DNS lookup failed with IPFire 2.29-core189

Networking DNS
1

I have a internet router with 3 adapters as below (with ip 172.18.0.1 in internal network):
image
And dns lookup is active and running normally using dnslookup www.baidu.com

And there is another router named company router with 4 adpaters as below (ip 172.18.0.2 and internel ip 172.16.0.0/16)
And I have set the dns server to 172.18.0.1 using webui with url https//172.16.0.1:444/cgi-bin/pakfire.cgi

Howerver, I can not use dnslookup in terminal, howerver, when I specifically using 172.18.0.1 as dns server, I can get the ip of specified domain, thatā€™s why?

nslookup www.baidu.com
;; Got SERVFAIL reply from 127.0.0.1
Server: 127.0.0.1
Address: 127.0.0.1#53

** server can't find www.baidu.com: SERVFAIL


nslookup www.baidu.com 172.18.0.1

# get ip result successfully

And how can i solve this. And I even can not use pakfire update in
company router. And pakfire update is working normally in internet router:

1 Like
2

ip addr result of company router:
image

1 Like
3

DNS is run on port 53
just use the Ip address ā€œ172.16.0.1ā€ without Quotes
for your company router

4

Sorry, I donā€™t understand it. Do you mean I should use ā€œ172.16.0.1ā€ as the DNS server for company router? I use quotes here just for highlight the url.

1 Like
5

Yes.
Iā€™m assuming your company router is behind the first IPfire.
So if the first IPfire green is 172.16.0.0/24
And your company router red is connected there.

6

The first IPFire is internet router, with IP 172.18.0.1. Below is the network topology.

image
image630Ɨ722 106 KB

And Iā€™m wondering why internet routerā€™s dns resolve is running normally. However, the company routerā€™s dns resolve is running failure. And I have set the dns server of company router to 172.18.0.1 (which is the IP of company router).

7

no lookup data.

Well lets first examine the entries of Network=>Domain Name System Page in both internet and company routers.

The internet router should have at least one DNS entry that is the isp. Check the box and save if it is not there. Also you should have at least one public DNS as a redundant.

On the office network, it should have the 172.18.0.1 as one of the DNS servers, and a public dns address.

Next is green networkā€™s configuration on the internet router:
On the Networ+>DHCP Server page:

Primary DNS should be greenā€™s address (172.18.0.1)
Secondary DNS should be a public DNS (like 8.8.8.8 or 1.1.1.1 or 9.9.9.9 for example)

8

Iā€™m sorry for missing lookup data because new user can only upload one image for one post. So I can only reply you in multiple post.

I have checked that

  • on the company router, I have set 172.18.0.1 as the DN server, but there is no public dns address.
  • on the internet router, the primary DNS on green networkā€™s configuration on the internet router is set to 172.18.0.1. And I have not set the secondary DNS.

When I start internet and company routers. The DNS of respective router are as below:

image
image1685Ɨ681 171 KB

1 Like
9

And nslookup doesnā€™t work for both internet router and company router as below figure:

image
image1200Ɨ527 153 KB

1 Like
10

After I restart unbound in company router using /etc/init.d/unbound restart and wait a moment, then nslookup can work successfully in both internet router and company router, thatā€™s why?

image
image1201Ɨ527 147 KB

And what should I do to solve this weird problem?

1 Like
11

You should start here.

this need to be in a working state.
here is mine

Screenshot 2024-10-21 at 06-16-50 TP-LINK.localdomain - Domain Name System
Screenshot 2024-10-21 at 06-16-50 TP-LINK.localdomain - Domain Name System990Ɨ1638 129 KB

here is some recommended resolvers.

I donā€™t use a virtual router .
but it seams that both IPfires have ip range?
Are your virtual nics set up right?

1 Like
12

Iā€™m sure that my roterā€™s virtual nics set up right. My question is that why my DNS serversā€™ status is broken, but I can still use nslookup www.baidu.com successfully after using /etc/init.d/unbound restart?

image
image1480Ɨ571 138 KB

1 Like
13

Moreover, when I add a new DNS server with 8.8.8.8, the status is still broken but nslookup is still working normally as below:

image
image1474Ɨ577 166 KB

1 Like
14

There is no DNS server configured! DHCP of your internet access ( the VM?) sends 10.0.2.3 (where is this?) as DNS server, but for your internet router ISP assigned servers are not activated in the config.

1 Like
15

The status of 8.8.8.8 is ā€˜brokenā€™. Which message is displayed, if hovering over the stautus word?

I just checked with my system. The status for google DNS is ok.

16

10.0.2.3 is the dhcp server assigned by VMware (NAT adapter). And I am sure that 10.0.2.3 is working normally as below:
image

17

Now, The status of DNS Server is Working! But the status of 8.8.8.8 is still Not validating with message DNSSEC Aware.

image
image836Ɨ325 65 KB

1 Like
18

My question is above. When status of DNS Servers is broken, the internet router can still use nslookup normally after using /etc/init.d/unbound restart

But when I poweroff the internet router and start internet router again, nslookup can not work normally, but after restart /etc/init.d/unbound, nslookup work normally!!

1 Like
19

Iā€™m late to the party.
On the internet router, it is running in recursor mode as it couldnā€™t find a working DNS server.
The company router looks like it thinks it is failing because 172.18.0.1 is doing a reverse lookup to nothing. What happens if you add a DNS entry on the company router for 172.18.0.1?

20

172.18.0.1 is the ip address of internet router. My question is why internet routerā€™s nslookup can not running normally before running /etc/init.d/unbound restart. And after running /etc/init.d/unbound restart, nslookup can works fine.