[7.450][BUG][ACK] uplink failover and DNS forwarders problems

[BuBU]

Hi

I've 2 connections:

1 for PPPOE (ADSL) and 1 for Cable/Modem (DHCP) Fiber Chanel...

I've set uplink in failover mode with Fiber Chanel at top priority.

First of if I do not reboot I've error on the dashboard for the fiber interface and internet connection does not seem to work... Then after reboot if I check the DNS Forwarders page where forwarders from my ISPs is checked, at bottom I've forwarders even for the PPPOE interface (instead of fiber DNS only) and DNS is not working until I set the modem/router IP into my local /etc/resolv.conf file !

using my asg IP I've:

Code:

~> nslookup web1.-----.com 192.168.9.1
;; connection timed out; no servers could be reached

using my modem/router IP I've:

Code:

~> nslookup web1.-----.com 192.168.99.254
Server:		192.168.99.254
Address:	192.168.99.254#53

Name:	web1.-----.com
Address: 172.18.103.11

edit1: (192.168.99.254 is my Fiber modem/router)
edit2: and of course I have no deny/reject rule into packet filter...

(I've of course hidden the web1.---.com hostname)

edit3: seems to be an IPS+DNS problem

thx

[BuBU]

I've same behaviour on a fresh install with a different hardware (first was on an asg 120 with 7.40x restored backup, and second is on a VM under VirtualBox 2.2.4)...

I did a fresh install from scratch using wizard... then removed generated packet filter rules to have only Internal -> Any -> Internet...

nslookup was still working but I added 2 new Site2Site IPSec VPNs that was not working in initial step so I rebooted, the VPNs are working but I have now DNS problems

thx

[BuBU]

yesterday I did a fresh install for 7.403 from scratch, all was working fine as expected during all the day... even after reboot...

then I did a backup, and installed a new fresh 7.450 under virtualbox 2.2.4 and through the wizard I restored my 7.403 backup... and I got same DNS problems...

so something is really wrong with DNS on 7.450...

thx

edit1: this time I did not used any uplink... using a regular ethernet connection to internet with default gateway and named DNS forwarder... (same config is working fine on 7.403)

[ee-tra]

Bubu, can you please enter following commands when the nameserver
is not reachable. They gather information about the routing tables.

By setting up your config I came across an issue
with the default routes. That could prevent reaching the nameserver.

# ip route show table default
and
# ip route get 192.168.9.1

[BuBU]

Quote:

Originally Posted by ee-tra

Bubu, can you please enter following commands when the nameserver
is not reachable. They gather information about the routing tables.

By setting up your config I came across an issue
with the default routes. That could prevent reaching the nameserver.

# ip route show table default
and
# ip route get 192.168.9.1

Hi

here is the result... I was using asg 7.403 since 1 or 2 days without problems and just switched to 7.450 (with same 7.403 config/backup) and got the problems imediately...

Code:

asg:/root # ip route show table default
default via 192.168.99.254 dev eth1  proto kernel onlink

Code:

asg:/root # ip route get 192.168.9.1
local 192.168.9.1 dev lo  src 192.168.9.1 
    cache <local>  mtu 16436 advmss 16396 fragtimeout 64
asg:/root #

thx

[BuBU]

ok seems this has to go with DNS private stuff:

disabling IPS did the trick..

so seems to be same problem has Billibob found today in:

[7.450] BUG: Static DNS entries does not resolve when http proxy disabled?

so seems now with the new ruleset you added we can't resolv names for private IPs...

also I've tried to add an exception for my internal network but seems it did not helped.. I really need to disable IPS, so maybe also something wrong with IPS exceptions and DNS lookup ? as soon as I disable IPS I can resolv new names...

thx

[Astaro Beta Bot]

Code:

Astaro Beta Report
--------------------------------
Version: 7.450
Type: DUPE
State: DUPE
Reporter: BuBU
Contributor: 
MantisID: 
--------------------------------