DNS forwarding throwing error

Hello, I’m new to vyos trying an initial install on my pcengines APU2C4 which ran openWRT until now.

I read the documentation and build the vyos.iso for my hardware as described here: https://wiki.vyos.net/wiki/PC_Engines#Installation_for_Version_1.2.x

I followed the Quick Start Guide: https://vyos.readthedocs.io/en/latest/quick-start.html

Since my APU2C4 board starts enumerating eth ports starting with eth1 as outbound and eth2 as the inbound interface. The only change in comparison to the Quick Start Guide, other then naming ones, is that the eth1 interfaces receives a fixed IP other then via dhcp.

Now when I’m executing the script, I receive the following error:

vyos@vyos:~ chmod +x script.sh vyos@vyos:~ sg vyattacfg -c ./script.sh
[ service dhcp-server ]
Traceback (most recent call last):
File “/usr/libexec/vyos/conf_mode/dhcp_server.py”, line 822, in
apply©
File “/usr/libexec/vyos/conf_mode/dhcp_server.py”, line 811, in apply
os.mknod(lease_file)
FileNotFoundError: [Errno 2] No such file or directory

[[service dhcp-server]] failed
[ service dns forwarding ]
Error: DNS forwarding requires an allow-from network

[[service dns forwarding]] failed
Commit failed
Warning: you have uncommitted changes that will not be saved.

Saving configuration to ‘/config/config.boot’…
Done

Following a manual

vyos@vyos# set service dns forwarding allow-from ‘0.0.0.0/0’

I receive another error:

vyos@vyos# commit
[ service dns forwarding ]
Error: DNS forwarding requires either a listen-address (preferred) or a listen-on option

[[service dns forwarding]] failed
Commit failed

Can someone lend me a hand and tell me what I’m doing wrong?

To ease my life I put the entire configuration in a script.sh, which reads the following:

#!/bin/vbash
source /opt/vyatta/etc/functions/script-template

Configuration mode

configure

Set Interfaces

set interfaces ethernet eth1 address ‘10.10.10.10/24’
set interfaces ethernet eth1 description ‘WAN’
set interfaces ethernet eth2 address ‘192.168.0.1/24’
set interfaces ethernet eth2 description ‘LAN’

Enable SSH

set service ssh port ‘22’

Set DHCP-Server

set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 default-router ‘192.168.0.1’
set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 dns-server ‘192.168.0.1’
set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 domain-name ‘internal-network’
set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 lease ‘86400’
set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 range 0 start 192.168.0.9
set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 range 0 stop ‘192.168.0.254’

Set DNS

set service dns forwarding cache-size ‘1000’
set service dns forwarding listen-address ‘192.168.0.1’
set service dns forwarding name-server ‘8.8.8.8’
set service dns forwarding name-server ‘8.8.4.4’
#set service dns forwarding allow-from ‘0.0.0.0/0’

Set NAT

set nat source rule 100 outbound-interface ‘eth1’
set nat source rule 100 source address ‘192.168.0.0/24’
set nat source rule 100 translation address masquerade

Set Firewall

set firewall name WAN-IN default-action ‘drop’
set firewall name WAN-IN rule 10 action ‘accept’
set firewall name WAN-IN rule 10 state established ‘enable’
set firewall name WAN-IN rule 10 state related ‘enable’
set firewall name WAN-LAN default-action ‘drop’
set firewall name WAN-LAN rule 10 action ‘accept’
set firewall name WAN-LAN rule 10 state established ‘enable’
set firewall name WAN-LAN rule 10 state related ‘enable’
set firewall name WAN-LAN rule 20 action ‘accept’
set firewall name WAN-LAN rule 20 icmp type-name ‘echo-request’
set firewall name WAN-LAN rule 20 protocol ‘icmp’
set firewall name WAN-LAN rule 20 state new ‘enable’

Set SSH access

set firewall name WAN-LAN rule 30 action ‘drop’
set firewall name WAN-LAN rule 30 destination port ‘22’
set firewall name WAN-LAN rule 30 protocol ‘tcp’
set firewall name WAN-LAN rule 30 recent count ‘4’
set firewall name WAN-LAN rule 30 recent time ‘60’
set firewall name WAN-LAN rule 30 state new ‘enable’
set firewall name WAN-LAN rule 31 action ‘accept’
set firewall name WAN-LAN rule 31 destination port ‘22’
set firewall name WAN-LAN rule 31 protocol ‘tcp’
set firewall name WAN-LAN rule 31 state new ‘enable’

Apply Firewall policies

set interfaces ethernet eth1 firewall in name ‘WAN-IN’
set interfaces ethernet eth1 firewall local name ‘WAN-LAN’

commit

save

exit

Thank you for this detailed report. What exact VyOS version are you running?

I’m using the following version:

Linux vyos 4.19.67-amd64-vyos

This is the OS kernel version. I need your VyOS version. show version

Sure, my apologies:

vyos@vyos:~$ show version
Version: VyOS 1.2-rolling-201908311322
Built by: autobuild@vyos.net
Built on: Sat 31 Aug 2019 13:22 UTC
Build UUID: e402d795-a05c-4c66-adba-921d5fba4773
Build Commit ID: 372bad3d5d1157

Architecture: x86_64
Boot via: livecd
System type: bare metal

Hardware vendor: PC Engines
Hardware model: APU2
Hardware S/N: -64
Hardware UUID: Unknown

This is a very “old” rolling release. Please retest with the latest rolling.

Also you need add
set service dns forwarding listen-address 192.168.0.1

@c-po: Isn’t it just a month or something old? Sure it’s better to use to latest build but this is not ages old.

@Dmitry: This is already part of the script. Therefore, this cannot cause the issue :frowning:

I build vyos for APU2 with the latest .iso

vyos@vyos:~$ show version
Version: VyOS 1.2-rolling-201909210118
Built by: autobuild@vyos.net
Built on: Sat 21 Sep 2019 01:18 UTC
Build UUID: 41c80f4e-e0da-4780-bf12-6c93ca0f8c3a
Build Commit ID: ae5e390d84c19f

Architecture: x86_64
Boot via: livecd
System type: bare metal

Hardware vendor: PC Engines
Hardware model: APU2
Hardware S/N: -64
Hardware UUID: Unknown

The error remains the same…

[ service dhcp-server ]
Traceback (most recent call last):
File “/usr/libexec/vyos/conf_mode/dhcp_server.py”, line 822, in
apply©
File “/usr/libexec/vyos/conf_mode/dhcp_server.py”, line 811, in apply
os.mknod(lease_file)
FileNotFoundError: [Errno 2] No such file or directory

[[service dhcp-server]] failed
[ service dns forwarding ]
Error: DNS forwarding requires either a listen-address (preferred) or a listen-on option

[[service dns forwarding]] failed
Commit failed
Warning: you have uncommitted changes that will not be saved.

Saving configuration to ‘/config/config.boot’…
Done
[edit]

No matter if I put in

set service dns forwarding listen-address ‘192.168.0.1’

or

set service dns forwarding listen-on ‘eth1’

May someone with a German VDSL ISP be so nice to support me with his/her configuration?

@dennisN86 I was try your config in new rolling release, and don’t seen any error. Just uncomment set service dns forwarding allow-from '0.0.0.0/0'

vyos@vyos:~$ chmod +x script.sh 
vyos@vyos:~$ sg vyattacfg -c ./script.sh
vyos@vyos:~$ show version 
Version:          VyOS 1.2-rolling-201910061306

Thanks for your support @Dmitry, yet, there error is still there

[ service dhcp-server ]
Traceback (most recent call last):
File “/usr/libexec/vyos/conf_mode/dhcp_server.py”, line 822, in
apply©
File “/usr/libexec/vyos/conf_mode/dhcp_server.py”, line 811, in apply
os.mknod(lease_file)
FileNotFoundError: [Errno 2] No such file or directory

However, when I edit the path in /usr/libexec/vyos/conf_mode/dhcp_server.py to:

/opt/vyatta/config/dhcpd.leases

The scritps runs smoothly to it’s end without throwing an error. I found the description how to tackle the situation here: https://forum.vyos.io/t/dhcp-service-mknod-error/3392

Sadly, the newly applied and saved config does not survive the reboot. Do I have to explicitly select a new bootable vyos squashfs.img on boot?

Seems you use old rolling, look line 811 empty.


Provide please output of command show version.

It’s the one liste two post before. I build it yesterday, with the newest rolling release

vyos@vyos:~$ show version
Version: VyOS 1.2-rolling-201909210118

try update to vyos-1.2-rolling-201910061306
add system image https://downloads.vyos.io/rolling/current/amd64/vyos-rolling-latest.iso

@Dmitry: This worked out. The lastet rolling release fixed the issue. Thank you for your support.