DNS not listening on VRRP address

vyos-1-2
vrrp
dns

#1

Hello all,

I have 2 virtual VyOS instances on ESXi 6.5. The inside interface is a trunk with 3 vif interfaces. Each interface is part of a VRRP group. This configuration is working on version VyOS 999.201801290337 and when I update the system image to VyOS 1.2.0-rolling+201804130337 dns resolution on the VRRP address doesn’t work.

When running VyOS 1.2.0-rolling+201804130337 I can lookup dns on the vif address on both instances and get a successful resolution but lookups against the VRRP address fail to resolve.

Any thoughts on how to trouble shoot this or confirm that this is a bug that should be submitted to Phabricator?

Thanks!


#2

could be a but indeed,
can you show content of /etc/dnsmasq.conf
on working and non working instances ?


#3

Thank you for your response! Here are the contents:

Working:

autogenerated by vyatta-dns-forwarding.pl on Fri Apr 13 12:14:51 CDT 2018

log-facility=/var/log/dnsmasq.log
no-poll
edns-packet-max=4096
interface=eth0.xxx
interface=eth0.xxx
interface=eth0.xxx
cache-size=0
server=10.X.X.X # statically configured
resolv-file=/etc/resolv.conf

Not Working:
Looks to be a default config file without any configuration entries.
However, entries in /etc/dnsmasq.d/vyos.conf exist with this:

autogenerated by vyatta-dns-forwarding.pl on Fri Apr 13 12:20:48 CDT 2018

log-facility=/var/log/dnsmasq.log
no-poll
edns-packet-max=4096
bind-interfaces
interface=eth0.xxx
interface=eth0.xxx
interface=eth0.xxx
cache-size=0
server=10.X.X.X # statically configured
resolv-file=/etc/resolv.conf

Hope this helps narrow it down.


#4

Here is something that I have noticed with the netstat output.

The working config outputs the following with netstat,
0.0.0.0:53 0.0.0.0:* LISTEN

The config that doesn’t work outputs this instead,
127.0.0.1:53 0.0.0.0:* LISTEN
10.X.X.X:53 0.0.0.0:* LISTEN
10.X.X.X:53 0.0.0.0:* LISTEN
10.X.X.X:53 0.0.0.0:* LISTEN

So it looks like the new system image listens on each interface instead of 0.0.0.0. So that should explain why I get no response on the VRRP address but I do get a response on the vif address.

Thoughts?


#5

Ok, just confirmed.
We now working on swap dnsmasq with powerdns recursor, so i will update you once this in nightlies


#6

Thank you so much! Let me know if I can be of any assistance in testing. I am not a programmer so I can’t help there.

Also, thank you for all the hard work you guys are putting into VyOS! VyOS is an awesome product and its great to see all the new development work.


#7

Hello again
Please retest on latest rolling
Thanks!


#8

There are still issues. There is still the issue of not resolving on the VRRP addresses and it seems there is an issue with the config migrating static host entries and dhcp assigned entries. DNS on the vif interface will forward for outside queries but won’t resolve anything for the domain its responsible for. netstat output shows DNS is only listening on the vif interfaces.

Let me know what information you need from me.


#9

Can you please assist by providing a VRRP configuration of your interfaces and of the DNS forwarding part?

Best would be by openong a Bugreport @ https://phabricator.vyos.net providing the required config snippets, or a full running config generated by „show tech-support“