Skip to content

Instantly share code, notes, and snippets.

@todgru

todgru/dns-troubleshooting.md

Last active October 18, 2019 02:31
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save todgru/bc238b7d7bb438f37b181e16b5b441d7 to your computer and use it in GitHub Desktop.
Save todgru/bc238b7d7bb438f37b181e16b5b441d7 to your computer and use it in GitHub Desktop.
Download ZIP
setting up dnsmasq on raspberry pi nmap ports dns
Raw
dns-troubleshooting.md

Local DNS dnsmasq

Use case

I wanted to have an outside domain name resolve to a computer inside my local private network. I am tyring out duckdns.org to handle the resolution. The DNS resolves fine outside of my local network, yet locally the fqdn will not resolve. To enable this, a local dns needs to handle the request, routing to the local server.

This is where the raspberry pi dns comes in. I'm running Raspbian GNU/Linux 9 (stretch), a Debian variant. http://www.raspbian.org/

NOTE

I have been unable to get dnsmasq to start correctly on reboot. Nothing stands out in daemon.log. sudo service dnsmasq status shows one particular line that is different from the status of a reboot vs a manual service restart:

Ignoring query from non-local network

I've tried unsuccessfully to use systemd recipe to control the service following this https://unix.stackexchange.com/a/355661/108169 Also tried to use the debian systemd service recipe from the author's repo https://raw.githubusercontent.com/imp/dnsmasq/master/debian/systemd.service

Finally, resorted to @reboot in crontab. but that didnt' work either.

So, for now, after every reboot, I need to manually restart dnsmasq sudo service dsnmasq restart.

dnsmasq setup

Initial instructions for dnsmasq DNS only, taken from here: https://kristianreese.com/2019/05/06/Home-Lab-DNS-Using-dnsmasq-and-Puppet/ This will use the /etc/hosts file as the lookup to resolve the hostnames to ip's.

the final dnsmasq.conf

domain-needed
bogus-priv
domain=foureyes
expand-hosts
local=/foureyes/
no-dhcp-interface=eth0
no-resolv
no-poll
# open dns
server=208.67.222.222
server=208.67.220.220

The final /etc/hosts - I only added the last line. Everything else was already there.

127.0.0.1	localhost
::1		localhost ip6-localhost ip6-loopback
ff02::1		ip6-allnodes
ff02::2		ip6-allrouters

127.0.1.1	raspberrypi

192.168.0.69 testsite.foureyes testsite

When I got this runing on the pi, with static ip 192.168.0.10, I could lookup the DNS entries locally:

$ nslookup testsite 192.168.0.10
Server:		192.168.0.10
Address:	192.168.0.10#53

Name:	testsite
Address: 192.168.0.69

But on a local machine on the same network, I could not resolve the local route. dig produced a similar timeout.

nslookup testsite 192.168.0.10
;; connection timed out; no servers could be reached

After many hours of research and troubleshooting I realized port 53 was not open on the pi. Reading through https://raspberrypi.stackexchange.com/a/79481/21929 led me to ufw. Turns out ufw is installed on the pi and was handling the port mapping. Only a handful of ports where open - but not port 53.

See the debug section below on how to probe ports on your local lan. This helped determine what ports where open.

Opening port 53

sudo ufw allow 53
sudo ufw enable
sudo reboot

Now, the current port list:

$ sudo ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
5900                       ALLOW IN    Anywhere
22                         ALLOW IN    Anywhere
3000                       ALLOW IN    Anywhere
53                         ALLOW IN    Anywhere
5900 (v6)                  ALLOW IN    Anywhere (v6)
22 (v6)                    ALLOW IN    Anywhere (v6)
3000 (v6)                  ALLOW IN    Anywhere (v6)
53 (v6)                    ALLOW IN    Anywhere (v6)

OMG now the route resolves!

From the other local machine:

$ nslookup testsite 192.168.0.10
Server:		192.168.0.10
Address:	192.168.0.10#53

Name:	testsite
Address: 192.168.0.69

Debug tools - used while cursing my profession and hobbies

Below are a few tools I ignorantly used to troubleshoot. nslookup and dig produce similar results for me. I'm sure they have some other uses that differentiate one from the other.

nslookup

$ nslookup domainName dnsServerIP

dig

dig @dnsServerIP domainName

nmap

see what ports are open on a remote ip. this tool I found the most useful.

$ nmap -Pn 192.168.0.10

Starting Nmap 7.70 ( https://nmap.org ) at 2019-01-05 20:41 PST
Nmap scan report for 192.168.0.10
Host is up (0.0059s latency).
Not shown: 997 filtered ports
PORT     STATE SERVICE
22/tcp   open  ssh
3000/tcp open  ppp
5900/tcp open  vnc

Nmap done: 1 IP address (1 host up) scanned in 6.52 seconds

Using Rasperry PI as a local DNS resolver

Once the pi is running dnsmasq with the correct ports open, I added the pi's static ip address to the wifi router. This is the router that came from my isp. It also handles all DHCP for the lan.

Now all machines on the network can resolve these local domain names.

@ktreese
Copy link

ktreese commented May 6, 2019

I've relocated my article from the link above to https://kristianreese.com/2019/05/06/Home-Lab-DNS-Using-dnsmasq-and-Puppet/

Just FYI! Thanks for linking

@todgru
Copy link
Author

todgru commented Oct 15, 2019

@ktreese thanks for the update! 👍 gist updated.

@ktreese
Copy link

ktreese commented Oct 18, 2019

Awesome! Thanks! 💯

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment