Unbound DNS failure to properly resolve

Started by lshantz, April 16, 2024, 08:34:49 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
April 16, 2024, 08:34:49 PM
I apparently have a lack of understand on how to make my unbound DNS to do what I want.

I have a unique setup I guess. I have two Synology NAS units. I wanted faster throughput so bought 2 10gbps NICS. I attempted to connect the high speed cable to my switch to only find out that even though it has 2 Fiber ports, they support 1gbps! WHY!? Dumb.. so as a work around, I have connected the cable directly from one NAS to the other. This is when my problems began. So to kind of draw a word picture:
NAS 1 has 2 IP addresses.
NIC 1 is on 192.168.100.x
NIC 5 is on 192.168.1.x (high speed)

NAS 2 has 2 IP addresss.
NIC 1 is on 192.168.100.x
NIC 5 is on 192.168.1.x (high speed)

All of a sudden my SMB server names started dropping out. I can still connect via IP, but when I drop to bash and ping from a workstation on the .100 subnet, NAS1 is is trying to resolve to NIC5!! I do not understand how this is even possible, but, if I ping NAS.FQDN, it resolves properly to NIC1.

So I went and added over rides in Unbound. I gave it the server name with proper IP address  and that did not work. I then added under aliases the server name and still no go.

So what am I doing wrong? How can I get it to properly resolve everytime? I have tried under general to add A record registration, I have tried changing the local Zone Types, but nothing seems to work. I don't even understand how Unbound even knows those NIC5's exist, since they are not connected anywhere except to each other. I also tried making those NIC5 gateways each other.
April 16, 2024, 10:08:15 PM #1
Hi,

congratulations for finding out the difference between SFP and SFP+. Anyway, you blame unbound for something it has nothing to do with.

Without the full qualified name you end up using mdns and your NAS seems to incorrectly announce the high speed NIC. A possible way to go might be defining the search domain in DHCP in order to pull all name resolutions to a full qualified name. Search domain is the rest of your fqdn after the hostname.

Technically, you created an unreachable second network segment. Maybe you can also tweak the NAS systems.
April 17, 2024, 11:03:02 PM #2
Hi,

192.168.100.x vs 192.168.1.x are close to each other in 3rd octett and easy to overlook, any chance you just have a typo confusing 1 vs 100 or vice-versa somewhere?

Primary focus should be to fix the DNS setup and avoid the NAS' resolution to the NAS only private network (.1).

In the unlikely event you cannot fix this, a workaround strategy will be to have opnsense knowing a route to these NAS IPs.

system / routes
* add 192.168.1.<NAS1-IP> via gateway 192.168.100.<NAS1-IP>
* add 192.168.1.<NAS2-IP> via gateway 192.168.100.<NAS2-IP>

This will allow opnsense to start acting as router and understand how to reach these NAS private network IPs. But please be aware this can cause asymetric routing, clients reaching NAS1 on 192.168.1.<NAS1> go via opnsense but NAS1 answers can go directly as NAS1 knows clients from 192.168.100.0/24 are directly connected. opnsense firewall connection tracking will not like this. If you really go this path you need to make the firewall stateless for this special IP communication.

Hope it helps anyway.

April 20, 2024, 07:04:57 AM #3
This thing is driving me nuts.

I'm not totally understanding. Are you saying to add the route to the NAS or the firewall? You can't just add a route in the firewall under system without adding things. For instance, under my gateway selection is just the WAN port. So you must mean on the NAS?
April 20, 2024, 07:17:54 AM #4
Quote from: lshantz on April 20, 2024, 07:04:57 AM
This thing is driving me nuts.

I'm not totally understanding. Are you saying to add the route to the NAS or the firewall? You can't just add a route in the firewall under system without adding things. For instance, under my gateway selection is just the WAN port. So you must mean on the NAS?
W88 la nha cai ca cuoc truc tuyen uy tin va pho bien tai Viet Nam, mang den trai nghiem da dang voi cac tro choi.
https://w88dangnhap1.com/
April 20, 2024, 10:25:46 AM #5
Hi,

you basically have three options:
1) buy a proper switch to connect the 10GB NICs with the rest of your network. The 1GBE NICs can then be left empty

2) Enable routing (Ip forwarding) on one NAS, create s transfer network (VLAN) with OPNsense that routing enabled NAS, define route from OPNsense to that NAS as gateway for the network with the high speed connection.

3) keep unbound configured as is and use DNS instead of mDNS by using fqdn or plain IP addresses


The complexity in 2) prevents assymetric routing.
April 20, 2024, 07:02:06 PM #6
Okay, thanks. Was sure hoping to avoid another expensive switch. I just figured it should be simple to direct connect the two to each other, but apparently not so much.
Print
Go Up Pages1
User actions