill out Primary DNS and Secondary DNS.
If so check Firewall tab and check green has access to port 53 outgoing
- or make sure You can access /make querys from within the green zone to the nameserver You are quering.

Hope this helps
Regards Tom-Pele
(0000525)
jaebird   
2007-10-06 14:16   
Maybe I'm not explaining clearly what my problem is. All of my machines in the Green network CAN access the internet and do dns queries of EXTERNAL entities (google.com, yahoo.com, etc). The problem is that the machines cannot see each other by name.

The DNS for the Green interface is the ip address of the firewall pc. This way all DNS request go to the firewall which forwards them to the external DNS servers.

My problem is that the firewall does not resolve green interfaced PCs by name that are setup with DHCP. Statically assigned IP addressed machines resolve fine, because they are put in the host file of the firewall.

Thanks,
Jae
(0000526)
Pikkori   
2007-10-06 17:43   
I think of two things :

1) DDNS maybe this what Youre looking for
or
2) Enable Netbios on green zone

Interestingly I looked after ddns in IPcop as you mentioned, nevertherless I cannot find it; thus I noticed DNRD i FAQ pages. Maybe that is what Your looking for that is not supported in Endian ?

Regards Tom-Pele
(0000541)
peter-endian   
2007-10-27 17:53   
Unfortunately our dnsmasq version does not support this feature anymore, or i did not find how to use it. That's because dnsmasq now is a DHCP server itself, but we don't want to use the DHCP functionality since we already have a DHCP server.

For now this will not work anymore. Hope to fix it in future versions.
(0000851)
jaebird   
2008-01-24 20:43   
(edited on: 2008-01-24 20:45)
root@endianfw:/etc/dnsmasq # /usr/sbin/dnsmasq -v
Dnsmasq version 2.38 Copyright (C) 2000-2007 Simon Kelley
Compile time options IPv6 GNU-getopt no-ISC-leasefile no-DBus no-I18N TFTP


It is currently not compiled with ISC support enabled, "no-ISC-leasefile". Can we get it compiled with support? Please?
(0000875)
wyc_93   
2008-01-31 23:27   
when compiling dnsmasq from source, you can enable the parsing of ISC leasefiles by first grepping for:

*/ #define HAVE_ISC_READER */

and then uncommenting it (e.g.):

#define HAVE_ISC_READER


FYI - I tried recompiling dnsmasq and using the new binary in place of the stock one, but it didn't work (it would start when I did a "/etc/init.d/dnsmasq restart" but when I tried an nslookup of any sort, it would refuse a connection. Unfortunately, I'm not a programmer, so at this point I've hit the limits of my ability!
(0000876)
jaebird   
2008-02-01 01:36   
I have created a python script which watches for changes to the /var/lib/dhcp/dhcp.leases file. Whenever it changes a special hosts file is updated (similar to the way OpenVPN works) to the latest version. This allows local hosts to be resolved and seems to work good. I start the script at boot and it just sits there looking for changes.

The script includes some gpl code i found around the net so it could be redistributed under like license if this is something people want. I figured this was less intrusive to the "endian" way and does not rely on dnsmasq having ISC "aware" compile flags.
(0000877)
wyc_93   
2008-02-01 13:40   
jaebird,

I'd definitely be interested in your script. Do you have it hosted/documented anywhere? You can reach me at wyc_93-AT-yahoo.com. . .


peter,

the note I left previously (0000875) compiles dnsmasq with the ability to parse ISC leasefiles, which can then be turned on by adding:

dhcp-leasefile=/var/lib/dhcp/dhcpd.leases

to the dnsmasq.conf file. It should be noted that the dnsmasq author does state that this function is deprecated, and may be removed in the future (in fact it was already removed once, but was put back in due to popular demand).

regards, and thanks for the great work!

walter
(0000882)
jaebird   
2008-02-03 02:27   
I attached my watchleaseshosts python script and supporting files. There is a readme in the archive that describes how I set it up on Endian. Good luck!
(0000986)
jaebird   
2008-04-11 14:46   
(edited on: 2008-04-12 02:23)
Uploaded the newest version of the watchleaseshosts script. I found a problem with devices that would connect via multiple network addresses (ie Ethernet and wifi). Since the script did not differentiate between them, both ended up in the dnsmasq custom hosts file. dnsmasq would then pull one of them during an nslookup (which was usually the wrong one!).

Now the script uses the newest lease for a particular host for the host file. This means that when you undock your notebook, the wifi should do a dhclient and dnsmasq should resolve to the new address.

Cheers.
(0001210)
Devroush   
2008-05-20 12:15   
Your script was a great help jaebird! However, I'd also like this functionality to be implemented in Endian Firewall instead of having to rely on a jaebird's script :)
(0001211)
peter-endian   
2008-05-20 12:57   
it's on our roadmap
(0003599)
jaebird   
2009-12-19 01:38   
I'm amazed that I still rely on my hacked up script! Where is this on the roadmap by now?

Thanks.
(0007587)
jaebird   
2011-12-29 16:37   
I'm still using my script. Is this fixed in 2.5? The release notes I found were rather thin. Is there a published roadmap? I'm getting the feeling that "community" is defined differently here than other OSS projects.