[ previous ] [ next ] [ threads ]
 
 From:  Mathias Lustig <mathias dot baran at googlemail dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Beta 1.3b16 released
 Date:  Sun, 12 Apr 2009 11:56:25 +0200
2009/4/11 Manuel Kasper <mk at neon1 dot net>

> Hello,
>
> it's been exactly 6 months since the last release, but m0n0wall is not
> dead: beta 1.3b16 is now available. Aside from a kernel security bugfix
> (arc4random) and added support for Broadcom BCM5722 NICs, quite a lot has
> happened regarding IPv6 - thanks to Andrew White, we now have support for
> DHCPv6, IPv6 webGUI access, more control over RAs, initial support for
> secondary IP addresses on LAN/optional interfaces, and more.
>
> Detailed change log and downloads:
>
> http://m0n0.ch/wall/beta.php
>
> Regarding future development: I still plan on releasing 1.3 anytime soon,
> but would like to tackle the following issues first. If you can help with
> any of these, please let us know.
>
> - replacing the legacy BRIDGE with if_bridge
>
> - improving captive portal reliability and performance (e.g. by introducing
> SQLite to replace the various flat text files and corresponding lockfiles)
>
> - adding support for address/network groups in firewall rules (via
> ipfilter's ippool feature)
>
> - upgrading to FreeBSD 6.4 (should be simple; no help needed with that one)
>
> Thank you for your patience,
>
> Manuel
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>

Hi Manuel and of course everyone else on the list! ;)


I updated to 1.3b16 last night and since then I encounter a strange problem
with the feature to override the authorative dns server for a specific
domain in the settings of m0n0s DNS forwarder.

I have a permanent IPSec VPN tunnel to my employers network for maintenance,
home office and on-call duty. We use an Active Directory Domain Controller
with its integrated DNS server for name resolution und because of that I've
set up an entry in the DNS forwarder, which queries our DC for everything
related to the "joho.local" domain.

This feature worked quite fine 'till the upgrade to 1.3b16 last night. After
the upgrade, my m0n0 box just refuses to look up any name from the
overridden authorative DNS. The IPSec tunnel is up and I'm able to ping
hosts in my employers network. I'm also able to ping the specific domain
controller specified for "joho.local" domain in the dns forwarder. But I
can't ping any host in the other network by name. The resolution just fails.


I checked and confirmed this behavior with nslooup which returns a timeout
when querying any hostname managed by my employers DNS but works fine for
any other hostname. If I manually specify the DC as the DNS server for
nslookup to query, the resolution just works. OK, so this means the
overridden DNS server is up  and running and reachable from my network as I
expected it to be. Entering the DC as secondary DNS server in my clients is
therefor a good  workaround to get the name resolution working again 'till I
(we?) manage to get the the resolution via m0n0 working again.

So guys, what do you think about this? Any suggestions? I'm willing to do
some more specific testing and bug hunting if you can provide me with some
ideas about what to do.


-- 
Gretings,

Mathias

---

Mathias Lustig
Rheingaustraße 106
65375 Oestrich-Winkel

Tel.:  06723 - 885659
Mobil: 0176 - 20529172
ICQ:   77571225
Jabber: mathias[dot]lustig[at]jabber[dot]ccc[dot]de