Debian as DNS server for two networks: some issues

[mikedeb]

I'm not an expert, and just trying to make my way through a lot of issues to get the job done and learn new things about networking. So, in order to practice with linux networking, I installed two VMs (debian 10.4) in my VMware workstation. The first one is connected to my home LAN via bridge mode and gets an Ip address (192.198.3.96) from my router directly for its ens33 virtual interface. The second one is connected to the first one through ens37 interface which has 10.10.10.1 as its LAN IP. Basically, the linux first machine works as a DHCP/DNS and firewall for the second one. I also disabled systemd-resolved and installed dnsmasq. Everything worked fine and both virtual machines could browse the internet.

I'd like now to use my debian machine as my real Home LAN dns server too. 192.168.3.0/24 is my physical LAN subnet.

So, I set my debian IP (192.168.3.96) as my main dns server in my LAN router. I then added these two iptables rules in my debian server machine:

Code: Select all

iptables -A INPUT -i ens33 -s

192.168.3.0/24 -p udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT iptables -A INPUT -i ens33 -s 192.168.3.0/24 -p tcp --dport 53 -m conntrack --ctstate NEW -j ACCEPT

But something still didn't seem to be working correctly: I couldn't get any responses for my nslookup launched from my Windows pc in my lan network (192.168.3.100):

Code: Select all

C:\Users\mike>nslookup bbc.co.uk
Server:  UnKnown
Address:  192.168.3.96

*** UnKnown can't find bbc.co.uk: Query refused

I then ran on debian:

Code: Select all

root@debianser:~# sudo tcpdump -n udp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes
23:38:52.995069 IP 192.168.3.100.58294 > 192.168.3.96.53: 1+ PTR? 96.3.168.192.in-addr.arpa. (43)
23:38:52.995987 IP 192.168.3.96.53 > 192.168.3.100.58294: 1 Refused 0/0/0 (43)
23:38:52.998894 IP 192.168.3.100.58295 > 192.168.3.96.53: 2+ A? bbc.co.uk. (27)
23:38:52.999055 IP 192.168.3.96.53 > 192.168.3.100.58295: 2 Refused 0/0/0 (27)
23:38:53.000411 IP 192.168.3.100.58296 > 192.168.3.96.53: 3+ AAAA? bbc.co.uk. (27)
23:38:53.002549 IP 192.168.3.96.53 > 192.168.3.100.58296: 3 Refused 0/0/0 (27)
23:38:53.003966 IP 192.168.3.100.58297 > 192.168.3.96.53: 4+ A? bbc.co.uk. (27)
23:38:53.005820 IP 192.168.3.96.53 > 192.168.3.100.58297: 4 Refused 0/0/0 (27)
23:38:53.006366 IP 192.168.3.100.58298 > 192.168.3.96.53: 5+ AAAA? bbc.co.uk. (27)
23:38:53.008249 IP 192.168.3.96.53 > 192.168.3.100.58298: 5 Refused 0/0/0 (27)

Could you please help me figure out what exactly is the problem here?

Also, I was wondering whether my debian can be used as a dns server for both networks, the virtual one in VMware (10.10.10.0/24) and my real one (192.168.3.0/24)

Thanks

[dilberts_left_nut]

and installed dnsmasq

Is it listening on both interfaces?

then added these two iptables rules

Why?
Do you have other rules?

[mikedeb]

and installed dnsmasq

Is it listening on both interfaces?

How can I make sure of it?
In my dnsmasq .conf file I have these lines:

Code: Select all

.....
# If you want dnsmasq to listen for DHCP and DNS requests only on
# specified interfaces (and the loopback) give the name of the
# interface (eg eth0) here.
# Repeat the line for more than one interface.
#interface=
# Or you can specify which interface _not_ to listen on
#except-interface=
.....

all the lines are uncommented, but any dns requests coming from 10.10.10.1 (ens37) work nonetheless.

Why?
Do you have other rules?

Yes, I have

Thanks

[mikedeb]

I added these two lines in dnsmasq.conf:

interface=ens33
interface=ens37

I added these two lines in dnsmasq.conf:

By running tcpdump it seems that dns requests still get refused.

Any idea?