MX23 DNS problem

[DukeComposed]

You can verify what DNS resolvers the MX machine is using by checking the contents of /etc/resolv.conf and seeing if they match the nameservers that are suggested by your DHCP server.

Thanks for a helpful comment.

I checked the resolve.conf and this is what it said :-

"nameserver 25.25.25.1
nameserver 8.8.8.8"

My dhcp/dns/AD is on 25.25.25.1 obvs 2nd dns is google.com or somewhere, which is part of the dhcp settings. So the dhcp part has worked as intended it seems. However, the mx does not seem to resolve local machines at the local dns server.

These two IP addresses are your nameservers. When MX needs to find a machine, it checks either of these two addresses and if they don't have an answer, MX can't establish a connection. Unless you have publicly-reachable FQDNs for your home network, publicly-reachable nameservers won't be able to answer your home network lookups.

[altreed]

These two IP addresses are your nameservers. When MX needs to find a machine, it checks either of these two addresses and if they don't have an answer, MX can't establish a connection. Unless you have publicly-reachable FQDNs for your home network, publicly-reachable nameservers won't be able to answer your home network lookups.

my mx ip is on the 25.25.25x network and all windows machines receive the same dhcp information and resolve perfectly. So for mx to work I have to drop the external dns and provide only the local dns ?

[DukeComposed]

my mx ip is on the 25.25.25x network and all windows machines receive the same dhcp information and resolve perfectly. So for mx to work I have to drop the external dns and provide only the local dns ?

The Windows machines aren't getting local machine IPs from 8.8.8.8. The AD controller is handling those.

You now know why if you replace the name of a target machine with its IP address it works. If you aren't providing split-horizon DNS records for your home network, there's no response when your machine asks how to find them. You need to map a name to an IP address somehow. The easiest way to fix it? Hard-code your Windows machines and IPs into /etc/hosts.

[l0dr3]

@altreed .. As @DukeComposed said above

The easiest way to fix it? Hard-code your Windows machines and IPs into /etc/hosts

Have a look at viewtopic.php?p=736844#p736844

'LibNSS-HomeHosts', thats how i solved the problematic for my homelab environment (2EdgeRouter+DMZ and 3Dedicated SubNetRouters for HOME, Office and IoT, all with different DHCP-Servers for their respective subnets and firewall-protected/separated from each other).

... and btw: you really should ponder to switch your homelab ip-range from 25.25.25.xxx/yy (which is public!) to something private like 10.25.25.1/8

why? see: https://en.wikipedia.org/wiki/List_of_a ... _/8_blocks

25.0.0.0/8 RIPE NCC 1995-01 As of 2005-08-23 entire block assigned to UK Ministry of Defence

[altreed]

The Windows machines aren't getting local machine IPs from 8.8.8.8. The AD controller is handling those.

I changed my dhcp scope settings, removed the external nameserver. Several hours later I checked the resolve.conf, it had not updated the namservers. So I edited the resolve.conf and removed the external nameserver. Still mx does not resolve the local windows machines, even with the only dns being the local one. I have tried the FQDN, winbox.local, winbox. It just doesn't resolve.

Doesn't make sense to me, but there may be other settings that are overriding this.

[DukeComposed]

I changed my dhcp scope settings, removed the external nameserver. Several hours later I checked the resolve.conf, it had not updated the namservers. So I edited the resolve.conf and removed the external nameserver. Still mx does not resolve the local windows machines, even with the only dns being the local one. I have tried the FQDN, winbox.local, winbox. It just doesn't resolve.

Doesn't make sense to me, but there may be other settings that are overriding this.

Are you running an authoritative DNS server on your home network?

I'm guessing no. As I've said before, you need a way to map names to IP addresses.

You've mentioned your have your own Active Directory controller. When a Windows machine on your home starts up, it registers itself to that workgroup or domain through the AD controller, which is most likely also your DHCP server. So your Windows machines already have their own method of finding each other: they all belong to the same Windows workgroup or domain, and that AD controller can answer the local networking questions your Windows machines ask. When you join a new Windows machine to the group, your other machines can reach it without making any changes to the AD controller, right?

Either you manage your own DNS, which maps names to IP addresses, or you don't. Most Linux distributions don't speak Active Directory so far as I'm aware. You can provide that map of names to IP addresses through a local DNS server, an /etc/hosts file on Linux machine, or you can make your Linux machine interoperate with your Windows network with something like Samba.

The use of .local implies that local host discovery is occurring through mDNS/zeroconf/Rendezvous or maybe something like HomeGroup to create ad-hoc networks without Active Directory. Fortunately, I recently switched my own home network to use a dedicated internal TLD and I during that project I remember reading that Microsoft says .local is considered harmful.

All this is speculation on how your home network is set up and configured. If you just want one Linux box to talk to winbox.local, put "winbox.local ip.ad.dr.ess" into /etc/hosts as I suggested.

[altreed]

ok, so in short, Linux doesn't listen to Microsoft dns servers for no real valid reason. Ok fair enough. if you want to use linux, fixed IP's and text file name search. ok.

[l0dr3]

ok, so in short, Linux doesn't listen to Microsoft dns servers for no real valid reason. Ok fair enough. if you want to use linux, fixed IP's and text file name search. ok.

Not the whole truth - a proper configured linux server or workstation has no probs w#MS-DHCP/DNS-AD scenarios .. as long as ..
- the forward-zones on AD on WINDOWS are configured properly
- and - most important! the reverse-lookup-zones on WINDOWS are configured!

In the entry post, you stated: new to linux and 'home' scenario'

I'm pretty sure, thats the real problem here .. and: check your WINDOWS-DHCP announced DNS-Servers! (see my post above )

The announced DNS-Server is obv. 'public' and MOD-UK

[DukeComposed]

ok, so in short, Linux doesn't listen to Microsoft dns servers for no real valid reason.

No, that is not correct and a terrible summarization to take away from this thread.

[FullScale4Me]

Good link DukeComposed!

The link, narrowed to the applicable section https://en.wikipedia.org/wiki/.local#Linux has a conclusion statement that, IMHO adequately describes the situation altreed is experiencing.

Linux distributions use the Name Service Switch configuration file /etc/nsswitch.conf
...
In this way .local requests are being prevented from leaking to the internet, but also block legitimate .local requests for configured DNS servers.

Certainly better than managing host files. Having survived the host file era myself I just could not wish it on anyone, especially in a medium/large sized environment!

BTW altreed - if, upon leveraging that article's Linux section you see anything wrong/missing, needing improvement I am a Wikipedia Editor and can improve that section for the next viewers.