DNS Domain resolution fails

TugboatBill · August 18, 2017 at 4:16 PM

Brand new 8.1 install on Intel NUC. After the new system wizard all I did was set the 1st ntp to local server. Other than that, the system is virgin.

System is using DHCP. Network is an AD domain. I have approx 50 devices on this network, most using DHCP. None experience this problem, including Windows Kodi system, Openelec 8.02 system, and Openelec 6.01(?) system. There is only 1 DHCP server and only one scope.

I saw this problem in 8.02 Libreelec.

On the Libreelec system I can ping htserver. If I ping htserver.forgeus.local it will not resolve.

SpareBR:/etc # cat resolv.conf

# Generated by Connection Manager

search forgeus.local

nameserver 10.2.1.2

SpareBR:/etc # ping -c 2 htserver

PING htserver (10.2.1.4): 56 data bytes

64 bytes from 10.2.1.4: seq=0 ttl=128 time=0.337 ms

64 bytes from 10.2.1.4: seq=1 ttl=128 time=0.409 ms

--- htserver ping statistics ---

2 packets transmitted, 2 packets received, 0% packet loss

round-trip min/avg/max = 0.337/0.373/0.409 ms

SpareBR:/etc # ping -c 2 htserver.forgeus.local

ping: bad address 'htserver.forgeus.local'

SpareBR:/etc # nslookup htserver 10.2.1.2

Server: 10.2.1.2

Address 1: 10.2.1.2 domctl.forgeus.local

Name: htserver

Address 1: 10.2.1.4 htserver.forgeus.local

SpareBR:/etc # nslookup htserver.forgeus.local 10.2.1.2

Server: 10.2.1.2

Address 1: 10.2.1.2 domctl.forgeus.local

nslookup: can't resolve 'htserver.forgeus.local'

SpareBR:/etc #

Let me know what more you may need. Again this is a fresh install without any mods, addons, etc.

**escalade** · August 18, 2017 at 5:46 PM

Answer seems simple, your DNS server does not resolve the name: nslookup: can't resolve 'htserver.forgeus.local'

TugboatBill · August 18, 2017 at 7:48 PM

On the same network. This system also uses DHCP.

OpenELEC (official) Version: 6.0.3

LR-HTPC1:~ # cd /etc

LR-HTPC1:/etc # cat resolv.conf

# Generated by Connection Manager

search forgeus.local

nameserver 10.2.1.2

LR-HTPC1:/etc # nslookup htserver 10.2.1.2

Server: 10.2.1.2

Address 1: 10.2.1.2 domctl.forgeus.local

Name: htserver

Address 1: 10.2.1.4 htserver.forgeus.local

LR-HTPC1:/etc # nslookup htserver.forgeus.local 10.2.1.2

Server: 10.2.1.2

Address 1: 10.2.1.2 domctl.forgeus.local

Name: htserver.forgeus.local

Address 1: 10.2.1.4 htserver.forgeus.local

LR-HTPC1:/etc #

TugboatBill · August 18, 2017 at 7:51 PM

Windows 7 system on same network. Also uses same DHCP server

H:\>nslookup

Default Server: domctl.forgeus.local

Address: 10.2.1.2

> htserver

Server: domctl.forgeus.local

Address: 10.2.1.2

Name: htserver.Forgeus.local

Address: 10.2.1.4

> htserver.forgeus.local

Server: domctl.forgeus.local

Address: 10.2.1.2

Name: htserver.forgeus.local

Address: 10.2.1.4

>

**vpeter** · August 18, 2017 at 7:53 PM

Install system tools addon and capture traffic with tcpdump. And then analyze it.

TugboatBill · August 18, 2017 at 8:10 PM

Same results for Centos & Ubuntu.

TugboatBill · August 18, 2017 at 11:37 PM

Ok, I ran tcpdump as vpeter suggested.

tcpdump -v host 10.2.1.2 >tcp.log 2>&1 &

I then ran

nslookup htserver 10.2.1.2

and then

nslookup htserver.forgeus.local 10.2.1.2

Then killed the tcpdump process. The nslookup commands gave the same results as I posted above.

Contents of the log file:

tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes

15:34:14.723940 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.2.1.74 tell domctl.forgeus.local, length 46

15:34:15.364472 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.2.1.74 tell domctl.forgeus.local, length 46

15:34:15.541977 IP (tos 0x0, ttl 64, id 51649, offset 0, flags [DF], proto UDP (17), length 68)

sparebr.forgeus.local.59776 > domctl.forgeus.local.domain: 15253+ PTR? 74.1.2.10.in-addr.arpa. (40)

15:34:15.542748 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has sparebr.forgeus.local tell domctl.forgeus.local, length 46

15:34:15.542760 ARP, Ethernet (len 6), IPv4 (len 4), Reply sparebr.forgeus.local is-at c0:3f:d5:6a:5c:ff (oui Unknown), length 28

15:34:15.543255 IP (tos 0x0, ttl 128, id 13400, offset 0, flags [none], proto UDP (17), length 135)

domctl.forgeus.local.domain > sparebr.forgeus.local.59776: 15253 NXDomain* 0/1/0 (107)

15:34:15.543398 IP (tos 0x0, ttl 64, id 51650, offset 0, flags [DF], proto UDP (17), length 67)

sparebr.forgeus.local.59717 > domctl.forgeus.local.domain: 62050+ PTR? 2.1.2.10.in-addr.arpa. (39)

15:34:15.543821 IP (tos 0x0, ttl 128, id 13401, offset 0, flags [none], proto UDP (17), length 101)

domctl.forgeus.local.domain > sparebr.forgeus.local.59717: 62050* 1/0/0 2.1.2.10.in-addr.arpa. PTR domctl.forgeus.local. (73)

15:34:16.364667 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.2.1.74 tell domctl.forgeus.local, length 46

15:34:16.555148 IP (tos 0x0, ttl 64, id 51667, offset 0, flags [DF], proto UDP (17), length 68)

sparebr.forgeus.local.52931 > domctl.forgeus.local.domain: 34298+ PTR? 53.1.2.10.in-addr.arpa. (40)

15:34:16.555807 IP (tos 0x0, ttl 128, id 13402, offset 0, flags [none], proto UDP (17), length 103)

domctl.forgeus.local.domain > sparebr.forgeus.local.52931: 34298* 1/0/0 53.1.2.10.in-addr.arpa. PTR sparebr.forgeus.local. (75)

15:34:20.581653 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has domctl.forgeus.local tell sparebr.forgeus.local, length 28

15:34:20.582058 ARP, Ethernet (len 6), IPv4 (len 4), Reply domctl.forgeus.local is-at 00:0c:29:a6:ea:47 (oui Unknown), length 46

15:34:21.911620 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has hadrian.forgeus.local tell domctl.forgeus.local, length 46

15:34:22.635116 IP (tos 0x0, ttl 64, id 52622, offset 0, flags [DF], proto UDP (17), length 69)

sparebr.forgeus.local.53298 > domctl.forgeus.local.domain: 58562+ PTR? 254.1.2.10.in-addr.arpa. (41)

15:34:22.635942 IP (tos 0x0, ttl 128, id 13415, offset 0, flags [none], proto UDP (17), length 161)

domctl.forgeus.local.domain > sparebr.forgeus.local.53298: 58562* 3/0/0 254.1.2.10.in-addr.arpa. PTR hadrian.forgeus.local., 254.1.2.10.in-addr.arpa. PTR firewall.forgeus.com., 254.1.2.10.in-addr.arpa. PTR firewall.forgeus.local. (133)

15:34:24.724062 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.2.1.74 tell domctl.forgeus.local, length 46

15:34:25.364561 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.2.1.74 tell domctl.forgeus.local, length 46

15:34:25.988211 IP (tos 0x0, ttl 64, id 53189, offset 0, flags [DF], proto UDP (17), length 67)

sparebr.forgeus.local.58451 > domctl.forgeus.local.domain: 13736+ PTR? 2.1.2.10.in-addr.arpa. (39)

15:34:25.988760 IP (tos 0x0, ttl 128, id 13417, offset 0, flags [none], proto UDP (17), length 101)

domctl.forgeus.local.domain > sparebr.forgeus.local.58451: 13736* 1/0/0 2.1.2.10.in-addr.arpa. PTR domctl.forgeus.local. (73)

15:34:25.989127 IP (tos 0x0, ttl 64, id 53190, offset 0, flags [DF], proto UDP (17), length 68)

sparebr.forgeus.local.48816 > domctl.forgeus.local.domain: 64663+ A? htserver.forgeus.local. (40)

15:34:25.989577 IP (tos 0x0, ttl 128, id 13418, offset 0, flags [none], proto UDP (17), length 84)

domctl.forgeus.local.domain > sparebr.forgeus.local.48816: 64663* 1/0/0 htserver.forgeus.local. A 10.2.1.4 (56)

15:34:25.989793 IP (tos 0x0, ttl 64, id 53191, offset 0, flags [DF], proto UDP (17), length 67)

sparebr.forgeus.local.60548 > domctl.forgeus.local.domain: 65175+ PTR? 4.1.2.10.in-addr.arpa. (39)

15:34:25.990154 IP (tos 0x0, ttl 128, id 13419, offset 0, flags [none], proto UDP (17), length 103)

domctl.forgeus.local.domain > sparebr.forgeus.local.60548: 65175* 1/0/0 4.1.2.10.in-addr.arpa. PTR htserver.forgeus.local. (75)

15:34:26.364575 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.2.1.74 tell domctl.forgeus.local, length 46

15:34:36.195254 IP (tos 0x0, ttl 64, id 56156, offset 0, flags [DF], proto UDP (17), length 67)

sparebr.forgeus.local.57115 > domctl.forgeus.local.domain: 12580+ PTR? 2.1.2.10.in-addr.arpa. (39)

15:34:36.195758 IP (tos 0x0, ttl 128, id 13421, offset 0, flags [none], proto UDP (17), length 101)

domctl.forgeus.local.domain > sparebr.forgeus.local.57115: 12580* 1/0/0 2.1.2.10.in-addr.arpa. PTR domctl.forgeus.local. (73)

15:34:40.864576 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has sparebr.forgeus.local (c0:3f:d5:6a:5c:ff (oui Unknown)) tell domctl.forgeus.local, length 46

15:34:40.864592 ARP, Ethernet (len 6), IPv4 (len 4), Reply sparebr.forgeus.local is-at c0:3f:d5:6a:5c:ff (oui Unknown), length 28

15:34:50.239374 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has data.forgeus.local tell domctl.forgeus.local, length 46

15:34:51.008487 IP (tos 0x0, ttl 64, id 59634, offset 0, flags [DF], proto UDP (17), length 67)

sparebr.forgeus.local.50748 > domctl.forgeus.local.domain: 26341+ PTR? 6.1.2.10.in-addr.arpa. (39)

15:34:51.008929 IP (tos 0x0, ttl 128, id 13424, offset 0, flags [none], proto UDP (17), length 99)

domctl.forgeus.local.domain > sparebr.forgeus.local.50748: 26341* 1/0/0 6.1.2.10.in-addr.arpa. PTR data.forgeus.local. (71)

32 packets captured

32 packets received by filter

0 packets dropped by kernel

I don't know why I'm seeing domctl.forgeus.local.domain and don't know if that is significant.

**mglae** · August 19, 2017 at 9:22 AM

The .local domain is used and reserved for mDNS.

To speed up name resolution LibreELEC is configured to stop any *.local name request after mDNS failed. It is not forwarded to DNS.

**escalade** · August 19, 2017 at 10:01 AM

You did a reverse lookup during your tcpdump, not the same test as what you are saying is failing. When posting tcpdumps, it's better to use the -n option (don'ẗ look up names) and also run it in the foreground so that you can copy/paste exactly the traffic you are looking for. As it is you posted a bunch of lookups and nobody can tell which is which. The .domain part you are seeing is simply meant to be the DNS port (specified as "domain" in /etc/services), which you would see when using -n.

mglae is probably on to something though. You should indeed not use .local as your domain.

**HiassofT** · August 19, 2017 at 10:16 AM

nslookup is the wrong tool to look up .local addresses, you have to use avahi-browse for that.

For local DNS in your LAN you should use .lan, .private or similar TLDs - .local should NOT be used for DNS, that's reserved for mDNS ("zeroconf", "avahi").

See rfc6762 for details RFC 6762 - Multicast DNS

so long,

Hias

TugboatBill · August 22, 2017 at 9:17 PM

Thx mglae. That was the issue. I won't be able to remove the .local domain completely (old AD domain name). I've added a .us to my DNS server and started to revamp everything to use that instead.