LISTSERV - SCIENTIFIC-LINUX-USERS Archives

SCIENTIFIC-LINUX-USERS Archives

October 2011

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-USERS Home
	SCIENTIFIC-LINUX-USERS October 2011

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: DNS/DHCP problems
From:	"~Stack~" <[log in to unmask]>
Reply To:	~Stack~
Date:	Thu, 6 Oct 2011 21:21:06 -0500
Content-Type:	text/plain
Parts/Attachments:	text/plain (150 lines)

Hello again everyone!

After quite a bit of reading and thought I came to the conclusion that
no matter how I did this project, I am stuck with having multiple
subnets on one group of switches (I can't easily pull those apart). This
means that I am going to have to maintain a list of MAC
addresses/names/IP's somewhere just to differentiate between the
servers, dev hosts, and the PXE booted hosts. Therefore it doesn't
matter if it is maintained in DNSMasq or BIND/dhcpd. I have been doing
some reading on DNSmasq today and attempting to get it working (since
there appears to be several willing sources of help who use DNSMasq). I
think I made significant progress today, but I still have a few issues
and while I read the sections on PXE booting I have not yet attempted it
(due to one of the problems listed below).

The how is below but for those who just want to jump into it, my
questions are these:
1) Do I need to create a dhcp-host entry for every hard set host on the
10.1.1.x network?
2) When I set the tag for the pxeboot group, it was not honored by the
DHCP. Why?
3) My FQDN does not seem to be working properly and I am not sure why.
Any thoughts on what to try?


Here is what I have done:

The server is named network1.project.local .
* Standard install process using the default install GUI for SL 6.1.
* Set network settings as follows
	IP: 10.1.1.10
	Netmask: 255.255.0.0
	Gateway:10.1.0.1 (the switches)
	DNS servers: 10.1.1.10 (in theory anyway)
	Search domains: project.local
* Minimal install that pulls 242 packages

From the 6.1 DVD I manually installed dnsmasq and firewall editor.
`rpm -ivh dnsmasq-2.48-4.el6.i686.rpm
system-config-firewall-tui-1.2.27-3.el6_0.2.noarch.rpm`

I modified the firewall so that /etc/sysconfig/iptables now looks like:
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 53 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 53 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 67 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 68 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 69 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

I modified the /etc/dnsmasq.conf file (ran `sed -e '/^#/d' -e '/^$/d'`
to strip out the excess) so it looks like this:
domain-needed
domain=project.local
dhcp-range=devbox,10.1.2.1,10.1.2.255,255.255.0.0,12h
dhcp-range=pxeboot,10.1.3.1,10.1.3.255,255.255.0.0,12h
log-queries
log-dhcp

I modified /etc/dnsmasq.d/dev.hosts to include:
dhcp-host=08:00:27:c3:a5:0b,set:devbox,Dev1,12h

I modified /etc/dnsmasq.d/pxe.hosts to include:
dhcp-host=08:00:27:7a:de:28,set:pxeboot,PXE1,12h

I figured I would split them now before I started adding in all the
other hosts. Should make it simpler later on.

service iptables restart
service dnsmasq restart

DNSMasq threw a message "dnsdomainname: Host name lookup failure". I am
not sure this is the proper fix, but I just did a
`echo "10.1.1.10 network1.project.local network1" >> /etc/hosts`
and the problem went away...

This brings me to the first question: Do I need to create a dhcp-host
entry for every hard set host on the 10.1.1.x network? Was this just a
special case? I have a feeling I might have to. I wasn't planning on
having the server range DHCP'd but since it would be statically set on
the host I guess I dont see a reason why it couldn't be DHCP on the host
and statically set in the DNSMasq settings. Just not sure how to handle
the entries in DNSMasq and would like some input.

First host; Dev1.project.local.

From here I did an install on the host with the network card that
matched the MAC address for Dev1.
It gets a DHCP IP address of 10.1.2.3.
On the host network1 I can `ping Dev1` and I can `ping Dev1.project.local`.
On the host Dev1 I can `ping Dev1` but I can not `ping Dev1.project.local`.
:-/

Dev1 can not `ping network1` or `ping network1.project.local`. Hrm. More
on this later.

Second host; PXE1.

Same setup as the laste using the host with the network card that
matched the MAC address for PXE1.
It got an IP address of 10.1.2.1...Err...That should have been in the
10.1.3.x range...So I went back to the man pages for dnsmasq ( web
viewable [1] ). Under the "-G, --dhcp-host" section it seems to me that
my configuration should work, right? This is my second question: When I
set the tag for the pxeboot group, it was not honored by the DHCP. Why?
[1] http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html

Well until I can get that sorted, I am not going to try the tftpd mode
of DNSMasq. It *looks* promising and a lot easier then the method I was
initially going for. I am kinda excited to dig in, but I can't until I
get the DHCP working for that subnet...

I decided to run a few ping tests. For a while the clients were not able
to ping network1, however, I accidentally rebooted the server and when
it reissued the DHCP I got the results below.

From PXE1 `ping dev1` returns:
64 bytes from dev1.project.local (10.1.2.3)....
From PXE1 `ping dev1.project.local` returns:
ping unknown host dev1.project.local

I get the exact same behavior going from Dev1 to PXE1.
I get the exact same behavior going from Dev1 to network1.
I get the exact same behavior going from PXE1 to network1.
Network1 can ping both hosts by their name and FQDN.

This is my third question: My FQDN does not seem to be working properly
and I am not sure why. Any thoughts on what to try?

I am not sure what I did the first time I setup DNSMasq, but this time
it is really fast and responsive. I think I just mangled some file in my
earlier attempts at DHCP/DNS and it was not the fault of DNSMasq (aka
inexperience user error :-). A fresh install has changed some of my
thoughts on it. It seems more like what I needed then the BIND/dhcpd
configuration. If anyone has any comments or could help me with any of
this, I would be very grateful.

Many Many thanks to everyone that has suggested DNSMasq and have helped
out so far.

~Stack~

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV