[Solved] Trouble configuring DNS with Debian 12 for host names in local domain

[Chronocide0]

I'm running Debian 12.1 using Vagrant on HyperV and connecting to a network using a virtual switch.
If I try to access resources on the public internet it works fine, but it fails to resolve resources on my local domain.

The DHCP lease seems correct from `/var/lib/dhcp/dhclient.eth0.leases`

Code: Select all

default-duid "\000\001\000\001,\240\017\004\000\025]\012\016\307";
lease {
  interface "eth0";
  fixed-address 172.23.230.141;
  option subnet-mask 255.255.240.0;
  option dhcp-lease-time 86400;
  option routers 172.23.224.1;
  option dhcp-message-type 5;
  option domain-name-servers 172.23.224.1;
  option dhcp-server-identifier 172.23.224.1;
  option dhcp-renewal-time 43200;
  option dhcp-rebinding-time 64800;
  option domain-name "mshome.net";
  option netbios-node-type 4;
  renew 4 2025/01/09 23:34:54;
  rebind 4 2025/01/09 23:34:54;
  expire 4 2025/01/09 23:34:54;
}
lease {
  interface "eth0";
  fixed-address 172.23.230.141;
  option subnet-mask 255.255.240.0;
  option dhcp-lease-time 86400;
  option routers 172.23.224.1;
  option dhcp-message-type 5;
  option domain-name-servers 172.23.224.1;
  option dhcp-server-identifier 172.23.224.1;
  option dhcp-renewal-time 43200;
  option dhcp-rebinding-time 64800;
  option domain-name "mshome.net";
  option netbios-node-type 4;
  renew 5 2025/01/10 09:06:34;
  rebind 5 2025/01/10 17:34:57;
  expire 5 2025/01/10 23:34:57;
}

172.23.224.1 is the address for the virtual switch and also the DHCP/DNS server
If I manually specify a DNS server; then name resolution succeeds

Code: Select all

nslookup my.domain.local 172.23.224.1

But it fails if I don't.

Resolvconf is running

Code: Select all

● resolvconf.service - Nameserver information manager
     Loaded: loaded (/lib/systemd/system/resolvconf.service; enabled; preset: enabled)
     Active: active (exited) since Fri 2025-01-10 00:47:55 UTC; 8min ago
       Docs: man:resolvconf(8)
    Process: 2569 ExecStart=/sbin/resolvconf --enable-updates (code=exited, status=0/SUCCESS)
   Main PID: 2569 (code=exited, status=0/SUCCESS)
        CPU: 1ms

Jan 10 00:47:55 debian systemd[1]: Started resolvconf.service - Nameserver information manager.

And the contents of `/etc/resolv.conf` is

Code: Select all

# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
# 127.0.0.53 is the systemd-resolved stub resolver.
# run "resolvectl status" to see details about the actual nameservers.

nameserver 4.2.2.1
nameserver 4.2.2.2
nameserver 208.67.220.220
search mshome.net

I'm pretty sure that I've got an issue with how resolv is configured but don't know how to proceed from here
Any help is appreciated.

[Aki]

Hello,

What is exactly your Debian 12 version ? You can check with the following command:

Code: Select all

cat /etc/debian_version

I'm running Debian 12 using Vagrant on HyperV and connecting to a network using a virtual switch.
If I try to access resources on the public internet it works fine, but it fails to resolve resources on my local domain.
[..]
172.23.224.1 is the address for the virtual switch and also the DHCP/DNS server

According to your quote above, I assume that 172.23.224.1 is the address of the DNS server/service for the local domain, and that the local domain is "mshome.net": can you please confirm this ?

You need to assess the issue. You can check responses from the local DNS service and from local name resolver services with the following commands (replace <canonical name> with the canonical name of the hostname in the local domain computer that you want to resolve, for example, mycomputer.mshome.net where mycomputer is an existing host name):

Code: Select all

sudo apt install bind9-dnsutils
cat /etc/hosts
cat /etc/nsswitch.conf
dig
dig <canonical name> 
dig @172.23.224.1 <canonical name> 
getent ahostsv4
getent ahostsv4 <canonical name>
dig @8.8.8.8 www.google.com
getent ahostsv4 www.google.com

Hope this helps.

--
note: please update the subject of the first post from "Trouble configuring DNS" to "Trouble configuring DNS with Debian 12 for host names in local domain"

[Chronocide0]

Thank you for your assistance

What is exactly your Debian 12 version ? You can check with the following command:

Version is 12.1

According to your quote above, I assume that 172.23.224.1 is the address of the DNS server/service for the local domain, and that the local domain is "mshome.net": can you please confirm this ?

Yes 172.23.224.1 is the address of the DNS server/service for the local domain the Debian machine is on and it is called "mshome.net". It is a virtual switch managed by HyperV, and all requests just get proxied to the DNS/domain server that the host machine is on that domain is "myorg.it".
In my case I'm trying to reach our privately hosted gitlab repo at "gitlab.myorg.it". So that is adding some complexity, though I don't think it should be too big a hurdle.

cat /etc/hosts

Code: Select all

127.0.0.1       localhost
127.0.1.1       debian

# The following lines are desirable for IPv6 capable hosts
::1     localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

127.0.0.1 debian12.localdomain

127.0.2.1 debian.local debian

## vagrant-hostmanager-start
172.23.230.141  debian.local

## vagrant-hostmanager-end

cat /etc/nsswitch.conf

Code: Select all

# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.

passwd:         files systemd
group:          files systemd
shadow:         files systemd
gshadow:        files systemd

hosts:          files dns
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis

dig

Code: Select all

; <<>> DiG 9.18.16-1~deb12u1-Debian <<>>
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61517
;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 27

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;.                              IN      NS

;; ANSWER SECTION:
.                       86398   IN      NS      j.root-servers.net.
.                       86398   IN      NS      k.root-servers.net.
.                       86398   IN      NS      l.root-servers.net.
.                       86398   IN      NS      m.root-servers.net.
.                       86398   IN      NS      a.root-servers.net.
.                       86398   IN      NS      b.root-servers.net.
.                       86398   IN      NS      c.root-servers.net.
.                       86398   IN      NS      d.root-servers.net.
.                       86398   IN      NS      e.root-servers.net.
.                       86398   IN      NS      f.root-servers.net.
.                       86398   IN      NS      g.root-servers.net.
.                       86398   IN      NS      h.root-servers.net.
.                       86398   IN      NS      i.root-servers.net.

;; ADDITIONAL SECTION:
a.root-servers.net.     86398   IN      A       198.41.0.4
b.root-servers.net.     86398   IN      A       170.247.170.2
c.root-servers.net.     86398   IN      A       192.33.4.12
d.root-servers.net.     86398   IN      A       199.7.91.13
e.root-servers.net.     86398   IN      A       192.203.230.10
f.root-servers.net.     86398   IN      A       192.5.5.241
g.root-servers.net.     86398   IN      A       192.112.36.4
h.root-servers.net.     86398   IN      A       198.97.190.53
i.root-servers.net.     86398   IN      A       192.36.148.17
j.root-servers.net.     86398   IN      A       192.58.128.30
k.root-servers.net.     86398   IN      A       193.0.14.129
l.root-servers.net.     86398   IN      A       199.7.83.42
m.root-servers.net.     86398   IN      A       202.12.27.33
a.root-servers.net.     86398   IN      AAAA    2001:503:ba3e::2:30
b.root-servers.net.     86398   IN      AAAA    2801:1b8:10::b
c.root-servers.net.     86398   IN      AAAA    2001:500:2::c
d.root-servers.net.     86398   IN      AAAA    2001:500:2d::d
e.root-servers.net.     86398   IN      AAAA    2001:500:a8::e
f.root-servers.net.     86398   IN      AAAA    2001:500:2f::f
g.root-servers.net.     86398   IN      AAAA    2001:500:12::d0d
h.root-servers.net.     86398   IN      AAAA    2001:500:1::53
i.root-servers.net.     86398   IN      AAAA    2001:7fe::53
j.root-servers.net.     86398   IN      AAAA    2001:503:c27::2:30
k.root-servers.net.     86398   IN      AAAA    2001:7fd::1
l.root-servers.net.     86398   IN      AAAA    2001:500:9f::42
m.root-servers.net.     86398   IN      AAAA    2001:dc3::35

;; Query time: 44 msec
;; SERVER: 4.2.2.1#53(4.2.2.1) (UDP)
;; WHEN: Fri Jan 10 18:41:23 UTC 2025
;; MSG SIZE  rcvd: 811

dig gitlab.myorg.it

Code: Select all

; <<>> DiG 9.18.16-1~deb12u1-Debian <<>> gitlab.myorg.it
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 24277
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;gitlab.myorg.it.             IN      A

;; AUTHORITY SECTION:
myorg.it.             1346    IN      SOA     ns61.domaincontrol.com. dns.jomax.net. 2024121102 28800 7200 604800 3600

;; Query time: 216 msec
;; SERVER: 4.2.2.1#53(4.2.2.1) (UDP)
;; WHEN: Fri Jan 10 19:15:20 UTC 2025
;; MSG SIZE  rcvd: 117

dig @172.23.224.1 gitlab.myorg.it

Code: Select all

; <<>> DiG 9.18.16-1~deb12u1-Debian <<>> @172.23.224.1 gitlab.myorg.it
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3207
;; flags: qr rd ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;gitlab.myorg.it.             IN      A

;; ANSWER SECTION:
gitlab.myorg.it.      0       IN      A       192.168.0.33

;; Query time: 0 msec
;; SERVER: 172.23.224.1#53(172.23.224.1) (UDP)
;; WHEN: Fri Jan 10 19:41:10 UTC 2025
;; MSG SIZE  rcvd: 68

getent ahostsv4

Code: Select all

127.0.0.1       localhost
127.0.1.1       debian
127.0.0.1       localhost ip6-localhost ip6-loopback
127.0.0.1       debian12.localdomain
127.0.2.1       debian.local debian
172.23.230.141  debian.local

getent ahostsv4 gitlab.myorg.it
No output

dig @8.8.8.8 www.google.com

Code: Select all

; <<>> DiG 9.18.16-1~deb12u1-Debian <<>> @8.8.8.8 www.google.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57189
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;www.google.com.                        IN      A

;; ANSWER SECTION:
www.google.com.         218     IN      A       172.217.14.196

;; Query time: 28 msec
;; SERVER: 8.8.8.8#53(8.8.8.8) (UDP)
;; WHEN: Fri Jan 10 19:37:57 UTC 2025
;; MSG SIZE  rcvd: 59

getent ahostsv4 www.google.com

Code: Select all

142.250.189.196 STREAM www.google.com
142.250.189.196 DGRAM
142.250.189.196 RAW

I don't know how to interpret a lot of this output, but it looks like from the dig output the DNS is returning the expected result "192.168.0.33".

[Aki]

Hello,

According to the logs in the previous message, it seems that your Debian is using the IP address 4.2.2.1 (a remote DNS server) as the default DNS server instead of the IP address 172.23.224.1 (your local DNS server).

What are the contents of the file named /etc/resolv.conf ?

How do you configure the network connection in Debian?

Could this be caused by the local domain set up by Vagrant ?

[Chronocide0]

According to the logs in the previous message, it seems that your Debian is using the IP address 4.2.2.1 (a remote DNS server) as the default DNS server instead of the IP address 172.23.224.1 (your local DNS server).

I had thought it would fall through to the next DNS in the list if a result couldn't be found. But yes I agree; what I would like to do is change resolve to use the DNS provided by the most recent DHCP lease.

What are the contents of the file named /etc/resolv.conf ?

It's in the original message but I'll include it again here:

Code: Select all

# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
# 127.0.0.53 is the systemd-resolved stub resolver.
# run "resolvectl status" to see details about the actual nameservers.

nameserver 4.2.2.1
nameserver 4.2.2.2
nameserver 208.67.220.220
search mshome.net

How do you configure the network connection in Debian?

So far everything is just the default from the vagrant box. From what I can tell this should be the network config
https://github.com/lavabit/robox/blob/m ... network.sh
At least I can see that it is setting the static DNS entries here

Could this be caused by the local domain set up by Vagrant ?

Maybe; but I don't think so.

[Aki]

Hello,

The script in the previous post does not seem to take into account a local dns running outside the VM.

According to the previous post, you probably should prepend the IP of your local dns in /etc/resolv.conf

Hope this help. Please let me know.

[Chronocide0]

According to the previous post, you probably should prepend the IP of your local DNS in /etc/resolv.conf

I agree; that's what I'm trying to learn how to do. There are at least two complications in my way.

1. The resolv.conf says "DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN" so I don't know where to make the change
2. The DNS reported by the DHCP might change with a new lease, and I would like it to automatically update when it does.

I suppose the help request has changed, since you have made the problem clear. Would it be better to make a new thread "How to configure resolve to use DNS settings from DHCP lease"?

[Aki]

Hello,

This seems to be your VM's autoconfiguration system (Roboxes) configuration issue (see tickets [2][3][4][5]), i.e.:

• robox - Hardcoded external DNS breaks internal DNS resolver - issue #11

According to the previous post, you probably should prepend the IP of your local DNS in /etc/resolv.conf

I agree; that's what I'm trying to learn how to do. There are at least two complications in my way.

1. The resolv.conf says "DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN" so I don't know where to make the change

According to the configuration script you posted [1], Roboxes seems to configure IP DNS addresses (and the overall network configuration) using the file named /etc/network/interfaces:

Code: Select all

[..]
# Ensure the loopback, and default network interface are automatically enabled and then dhcp'ed.
printf "allow-hotplug eth0\n" >> /etc/network/interfaces
printf "auto lo\n" >> /etc/network/interfaces
printf "iface lo inet loopback\n" >> /etc/network/interfaces
printf "iface eth0 inet dhcp\n" >> /etc/network/interfaces
printf "dns-nameserver 4.2.2.1\n" >> /etc/network/interfaces
printf "dns-nameserver 4.2.2.2\n" >> /etc/network/interfaces
printf "dns-nameserver 208.67.220.220\n" >> /etc/network/interfaces

# Adding a delay so dhclient will work properly.
printf "pre-up sleep 2\n" >> /etc/network/interfaces

# Ensure a nameserver is being used that won't return an IP for non-existent domain names.
printf "nameserver 4.2.2.1\nnameserver 4.2.2.2\nnameserver 208.67.220.220\n" > /etc/resolv.conf

# Install ifplugd so we can monitor and auto-configure nics.
retry apt-get --assume-yes install ifplugd resolvconf

# Configure ifplugd to monitor the eth0 interface.
sed -i -e 's/INTERFACES=.*/INTERFACES="eth0"/g' /etc/default/ifplugd

# Ensure the networking interfaces get configured on boot.
systemctl enable networking.service

# Ensure ifplugd also gets started, so the ethernet interface is monitored.
systemctl enable ifplugd.service

# Ensure a sane DNSS configuration.
systemctl enable resolvconf.service

This means that the configuration adopted by Roboxes uses the ifupdown package togheter with the systemd-resolved (that provides resolver services for Domain Name System DNS service in your actual configuration).

So, if confirmed, you could try to add the static IP 172.23.224.1 of the local domain DNS in /etc/network/interfaces (then propagated to /etc/resolv.conf via systemd-resolved service), i.e. add a line with dns-nameserver 172.23.224.1 before the line with dns-nameserver 4.2.2.1. Then enable the configuration by running the following command:

Code: Select all

sudo ifdown -a
sudo ifup -a

or simply rebooting the system.

• The DNS reported by the DHCP might change with a new lease, and I would like it to automatically update when it does.

So, this is the main issue: the IP DNS server address assigned by DHCP seems not to be assigned to the DNS list used by your client, while static IP DNS addresses are used instead, as per Roboxes default configuration. So, you need to change Roboxes configuration (see tickets below) or VM configuration.

I suppose the help request has changed, since you have made the problem clear. Would it be better to make a new thread "How to configure resolve to use DNS settings from DHCP lease"?

You can update the subject of the first post from:

• "How to configure resolve to use DNS settings from DHCP lease"

to:

• "Roboxes/Vagrant: hardcoded external DNS breaks internal DNS resolver with Debian"

Hope this helps.

--
[1] https://github.com/lavabit/robox/blob/m ... network.sh
[2] hardcoded external DNS breaks internal DNS resolver - issue #11
[3] generic/debian boxes have fixed DNS servers when used in Vagrant with libvirt - issue #282
[4] dns servers hardcoded in generic/ubuntu1804 - issue #54
[5] remove hardcoded DNS servers - issue #59

[Chronocide0]

Thank you that definitely gave me enough to go on.
It seems that if no DNS entry is defined in /etc/network/interfaces then it will fallback to the DNS provided by DHCP if available.
The following ended up working for me and could easily be added to the Vagrant provisioning script

Code: Select all

sed -i '/dns-.*/d' /etc/network/interfaces
ifdown eth0 && ifup eth0

[Aki]

Hello,

Thank you that definitely gave me enough to go on.
It seems that if no DNS entry is defined in /etc/network/interfaces then it will fallback to the DNS provided by DHCP if available.
The following ended up working for me and could easily be added to the Vagrant provisioning script

Code: Select all

sed -i '/dns-.*/d' /etc/network/interfaces
ifdown eth0 && ifup eth0

I'm glad you sorted it out.

Please, mark the discussion as "solved" manually adding the text tag "[Solved]" at the beginning of the subject of the first message (after other tags, if any).

Thanks.

Happy Debian !