On Mon, May 23, 2022 at 02:44:53AM +0200, Grayan Adams wrote: > I have a bunch of apache named vhosts on a server, and need to access them > from other devices. To date, I’ve done this via /etc/hosts on each device. > However, an iPad, iPhone and Samsung tablet now also need access, hence > looking at dnsmasq. > > The Problem: I cannot access any of the vhosts from any of the other devices > on the LAN. Works perfectly on the server, but then it also worked just fine > via /etc/hosts before installing dnsmasq. > > Vast amounts of reading, postings to Serverfault, AskFedora, plus various > friends have resulted in endless tweaks and fiddles, confusing things ever > more. > I should stress that I know less than nothing about network admin.
I should stress that acquiring a skill takes time. > The current objective is to run dnsmasq as a DNS server only, leaving the > router to assign DHCP leases as it sees fit. So all *.lan queries from > devices on the LAN should end up at the dnsmasq server. All non *.lan > queries should go to the router and on to the world. > The eventual objective is to set up a VPN, but baby steps! > > I've disabled the NetworkManager dnsmasq plugin, and run the process with $ > systemctl start dnsmasq.service > > systemd-resolved seems to be completely out of the picture: > $ netstat -tulpn | grep ":53 " > tcp/udp 0 0 192.168.178.9:53 0.0.0.0:* LISTEN [pid]/dnsmasq > tcp/udp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN [pid]/dnsmasq > ... ... > > I don't think it's a firewall issue: > $ firewall-cmd --zone=FedoraWorkstation --list-services > | dhcpv6-client http https mdns mysql samba-client ssh ... > > When dnsmasq starts up, journalctl msgs are generated: > | reading /etc/resolv.conf > | ignoring nameserver 192.168.178.9 - local interface > | using nameserver 192.168.178.1#53 (router) > > Turning log-queries on results in vast numbers of journalctl msgs: > | server.lan dnsmasq[pid]: query[AAAA] docs.fedoraproject.org from > 192.168.178.9 > | server.lan dnsmasq[pid]: forwarded docs.fedoraproject.org to 192.168.178.1 > | server.lan dnsmasq[pid]: reply docs.fedoraproject.org is <CNAME> > | server.lan dnsmasq[pid]: reply wildcard.fedoraproject.org is > 2605:bc80:3010:600:dead:beef:cafe:fed9 (ha ha!) > > Dig output on the server: > ; <<>> DiG 9.16.28-RH <<>> vhost1.lan > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12212 > ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 > ;; OPT PSEUDOSECTION: > ; EDNS: version: 0, flags:; udp: 4096 > ;; QUESTION SECTION: > ;vhost1.lan. IN A > ;; ANSWER SECTION: > vhost1.lan. 0 IN A 192.168.178.9 > ;; Query time: 0 msec > ;; SERVER: 192.168.178.9#53(192.168.178.9) > ;; WHEN: Sun May 22 21:22:47 CEST 2022 > ;; MSG SIZE rcvd: 55 > > journalctl msgs generated from dig vhost1.lan on the server: > | server.lan dnsmasq[pid]: query[A] vhost1.lan from 192.168.178.9 > | server.lan dnsmasq[pid]: /etc/hosts vhost.lan is 192.168.178.9 > > > I am beginning to wonder if the Fritzbox is getting in the way somehow, with > its naming schema. Irritatingly, it slaps ".fritz.box" onto the end of some > devices - and afaik it can't be changed. So "server.mydomain.lan" becomes > "server.fritz.box. Yeah, Fritz does have an opinion. > Example run on on the laptop: > > laptop$ dig server.mydomain.lan > > ; <<>> DiG 9.16.24-RH <<>> server.mydomain.lan > ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 9628 > ;; OPT PSEUDOSECTION: > ; EDNS: version: 0, flags:; udp: 65494 > ;; QUESTION SECTION: > ;server.mydomain.lan. IN A > ;; AUTHORITY SECTION: > . 1894 IN SOA a.root-servers.net. > nstld.verisign-grs.com. 2022052201 1800 > 900 604800 86400 > ;; SERVER: 127.0.0.53#53(127.0.0.53) > > But: > laptop$ dig server.fritz.box > > ; <<>> DiG 9.16.24-RH <<>> server.fritz.box > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46068 > ;; OPT PSEUDOSECTION: > ; EDNS: version: 0, flags:; udp: 65494 > ;; QUESTION SECTION: > ;server.fritz.box. IN A > ;; ANSWER SECTION: > server.fritz.box. 9 IN A 192.168.178.9 > ;; AUTHORITY SECTION: > server.fritz.box. 9 IN NS fritz.box. > ;; ADDITIONAL SECTION: > fritz.box. 9 IN A 192.168.178.1 > ;; SERVER: 127.0.0.53#53(127.0.0.53) > OKay, seen it. The problem is, as I see it, there are two domain names on the LAN. One being ".fritz.box", the other the desired ".lan". > ---- System -------------------------- > Fedora 35, installed Nov.2021 > Linux 5.15.5-200.fc35.x86_64 > dnsmasq v 2.86 > > /etc/hosts: > 127.0.0.1 localhost localhost.localdomain > ::1 localhost localhost.localdomain > 192.168.178.9 server.mydomain.lan > 192.168.178.10 laptop.mydomain.lan > 192.168.178.9 vhost1.lan > 192.168.178.9 vhost2.lan > > Router: Fritzbox 7490 > Local DNS Server: 192.168.178.9 What does that say? If it says: "Fritz has been told to use 192.168.178.9 as upstream DNS" say so. > /etc/NetworkManager/NetworkManager.conf > [main] > dns=none > > /etc/systemd/resolved.conf > DNS=192.168.178.9 > DNSStubListener=no > > /etc/resolv.conf -> /run/systemd/resolve/stub-resolv.conf > nameserver 192.168.178.9 > nameserver 192.168.178.9 > nameserver 192.168.178.1 > search localhost > > NM config for IPv4 wlp5s0 (wifi conn on server) > Method: Manual > Address: 192.168.178.9/24 > Gateway: 192.168.178.1 (router) > DNS Servers: 192.168.178.9 (server) > Search domains: localhost > > /etc/dnsmasq.conf: > domain-needed > bogus-priv > local=/lan/ > address=/lan/192.168.178.9 > address=/lan/127.0.0.1 > interface=wlp5s0 (wifi) > listen-address=127.0.0.1 > no-dhcp-interface=wlp5s0 > bind-interfaces > Missing configuration of a client. And I think that path to a solution might be disabling DHCP server on the Fritz box and doing DHCP server with dnsmasq. Groeten Geert Stappers -- Silence is hard to parse _______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
