Re: [m0n0wall] Beta 1.1b13 --> DNS still does not work, clients get "Query refused" responses.

From:	Joey Morin <jmorin at icomm dot ca>
To:	Dinesh Nair <dinesh at alphaque dot com>
Cc:	"Kevin R. Porter" <krp2 at bellsouth dot net>, <m0n0wall at lists dot m0n0 dot ch>
Subject:	Re: [m0n0wall] Beta 1.1b13 --> DNS still does not work, clients get "Query refused" responses.
Date:	Mon, 14 Jun 2004 14:34:27 -0400 (EDT)
This one time, at band camp, Dinesh Nair said:

> On Sun, 13 Jun 2004, Kevin R. Porter wrote:
>
> > (1) I notice that the other fellow having similar DNS problems with
> > 1.1b12 (Jeremias Reith) and I are both using PPPOE type WAN links...
> > (2) from reading the mailing-list this DNS problem appears to have
> > crept in between 1.1b9 and 1.1b10 (when Manuel upgraded from 4.9 to
> > 4.10?)...
>
> not really, i observed it with my 4.9 kernel as well, somewhere in the
> same span (1.1b9 -> 1.1b10). (i dont use manuel's kernels, as i've got a
> different device here)
>
> and my WAN link is DHCP, not PPPoE. something about
> /var/etc/nameservers.conf not being populated when /etc/resolv.conf is
> generated, as you've already noticed.
>
> actually, this one has me stumped.

let me stump you some more.  i'd posted the below email a little while
back and got no response, save a suggestion that i use static DNS on the
m0n0.  i've just tried it with b13.  same problem.

in a nutshell, unless i define static dns servers under system.php, dhcp
clients (through dns forwarding) cannot resolve names.

while i can use static DNS, that's ugly.  and as i am ramping up to deploy
m0n0 for a bunch of clients, this could potentially cause problems (for
me!) if an ISP changed DNS servers.

i'd really love to get this fixed.  anything i can do to help this along,
i'd be happy.  i am permitted multiple ip addresses from my isp, so i can
put my test m0n0 on a separate internal subnet (outside my 'production'
router/firewall), and provide an email mechanism for you to be notified of
wan ip changes (i'm pppoe, without dyn-dns or similar) so you could be
free to reboot the machine.

jj

----------begin-included-email--------------
>From jmorin at icomm dot ca Mon Jun 14 12:20:03 2004
Date: Wed, 9 Jun 2004 15:02:09 -0400 (EDT)
From: Joey Morin <jmorin at icomm dot ca>
Reply-To: Joey Morin <joeymorin at alumni dot uwaterloo dot ca>
To: Quark AV - Hilton Travis <Hilton at QuarkAV dot com>
Cc: m0n0wall at lists dot m0n0 dot ch
Subject: DNS from PPPOE is not passed to DHCP Clients (was "[m0n0wall]
    Efficient Ethernet 5100")


This one time, at band camp, Quark AV - Hilton Travis said:

> I'd strongly recommend the latest 1.1 Beta images to those on PPPOE as
> the "DNS from PPPOE is not passed to DHCP Clients" issue as previously
> mentioned in this list is fixed.

um, i must be doing something wrong.  i've moved to 1.1b12, and i'm still
having problems with DNS.  i've tried every combination i had patience
for:
	- DNS from PPPOE (enabled/disabled)
	- Enable DNS forwarder (enabled/disabled)
	- Register DHCP leases in DNS forwarder (enabled/disabled)
	- alias for my LAN-side DHCP client test machine (with & without)
	- static mapping of MAC to IP for my client test machine (or no)

dozens of reboots and client release/flush/renew cycles out the wazoo, and
it still doesn't work.  the only way name resolving works (on the client
or with ping in exec.php) is with static DNS entries in the General Setup
page.

what am i missing?

at the end of this post is my system log (minus secret stuff), grepped for
mpd OR pppoe (reverse order).  the log is from a fresh reboot with no DNS
servers specified in the General Setup page.  i note in particular:

	mpd: [pppoe] exec: /usr/local/sbin/ppp-linkup ng0 inet 65.95.213.7
	65.95.213.1 xxxxxxxx dns1 206.47.244.107 dns2 206.47.244.78

so, if my read of the list archive on this subject is right, all is well
there.

i've confirmed that my interfaces.inc contains the patch provided by Rick
Low:

	set ipcp enable req-pri-dns
	set ipcp enable req-sec-dns

i did an ls -alR and there *IS NO* nameserver.conf anywhere.

this is what my mpd.conf looks like:

	pppoe:
		new -i ng0 pppoe pppoe
		set iface route default
		set iface disable on-demand
		set iface idle 0
		set iface up-script /usr/local/sbin/ppp-linkup
		set bundle disable multilink
		set bundle authname "xxxxxxxx"
		set bundle password "xxxxxxxx"
		set link keep-alive 10 60
		set link max-redial 0
		set link no acfcomp protocomp
		set link disable pap chap
		set link accept chap
		set link mtu 1492
		set ipcp yes vjcomp
		set ipcp ranges 0.0.0.0/0 0.0.0.0/0
		set ipcp enable req-pri-dns
		set ipcp enable req-sec-dns
		open iface

but, as discussed in the original thread about this in february (manuel,
rick and hilton), my resolv.conf looks like this:

	domain local

any ideas?  are we SURE that this is fixed in 1.1b12?

jj

p.s. if my config.xml will help, i'll post it or put it on a server...

p.p.s original thread:
http://m0n0.ch/wall/list/?action=show_threads&actionargs[]=200402#%2Farchive%2F34%2F27

-----------begin-syslog-excerpt-------------
Jun 9 14:45:35 	mpd: [pppoe] rec'd unexpected protocol IP on link 0
Jun 9 14:45:35 	mpd: [pppoe] IFACE: Up event
Jun 9 14:45:27 	mpd: [pppoe] exec: /usr/local/sbin/ppp-linkup ng0 inet
		65.95.213.7 65.95.213.1 xxxxxxxx dns1 206.47.244.107 dns2
		206.47.244.78
Jun 9 14:45:26 	mpd: [pppoe] exec: /sbin/route add 0.0.0.0 65.95.213.1
Jun 9 14:45:26 	mpd: [pppoe] exec: /sbin/route add 65.95.213.7 -iface lo0
Jun 9 14:45:25 	mpd: [pppoe] exec: /sbin/ifconfig ng0 65.95.213.7
		65.95.213.1 netmask 0xffffffff -link0
Jun 9 14:45:25 	mpd: [pppoe] setting interface ng0 MTU to 1492 bytes
Jun 9 14:45:25 	mpd: [pppoe] IFACE: Up event
Jun 9 14:45:25 	mpd: 65.95.213.7 -> 65.95.213.1
Jun 9 14:45:25 	mpd: [pppoe] IPCP: LayerUp
Jun 9 14:45:25 	mpd: [pppoe] IPCP: state change Ack-Sent --> Opened
Jun 9 14:45:25 	mpd: SECDNS 206.47.244.78
Jun 9 14:45:25 	mpd: PRIDNS 206.47.244.107
Jun 9 14:45:25 	mpd: IPADDR 65.95.213.7
Jun 9 14:45:25 	mpd: [pppoe] IPCP: rec'd Configure Ack #3 link 0
		(Ack-Sent)
Jun 9 14:45:25 	mpd: SECDNS 206.47.244.78
Jun 9 14:45:25 	mpd: PRIDNS 206.47.244.107
Jun 9 14:45:25 	mpd: IPADDR 65.95.213.7
Jun 9 14:45:25 	mpd: [pppoe] IPCP: SendConfigReq #3
Jun 9 14:45:25 	mpd: SECDNS 206.47.244.78
Jun 9 14:45:25 	mpd: PRIDNS 206.47.244.107
Jun 9 14:45:25 	mpd: 65.95.213.7 is OK
Jun 9 14:45:25 	mpd: IPADDR 65.95.213.7
Jun 9 14:45:25 	mpd: [pppoe] IPCP: rec'd Configure Nak #2 link 0
		(Ack-Sent)
Jun 9 14:45:25 	mpd: SECDNS 0.0.0.0
Jun 9 14:45:25 	mpd: PRIDNS 0.0.0.0
Jun 9 14:45:25 	mpd: IPADDR 0.0.0.0
Jun 9 14:45:25 	mpd: [pppoe] IPCP: SendConfigReq #2
Jun 9 14:45:25 	mpd: COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
Jun 9 14:45:25 	mpd: [pppoe] IPCP: rec'd Configure Reject #1 link 0
		(Ack-Sent)
Jun 9 14:45:25 	mpd: [pppoe] IPCP: state change Req-Sent --> Ack-Sent
Jun 9 14:45:25 	mpd: IPADDR 65.95.213.1
Jun 9 14:45:25 	mpd: [pppoe] IPCP: SendConfigAck #144
Jun 9 14:45:25 	mpd: 65.95.213.1 is OK
Jun 9 14:45:25 	mpd: IPADDR 65.95.213.1
Jun 9 14:45:25 	mpd: [pppoe] IPCP: rec'd Configure Request #144 link 0
		(Req-Sent)
Jun 9 14:45:25 	mpd: SECDNS 0.0.0.0
Jun 9 14:45:25 	mpd: PRIDNS 0.0.0.0
Jun 9 14:45:25 	mpd: COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
Jun 9 14:45:25 	mpd: IPADDR 0.0.0.0
Jun 9 14:45:25 	mpd: [pppoe] IPCP: SendConfigReq #1
Jun 9 14:45:25 	mpd: [pppoe] IPCP: state change Starting --> Req-Sent
Jun 9 14:45:25 	mpd: [pppoe] IPCP: Up event
Jun 9 14:45:25 	mpd: [pppoe] up: 1 link, total bandwidth 64000 bps
Jun 9 14:45:25 	mpd: [pppoe] setting interface ng0 MTU to 1492 bytes
Jun 9 14:45:25 	mpd: [pppoe] LCP: phase shift AUTHENTICATE --> NETWORK
Jun 9 14:45:25 	mpd: [pppoe] LCP: authorization successful
Jun 9 14:45:25 	mpd: [pppoe] PAP: rec'd ACK #1
Jun 9 14:45:25 	mpd: 65.95.213.7 -> 65.95.213.1
Jun 9 14:45:25 	mpd: SECDNS 206.47.244.78
Jun 9 14:45:25 	mpd: PRIDNS 206.47.244.107
Jun 9 14:45:25 	mpd: IPADDR 65.95.213.7
Jun 9 14:45:25 	mpd: SECDNS 206.47.244.78
Jun 9 14:45:25 	mpd: PRIDNS 206.47.244.107
Jun 9 14:45:25 	mpd: IPADDR 65.95.213.7
Jun 9 14:45:25 	mpd: SECDNS 206.47.244.78
Jun 9 14:45:25 	mpd: PRIDNS 206.47.244.107
Jun 9 14:45:25 	mpd: 65.95.213.7 is OK
Jun 9 14:45:25 	mpd: IPADDR 65.95.213.7
Jun 9 14:45:25 	mpd: SECDNS 0.0.0.0
Jun 9 14:45:25 	mpd: PRIDNS 0.0.0.0
Jun 9 14:45:25 	mpd: IPADDR 0.0.0.0
Jun 9 14:45:25 	mpd: COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
Jun 9 14:45:25 	mpd: IPADDR 65.95.213.1
Jun 9 14:45:25 	mpd: 65.95.213.1 is OK
Jun 9 14:45:25 	mpd: IPADDR 65.95.213.1
Jun 9 14:45:25 	mpd: SECDNS 0.0.0.0
Jun 9 14:45:25 	mpd: PRIDNS 0.0.0.0
Jun 9 14:45:25 	mpd: COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
Jun 9 14:45:25 	mpd: IPADDR 0.0.0.0
-----------end-syslog-excerpt-------------
----------end-included-email--------------