Debian as DNS server for two networks: some issues

Kernels & Hardware, configuring network, installing services

Debian as DNS server for two networks: some issues

Postby mikedeb » 2020-08-25 09:20

I'm not an expert, and just trying to make my way through a lot of issues to get the job done and learn new things about networking. So, in order to practice with linux networking, I installed two VMs (debian 10.4) in my VMware workstation. The first one is connected to my home LAN via bridge mode and gets an Ip address (192.198.3.96) from my router directly for its ens33 virtual interface. The second one is connected to the first one through ens37 interface which has 10.10.10.1 as its LAN IP. Basically, the linux first machine works as a DHCP/DNS and firewall for the second one. I also disabled systemd-resolved and installed dnsmasq. Everything worked fine and both virtual machines could browse the internet.

I'd like now to use my debian machine as my real Home LAN dns server too. 192.168.3.0/24 is my physical LAN subnet.

So, I set my debian IP (192.168.3.96) as my main dns server in my LAN router. I then added these two iptables rules in my debian server machine:

Code: Select all
iptables -A INPUT -i ens33 -s

192.168.3.0/24 -p udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT iptables -A INPUT -i ens33 -s 192.168.3.0/24 -p tcp --dport 53 -m conntrack --ctstate NEW -j ACCEPT


But something still didn't seem to be working correctly: I couldn't get any responses for my nslookup launched from my Windows pc in my lan network (192.168.3.100):

Code: Select all
C:\Users\mike>nslookup bbc.co.uk
Server:  UnKnown
Address:  192.168.3.96

*** UnKnown can't find bbc.co.uk: Query refused


I then ran on debian:

Code: Select all
root@debianser:~# sudo tcpdump -n udp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes
23:38:52.995069 IP 192.168.3.100.58294 > 192.168.3.96.53: 1+ PTR? 96.3.168.192.in-addr.arpa. (43)
23:38:52.995987 IP 192.168.3.96.53 > 192.168.3.100.58294: 1 Refused 0/0/0 (43)
23:38:52.998894 IP 192.168.3.100.58295 > 192.168.3.96.53: 2+ A? bbc.co.uk. (27)
23:38:52.999055 IP 192.168.3.96.53 > 192.168.3.100.58295: 2 Refused 0/0/0 (27)
23:38:53.000411 IP 192.168.3.100.58296 > 192.168.3.96.53: 3+ AAAA? bbc.co.uk. (27)
23:38:53.002549 IP 192.168.3.96.53 > 192.168.3.100.58296: 3 Refused 0/0/0 (27)
23:38:53.003966 IP 192.168.3.100.58297 > 192.168.3.96.53: 4+ A? bbc.co.uk. (27)
23:38:53.005820 IP 192.168.3.96.53 > 192.168.3.100.58297: 4 Refused 0/0/0 (27)
23:38:53.006366 IP 192.168.3.100.58298 > 192.168.3.96.53: 5+ AAAA? bbc.co.uk. (27)
23:38:53.008249 IP 192.168.3.96.53 > 192.168.3.100.58298: 5 Refused 0/0/0 (27)


Could you please help me figure out what exactly is the problem here?

Also, I was wondering whether my debian can be used as a dns server for both networks, the virtual one in VMware (10.10.10.0/24) and my real one (192.168.3.0/24)

Thanks
mikedeb
 
Posts: 4
Joined: 2020-08-25 08:59

Re: Debian as DNS server for two networks: some issues

Postby dilberts_left_nut » 2020-08-25 10:25

mikedeb wrote:and installed dnsmasq
Is it listening on both interfaces?
mikedeb wrote:then added these two iptables rules
Why?
Do you have other rules?
AdrianTM wrote:There's no hacker in my grandma...
User avatar
dilberts_left_nut
 
Posts: 5074
Joined: 2009-10-05 07:54
Location: enzed

Re: Debian as DNS server for two networks: some issues

Postby mikedeb » 2020-08-25 16:39

dilberts_left_nut wrote:
mikedeb wrote:and installed dnsmasq
Is it listening on both interfaces?



How can I make sure of it?
In my dnsmasq .conf file I have these lines:


Code: Select all
.....
# If you want dnsmasq to listen for DHCP and DNS requests only on
# specified interfaces (and the loopback) give the name of the
# interface (eg eth0) here.
# Repeat the line for more than one interface.
#interface=
# Or you can specify which interface _not_ to listen on
#except-interface=
.....



all the lines are uncommented, but any dns requests coming from 10.10.10.1 (ens37) work nonetheless.

Why?
Do you have other rules?


Yes, I have

Thanks
mikedeb
 
Posts: 4
Joined: 2020-08-25 08:59

Re: Debian as DNS server for two networks: some issues

Postby mikedeb » 2020-08-26 07:17

I added these two lines in dnsmasq.conf:

interface=ens33
interface=ens37

I added these two lines in dnsmasq.conf:

By running tcpdump it seems that dns requests still get refused.

Any idea?
mikedeb
 
Posts: 4
Joined: 2020-08-25 08:59


Return to System configuration

Who is online

Users browsing this forum: No registered users and 18 guests

fashionable