[debian-lan-devel] No internet connection after converting minimal installation

Andreas B. Mundt andi.mundt at web.de
Sun Jan 18 20:11:59 UTC 2015 

Hi Afif,

On Fri, Jan 16, 2015 at 04:28:47PM -0800, Afif Elghraoui wrote:
> On 01/15/2015 01:49 AM, Andreas B. Mundt wrote:
> >Perhaps bind on the mainserver does not know how to resolve external
> >names, check if adding forwarders in '/etc/bind/named.conf.options'.
> >(This is not necessary here, but depends on what your WAN provides.)
> >
> >I hope this gives some clue.  Before host and name resolution does not
> >work there is of course no chance to get anything else working
> >properly.
> This part of your earlier message now applies. Adding the university's DNS
> server addresses here as forwarders resolves the problem. I didn't think
> this should be necessary though-- especially since DNS for external
> addresses was working when I had the local DNS switched off. What do you
> think?

I just explored this a bit on my setup.  It works the following way:
If the local bind is asked to resolve an external address the first
time, it asks the corresponding root name servers.  You can check this
with the following command on the mainserver:

sudo tcpdump -n -i eth1 port 53 | tee dump.txt

and issuing something like "host debian.org" (with a hostname not
resolved recently) on an other console.  You should get something
like:

20:32:27.681205 IP 192.168.122.58.22099 > 199.249.120.1.53: 51434% [1au] A? debian.org. (39)
20:32:27.713782 IP 199.249.120.1.53 > 192.168.122.58.22099: 51434- 0/7/1 (389)
20:32:27.714188 IP 192.168.122.58.35583 > 192.54.112.30.53: 25309% [1au] A? dns1.easydns.com. (45)
[...]

My external IP address is 192.168.122.58 here, and you can see how the
host 199.249.120.1 is asked to resolve debian.org.

I guess this does not work in your network for some reasons, perhaps
some firewall blocks accessing port 53 on the DNS servers, and you are
forced to use the university's DNS server.    You could check this by
adding 8.8.8.8 as forwarder and try if it still works.

But why does it work with local DNS switched off?  If you switch off
local DNS, I suspect the local named is not asked, but the
university's name server.  It is known to the mainserver as it's part
of the DHCP negotiation.  You could check that with the tcpdump in the
same way as above.

Is the problem solved completely now?  Please let us know if there is
still something unclear/missing.

Keep us up to date how things work out!

Best regards

     Andi

More information about the debian-lan-devel mailing list