Can't resolve dns across vlans

torchnw · 06-05-2008, 11:21 AM

Doing a project at school, we've set up 2 boxes running ubuntu hardy server.

One is functioning strictly as a router running iptables and dhcp-services, and the other is running samba and bind9 dns server. We've also installed Webmin 1.420 for easier administration.

The router has 2 NICs where eth0 is the wan interface and eth1 is the raw device for for a series of vlans.

Now if we try to ping a domain name ( like google.com ) from the samba/dns-box, it works just fine. If we ping google.com from another computer on the same vlan, that works too, but if we move that other computer to a different vlan, it doesn't work anymore. We CAN, however, ping the samba/dns-server itself from the other vlan, it just won't resolve domain names.

We tried to open up everything in iptables ( all chains have default policy set to ACCEPT ). Everything else works. We've even managed to join a WinXP computer to the samba domain across vlans.

I'm coming up short on things to try, so I would really appreciate some input or ideas of what to do next.

Thanks in advance

trickykid · 06-05-2008, 02:27 PM

Sounds like a routing issue. Did or does the vlan use the same route or do you need to specify a new default route? More details gets better replies.

torchnw · 06-05-2008, 04:01 PM

Thanks for replying

The vlans have the same default gateway as eth0

Vlan part of /etc/network/interfaces:

Code:

auto vlan2
auto vlan3
auto vlan4
auto vlan5

iface vlan2 inet static
        address 172.24.2.1
        netmask 255.255.255.0
        network 172.24.2.0
        broadcast 172.24.2.255
        gateway 85.19.199.65
        vlan_raw_device eth1

iface vlan3 inet static
        address 172.24.3.1
        netmask 255.255.255.0
        network 172.24.3.0
        broadcast 172.24.3.255
        gateway 85.19.199.65
        vlan-raw_device eth1

iface vlan4 inet static
        address 172.24.4.1
        netmask 255.255.255.0
        network 172.24.4.0
        gateway 85.19.199.65
        vlan_raw_device eth1

iface vlan5 inet static
        address 172.24.5.1
        netmask 255.255.255.0
        network 172.24.5.0
        gateway 85.19.199.65
        vlan_raw_device eth1

Computers on all vlans have internet access if I add an external dns server in /etc/resolv.conf

running ifconfig -a gives:

Code:

vlan2     Link encap:Ethernet  HWaddr 00:01:03:45:28:bc  
          inet addr:172.24.2.1  Bcast:172.24.2.255  Mask:255.255.255.0
          inet6 addr: fe80::201:3ff:fe45:28bc/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:960751 errors:0 dropped:0 overruns:0 frame:0
          TX packets:348740 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:114032496 (108.7 MB)  TX bytes:250311971 (238.7 MB)

vlan3     Link encap:Ethernet  HWaddr 00:01:03:45:28:bc  
          inet addr:172.24.3.1  Bcast:172.24.3.255  Mask:255.255.255.0
          inet6 addr: fe80::201:3ff:fe45:28bc/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:707211 errors:0 dropped:0 overruns:0 frame:0
          TX packets:94872 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:66151328 (63.0 MB)  TX bytes:91120563 (86.8 MB)

vlan4     Link encap:Ethernet  HWaddr 00:01:03:45:28:bc  
          inet addr:172.24.4.1  Bcast:172.24.4.255  Mask:255.255.255.0
          inet6 addr: fe80::201:3ff:fe45:28bc/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:685902 errors:0 dropped:0 overruns:0 frame:0
          TX packets:108850 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:42515938 (40.5 MB)  TX bytes:141189612 (134.6 MB)

vlan5     Link encap:Ethernet  HWaddr 00:01:03:45:28:bc  
          inet addr:172.24.5.1  Bcast:172.24.5.255  Mask:255.255.255.0
          inet6 addr: fe80::201:3ff:fe45:28bc/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1217531 errors:0 dropped:0 overruns:0 frame:0
          TX packets:343223 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:96978876 (92.4 MB)  TX bytes:225841404 (215.3 MB)

Not sure what other information would be relevant. As mentioned I've tried to flush all iptables rules and just add masquerade on eth0

torchnw · 06-06-2008, 09:56 AM

Ok, it seems the problem had to do with recursive lookups. Our dns-server would resolve local names from any other vlan/subnet but not internet addresses.