DNS query to VyOS router returns loopback address

fsbof · September 30, 2023, 3:22am

When I do a DNS query from a client, the VyOS router successfully returns the addresses for DHCP clients and also results from the main DNS Server on my network. However if I query the VyOS router itself, it returns a loopback address. So ‘pinging’ it is pretty successful!

I have tried using a static-host-mapping but I am guessing this appears after the loopback entry in /etc/hosts.

I am using the loopback address as the source for services, so it would be nice if I can make this work, without giving the VyOS router a different hostname as a workaround. TIA

[me@guest:~]$ nslookup vyos
Server:		10.20.30.1
Address:	10.20.30.1:53

Non-authoritative answer:
Name:	vyos.local
Address: 127.0.1.1

Non-authoritative answer

Version: VyOS 1.3-rolling-202309140800

tjh · September 30, 2023, 3:59am

I have never been able to figure this one out sorry, I had to resort to a second DNS name.

Hopefully someone else has the answer.

Apachez · September 30, 2023, 4:06am

How does your current dns server configuration of VyOS look like (incl any static mappings)?

Also to make it clear to me, what you want is to change so “vyos.local” no longer resolves to “127.0.1.1” but some other custom A-record?

fsbof · September 30, 2023, 4:44am

Hope this helps, (it is my test box!).

I trimmed the files to make them more readable.

The issue I think is in the /etc/hosts file with these two lines…

> 127.0.1.1       vyos.local vyos
> 10.20.30.1     vyos

The DNS reply as shown above, returns the first line when I would like it to return the second one based on the static-host-mapping I put in the config file. I don’t think DNS servers should really reply to any query with a loopback address.

Trimmed config below;

> interfaces {
>     loopback lo {
>         address 10.20.30.1/32
>     }
> }
> service {
>     dns {
>         forwarding {
>             allow-from 10.20.30.0/23
>             cache-size 0
>             listen-address 10.20.30.1
>             system
>         }
>     }
> }
> system {
>     domain-name local
>     domain-search {
>         domain local
>     }
>     host-name vyos
>     name-server 10.20.29.1
>     static-host-mapping {
>         host-name vyos {
>             inet 10.20.30.1
>         }
>     }
> }
> 
> me@vyos:~$ more /etc/hosts
> ### Autogenerated by VyOS ###
> ### Do not edit, your changes will get overwritten ###
> 
> # Local host
> 127.0.0.1       localhost
> 127.0.1.1       vyos.local vyos
> 
> # From 'system static-host-mapping' and DHCP server
> # system
> 10.20.30.1     vyos

Apachez · September 30, 2023, 4:50am

Possible for you to output it as “show config commands” instead?

Or “show config commands | strip-private”.

Viacheslav · September 30, 2023, 4:53am

There are 2 tasks:
https://vyos.dev/T2279
https://vyos.dev/T4270
Known issue

fsbof · September 30, 2023, 5:15am

These are the relevant commands from above. Is this what you meant?

If you need the whole config, I will modify it to remove the other things I have been testing, confirm the issue remains, and resubmit, although I believe the issue is just in the way the host file is checked. My working box does the same thing. Cheers.

set interfaces loopback lo address '10.20.30.1/32'
set service dns forwarding allow-from '10.20.30.0/23'
set service dns forwarding cache-size '0'
set service dns forwarding listen-address '10.20.30.1'
set service dns forwarding system
set system domain-name 'local'
set system domain-search domain 'local'
set system host-name 'vyos'
set system name-server '10.20.29.1'
set system static-host-mapping host-name vyos inet '10.20.30.1'

tjh · September 30, 2023, 5:40am

I totally forgot I’d raised a ticket about this

fsbof · September 30, 2023, 5:42am

@tjh did you implement or have a workaround in the meantime?

tjh · September 30, 2023, 5:43am

No I didn’t figure out a fix so I just assigned a different static name to the router.

Apachez · September 30, 2023, 5:55am

Yes, thanks!

adding some more text since the forum wants at least 20 characters before accepting the post

Apachez · September 30, 2023, 6:22am

Wouldnt something like this work?

set interfaces loopback lo address '10.20.30.1/32'

set service dns forwarding allow-from '10.20.30.0/23'
set service dns forwarding authoritative-domain vyos.local records a vyos address '10.20.30.1'
set service dns forwarding cache-size '0'
set service dns forwarding ignore-hosts-file
set service dns forwarding listen-address '10.20.30.1'
set service dns forwarding system

set system domain-name 'local'
set system domain-search domain 'local'
set system host-name 'vyos'
set system name-server '10.20.29.1'

fsbof · September 30, 2023, 8:04am

Looks like I might need to upgrade. I chose equuleus as it seemed to be the current stable release. The authoritive-domain option doesn’t seem to be present.

Apachez · September 30, 2023, 8:13am

Ahh yes, Im at current 1.5-rolling.

Also these lines should probably read “vyos.local” rather than just “local”:

set system domain-name 'local'
set system domain-search domain 'local'

fsbof · October 1, 2023, 12:39am

This morning I decided to try a workaround of removing the system domain-name and changing the static-host-mapping to include the domain name.

<TLDR> This workaround appears to make everything function the way I would expect.

The existing domain-search is probably the key part of this workaround.

> set system domain-search domain 'local'

The system fingerprints (for ssh etc) didn’t change the way some other devices like those from Cisco would.

<TLDR> Anyone able to tell me how and/or where VyOS actually uses it’s ‘system domain-name’ to help me assess any potential impact(s) of this workaround?

> delete system domain-name 'local'
> delete system static-host-mapping host-name vyos
> set system static-host-mapping host-name vyos.local inet '10.20.30.1'
> 
> me@vyos:~$ more /etc/hosts
> ### Autogenerated by VyOS ###
> ### Do not edit, your changes will get overwritten ###
> 
> # Local host
> 127.0.0.1       localhost
> 127.0.1.1       vyos
> 
> # From 'system static-host-mapping' and DHCP server
> # system
> 10.20.30.1     vyos.local
> 
> 
> 
> [me@guest:~]$ nslookup vyos
> Server:		10.20.30.1
> Address:	10.20.30.1:53
> 
> Non-authoritative answer:
> Name:	vyos.local
> Address: 10.20.30.1
> 
> Non-authoritative answer:
> 
> [me@guest:~]$ nslookup vyos.local
> Server:		10.20.30.1
> Address:	10.20.30.1:53
> 
> Non-authoritative answer:
> Name:	vyos.local
> Address: 10.20.30.1
> 
> Non-authoritative answer:

Apachez · October 1, 2023, 6:34am

I would still recommend to use “example.local” rather than just “local” for the domainsearch and the static host but thats just me

That is replace “example.local” with whatever company name you use and end it with “.local” (or just “home.local” or “site-a.local” or similar).

Compare it to if you have “example.com” as domain for your company then you wouldnt put in just “com” as searchstring but rather “example.com”?

fsbof · October 1, 2023, 6:40am

Thanks, I do have that on my working box. It’s only the test box that has just .local.