1
23.7 Legacy Series / Re: dns name in alias resolution issues
« on: January 25, 2024, 12:11:48 pm »
Seems to be a different issue 
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
2
23.7 Legacy Series / Re: dns name in alias resolution issues
« on: January 22, 2024, 12:54:49 pm »3
23.7 Legacy Series / Re: dns name in alias resolution issues
« on: January 19, 2024, 12:35:50 pm »
Any known issue tracker for this ?
4
23.7 Legacy Series / Re: dns name in alias resolution issues
« on: January 16, 2024, 03:40:43 pm »
No Idea at all ?
5
23.7 Legacy Series / Re: dns name in alias resolution issues
« on: January 15, 2024, 05:02:01 pm »
A few more tests results from commandline
root@OPNsense:/usr/bin # drill heise.de
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 26134
;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 14
;; QUESTION SECTION:
;; heise.de. IN A
;; ANSWER SECTION:
heise.de. 86400 IN A 193.99.144.80
;; AUTHORITY SECTION:
. 90643 IN NS h.root-servers.net.
. 90643 IN NS m.root-servers.net.
. 90643 IN NS l.root-servers.net.
. 90643 IN NS b.root-servers.net.
. 90643 IN NS d.root-servers.net.
. 90643 IN NS a.root-servers.net.
. 90643 IN NS g.root-servers.net.
. 90643 IN NS f.root-servers.net.
. 90643 IN NS i.root-servers.net.
. 90643 IN NS e.root-servers.net.
. 90643 IN NS k.root-servers.net.
. 90643 IN NS j.root-servers.net.
. 90643 IN NS c.root-servers.net.
;; ADDITIONAL SECTION:
m.root-servers.net. 324886 IN A 202.12.27.33
h.root-servers.net. 76865 IN A 198.97.190.53
a.root-servers.net. 263107 IN A 198.41.0.4
c.root-servers.net. 138868 IN A 192.33.4.12
e.root-servers.net. 260655 IN A 192.203.230.10
i.root-servers.net. 264776 IN A 192.36.148.17
k.root-servers.net. 324975 IN A 193.0.14.129
j.root-servers.net. 325372 IN A 192.58.128.30
f.root-servers.net. 325953 IN A 192.5.5.241
l.root-servers.net. 325451 IN A 199.7.83.42
g.root-servers.net. 260656 IN A 192.112.36.4
d.root-servers.net. 326171 IN A 199.7.91.13
b.root-servers.net. 326860 IN A 170.247.170.2
m.root-servers.net. 264777 IN AAAA 2001:dc3::35
;; Query time: 260 msec
;; SERVER: 10.255.1.50
;; WHEN: Mon Jan 15 16:56:08 2024
;; MSG SIZE rcvd: 489
root@OPNsense:/usr/bin # drill artifactory.my-comp.com
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 7072
;; flags: qr rd ra ; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; artifactory.my-comp.com. IN A
;; ANSWER SECTION:
artifactory.my-comp.com. 1471 IN CNAME artifactory.global.my-comp.com.
artifactory.global.my-comp.com. 3643 IN A 172.22.51.78
;; AUTHORITY SECTION:
;; ADDITIONAL SECTION:
;; Query time: 0 msec
;; SERVER: 10.160.5.6
;; WHEN: Mon Jan 15 16:56:17 2024
;; MSG SIZE rcvd: 89
root@OPNsense:/usr/bin # drill artifactory-berlin1.my-comp.com
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 15703
;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 14
;; QUESTION SECTION:
;; artifactory-berlin1.my-comp.com. IN A
;; ANSWER SECTION:
artifactory-berlin1.my-comp.com. 1781 IN A 172.20.48.164
;; AUTHORITY SECTION:
. 90621 IN NS e.root-servers.net.
. 90621 IN NS h.root-servers.net.
. 90621 IN NS a.root-servers.net.
. 90621 IN NS d.root-servers.net.
. 90621 IN NS c.root-servers.net.
. 90621 IN NS k.root-servers.net.
. 90621 IN NS l.root-servers.net.
. 90621 IN NS b.root-servers.net.
. 90621 IN NS j.root-servers.net.
. 90621 IN NS i.root-servers.net.
. 90621 IN NS g.root-servers.net.
. 90621 IN NS m.root-servers.net.
. 90621 IN NS f.root-servers.net.
;; ADDITIONAL SECTION:
m.root-servers.net. 324864 IN A 202.12.27.33
h.root-servers.net. 76843 IN A 198.97.190.53
a.root-servers.net. 263085 IN A 198.41.0.4
c.root-servers.net. 138846 IN A 192.33.4.12
e.root-servers.net. 260633 IN A 192.203.230.10
i.root-servers.net. 264754 IN A 192.36.148.17
k.root-servers.net. 324953 IN A 193.0.14.129
j.root-servers.net. 325350 IN A 192.58.128.30
f.root-servers.net. 325931 IN A 192.5.5.241
l.root-servers.net. 325429 IN A 199.7.83.42
g.root-servers.net. 260634 IN A 192.112.36.4
d.root-servers.net. 326149 IN A 199.7.91.13
b.root-servers.net. 326838 IN A 170.247.170.2
m.root-servers.net. 264755 IN AAAA 2001:dc3::35
;; Query time: 134 msec
;; SERVER: 10.255.1.50
;; WHEN: Mon Jan 15 16:56:31 2024
;; MSG SIZE rcvd: 511
root@OPNsense:/usr/bin # ping artifactory-berlin1.my-comp.com
ping: Unknown host
root@OPNsense:/usr/bin # ping heise.de
PING heise.de (193.99.144.80): 56 data bytes
64 bytes from 193.99.144.80: icmp_seq=0 ttl=243 time=13.168 ms
^C
--- heise.de ping statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 13.168/13.168/13.168/0.000 ms
root@OPNsense:/usr/bin # ping artifactory.my-comp.com
ping: Unknown host
root@OPNsense:/usr/bin #
root@OPNsense:/usr/bin # drill heise.de
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 26134
;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 14
;; QUESTION SECTION:
;; heise.de. IN A
;; ANSWER SECTION:
heise.de. 86400 IN A 193.99.144.80
;; AUTHORITY SECTION:
. 90643 IN NS h.root-servers.net.
. 90643 IN NS m.root-servers.net.
. 90643 IN NS l.root-servers.net.
. 90643 IN NS b.root-servers.net.
. 90643 IN NS d.root-servers.net.
. 90643 IN NS a.root-servers.net.
. 90643 IN NS g.root-servers.net.
. 90643 IN NS f.root-servers.net.
. 90643 IN NS i.root-servers.net.
. 90643 IN NS e.root-servers.net.
. 90643 IN NS k.root-servers.net.
. 90643 IN NS j.root-servers.net.
. 90643 IN NS c.root-servers.net.
;; ADDITIONAL SECTION:
m.root-servers.net. 324886 IN A 202.12.27.33
h.root-servers.net. 76865 IN A 198.97.190.53
a.root-servers.net. 263107 IN A 198.41.0.4
c.root-servers.net. 138868 IN A 192.33.4.12
e.root-servers.net. 260655 IN A 192.203.230.10
i.root-servers.net. 264776 IN A 192.36.148.17
k.root-servers.net. 324975 IN A 193.0.14.129
j.root-servers.net. 325372 IN A 192.58.128.30
f.root-servers.net. 325953 IN A 192.5.5.241
l.root-servers.net. 325451 IN A 199.7.83.42
g.root-servers.net. 260656 IN A 192.112.36.4
d.root-servers.net. 326171 IN A 199.7.91.13
b.root-servers.net. 326860 IN A 170.247.170.2
m.root-servers.net. 264777 IN AAAA 2001:dc3::35
;; Query time: 260 msec
;; SERVER: 10.255.1.50
;; WHEN: Mon Jan 15 16:56:08 2024
;; MSG SIZE rcvd: 489
root@OPNsense:/usr/bin # drill artifactory.my-comp.com
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 7072
;; flags: qr rd ra ; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; artifactory.my-comp.com. IN A
;; ANSWER SECTION:
artifactory.my-comp.com. 1471 IN CNAME artifactory.global.my-comp.com.
artifactory.global.my-comp.com. 3643 IN A 172.22.51.78
;; AUTHORITY SECTION:
;; ADDITIONAL SECTION:
;; Query time: 0 msec
;; SERVER: 10.160.5.6
;; WHEN: Mon Jan 15 16:56:17 2024
;; MSG SIZE rcvd: 89
root@OPNsense:/usr/bin # drill artifactory-berlin1.my-comp.com
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 15703
;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 14
;; QUESTION SECTION:
;; artifactory-berlin1.my-comp.com. IN A
;; ANSWER SECTION:
artifactory-berlin1.my-comp.com. 1781 IN A 172.20.48.164
;; AUTHORITY SECTION:
. 90621 IN NS e.root-servers.net.
. 90621 IN NS h.root-servers.net.
. 90621 IN NS a.root-servers.net.
. 90621 IN NS d.root-servers.net.
. 90621 IN NS c.root-servers.net.
. 90621 IN NS k.root-servers.net.
. 90621 IN NS l.root-servers.net.
. 90621 IN NS b.root-servers.net.
. 90621 IN NS j.root-servers.net.
. 90621 IN NS i.root-servers.net.
. 90621 IN NS g.root-servers.net.
. 90621 IN NS m.root-servers.net.
. 90621 IN NS f.root-servers.net.
;; ADDITIONAL SECTION:
m.root-servers.net. 324864 IN A 202.12.27.33
h.root-servers.net. 76843 IN A 198.97.190.53
a.root-servers.net. 263085 IN A 198.41.0.4
c.root-servers.net. 138846 IN A 192.33.4.12
e.root-servers.net. 260633 IN A 192.203.230.10
i.root-servers.net. 264754 IN A 192.36.148.17
k.root-servers.net. 324953 IN A 193.0.14.129
j.root-servers.net. 325350 IN A 192.58.128.30
f.root-servers.net. 325931 IN A 192.5.5.241
l.root-servers.net. 325429 IN A 199.7.83.42
g.root-servers.net. 260634 IN A 192.112.36.4
d.root-servers.net. 326149 IN A 199.7.91.13
b.root-servers.net. 326838 IN A 170.247.170.2
m.root-servers.net. 264755 IN AAAA 2001:dc3::35
;; Query time: 134 msec
;; SERVER: 10.255.1.50
;; WHEN: Mon Jan 15 16:56:31 2024
;; MSG SIZE rcvd: 511
root@OPNsense:/usr/bin # ping artifactory-berlin1.my-comp.com
ping: Unknown host
root@OPNsense:/usr/bin # ping heise.de
PING heise.de (193.99.144.80): 56 data bytes
64 bytes from 193.99.144.80: icmp_seq=0 ttl=243 time=13.168 ms
^C
--- heise.de ping statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 13.168/13.168/13.168/0.000 ms
root@OPNsense:/usr/bin # ping artifactory.my-comp.com
ping: Unknown host
root@OPNsense:/usr/bin #
6
23.7 Legacy Series / dns name in alias resolution issues
« on: January 15, 2024, 03:35:39 pm »
I do have an dns issue.
The name is resolved fine (Interfaces: Diagnostics: DNS Lookup) A and AAAA record returned with an in CNAME ..
But the ping (Interfaces: Diagnostics: Ping) returns cannot resolve artifactory.<removed>.com: No address associated with name
As result the hosts alias is not resolved correctly and the firewall blocks the traffic.
BTW. This is only valid for a few addresses not all.
In the firewall:
x.mycomp.com ... is ok
y.mycomp.com ... is not ok
The host behind the firewall can resolve BOTH addresses and starts pinging. Both FW and Host using the same dns
The name is resolved fine (Interfaces: Diagnostics: DNS Lookup) A and AAAA record returned with an in CNAME ..
But the ping (Interfaces: Diagnostics: Ping) returns cannot resolve artifactory.<removed>.com: No address associated with name
As result the hosts alias is not resolved correctly and the firewall blocks the traffic.
BTW. This is only valid for a few addresses not all.
In the firewall:
x.mycomp.com ... is ok
y.mycomp.com ... is not ok
The host behind the firewall can resolve BOTH addresses and starts pinging. Both FW and Host using the same dns
7
23.7 Legacy Series / Re: Alias Host(s) - are not resolved..
« on: October 05, 2023, 06:42:03 pm »
Hmm Alias is defined... opensense1.jpg
and used opensense2.jpg
If I use an ip instead of the alias.. for destination it works fine
and used opensense2.jpg
If I use an ip instead of the alias.. for destination it works fine
8
23.7 Legacy Series / Alias Host(s) - are not resolved..
« on: October 05, 2023, 05:11:22 pm »
It looks like the aliases are not resolved
I have added a couple of fqdn in a host alias but they are not resolved into an IP. I added a ip to the aliases list and it works...
So which way goes the host resolve process ? The interface-diagnostics-dnslookup works fine.
I have added a couple of fqdn in a host alias but they are not resolved into an IP. I added a ip to the aliases list and it works...
So which way goes the host resolve process ? The interface-diagnostics-dnslookup works fine.
Pages: [1]