Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Why tries 1 TW machine to resolve its hostname via DNS?

  1. #1

    Question Why tries 1 TW machine to resolve its hostname via DNS?

    Hi!

    Have two networks with different ISPs, for one location the ISP messes around with DNS (DNSSEC, DoT), so I forward DNS via a tunnel (openVPN, now wireguard) to the second location, working fine for almost all machines (including different TW installs), except for one TW that doesn't play nice with the setup.

    Due to reasons I can not understand, the /etc/resolv.conf is correct (DNS from remote network), but everytime I start a browser, the TW sends out a DNS request to resolve its own hostname to the remote DNS server:

    Code:
    1    2020-11-11 16:21:17.150646    aaa.bbb.ccc.3    xxx.yyy.zzz.1    DNS    86    Standard query 0x1f72 A myhostname.localdomain.home.arpa
    and as the DNS server (unbound) in the network behind the tunnel does not know this domain/host, it replies with

    Code:
    2    2020-11-11 16:21:17.175907    xxx.yyy.zzz.1    aaa.bbb.ccc.3    DNS    54    Standard query response 0x1f72 Refused
    and afterwards no further DNS traffic goes forward.

    I deleted the wired interface in NetworkManager and created a new one. I switched to Wicked, all with rebooting. If I edit /etc/rsolv.conf and enter the local router as a DNS server, the machine resolves hostnames (e.g. ping google.com) correctly, but this DNS is not reliable, I don't want to use it.

    Can anybody enlighten me, why this machine is trying to resolve its hostname and how to turn this off?

    Many thanks in advance!
    Kind regards

    raspu

  2. #2

    Default Re: Why tries 1 TW machine to resolve its hostname via DNS?

    Still no idea why the machine resolves its own name, but the "REFUSED" is resolved. The Wireguard tunnel did not add all remote subnets to the Access List of the local unbound...
    Kind regards

    raspu

  3. #3
    Join Date
    Jan 2014
    Location
    Erlangen
    Posts
    2,238
    Blog Entries
    1

    Default Re: Why tries 1 TW machine to resolve its hostname via DNS?

    Quote Originally Posted by suse_rasputin View Post
    Still no idea why the machine resolves its own name, but the "REFUSED" is resolved. The Wireguard tunnel did not add all remote subnets to the Access List of the local unbound...
    Networking can be puzzling. Removing every configuration file and restarting every device involved works most of the time: https://forums.opensuse.org/showthre...onger-connects
    AMD Athlon 4850e (2009), openSUSE 13.1, KDE 4, Intel i3-4130 (2014), i7-6700K (2016), i5-8250U (2018), AMD Ryzen 5 3400G (2020), openSUSE Tumbleweed, KDE Plasma 5

  4. #4
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    13,126
    Blog Entries
    2

    Default Re: Why tries 1 TW machine to resolve its hostname via DNS?

    The first thing to know about hostnames is that a machine can have many.
    There is the one you configure in YaST that is preferred and is used internally, but for various different purposes a machine and individual resources on the machine might have many.
    As long as each name resolves correctly to correct address, that is all you should be concerned about.

    Regarding that first DNS query you posted, you should know that is not a normal DNS query (where you query what is the IP address for that name), it's actually a reverse lookup (where your machine is inquiring what is its name on the network and might also be a type of query made for other IP addresses). If your VPN is set up correctly, your machine is properly using the DNS provided by the VPN (to prevent DNS leakage. DNS leakage is when someone like your ISP might not be able to know what happens within your VPN but if you're using the ISP's DNS, then then your ISP knows every Internet address you likely are visiting.

    As you should already know, a functioning VPN DNS is not usually necessary to use the VPN, as long as your machine knows the Default Gateway of the VPN, your packets will be routed to the Internet. To resolve Internet addresses, you just need any DNS that can do the job. It would be different only if you were connected to something like a company VPN where you'd have company resources in the VPN like a company file server.

    Your machine is querying for its hostname because that's how you are configured as the VPN client, it's a standard DHCP setting. You can inspect your VPN network connection properties for what is usually a checkbox, but it might also be hardcoded in your VPN client setup (Most VPN administrators distribute a configuration package to Users to set up their VPNs so it's not so difficult).

    HTH,
    TSU
    Beginner Wiki Quickstart - https://en.opensuse.org/User:Tsu2/Quickstart_Wiki
    Solved a problem recently? Create a wiki page for future personal reference!
    Learn something new?
    Attended a computing event?
    Post and Share!

  5. #5
    Join Date
    Sep 2012
    Posts
    6,148

    Default Re: Why tries 1 TW machine to resolve its hostname via DNS?

    Quote Originally Posted by suse_rasputin View Post
    everytime I start a browser
    Which browser? I see firefox querying for its hostname address on startup, but not chromium.
    Code:
    1    2020-11-11 16:21:17.150646    aaa.bbb.ccc.3    xxx.yyy.zzz.1    DNS    86    Standard query 0x1f72 A myhostname.localdomain.home.arpa
    So this is DNS query. Without any information about your system there is no way to decide whether this query is legitimate or not.
    why this machine is trying to resolve its hostname and how to turn this off?
    First you need to find out what application does it. If you say it happens on browser startup, then tell which browser, provide full output of "tshark 'port 53'" during browser startup (or whatever you use for packet capture), /etc/nsswitch.conf and /etc/resolv.conf.

  6. #6
    Join Date
    Sep 2012
    Posts
    6,148

    Default Re: Why tries 1 TW machine to resolve its hostname via DNS?

    Quote Originally Posted by tsu2 View Post
    The first thing to know about hostnames is that a machine can have many.
    There is only one hostname.
    that is not a normal DNS query (where you query what is the IP address for that name), it's actually a reverse lookup
    Oh, so "A" query is reverse lookup. What a revelation.

  7. #7

    Default Re: Why tries 1 TW machine to resolve its hostname via DNS?

    Quote Originally Posted by arvidjaar View Post
    Which browser? I see firefox querying for its hostname address on startup, but not chromium.

    So this is DNS query. Without any information about your system there is no way to decide whether this query is legitimate or not.

    First you need to find out what application does it. If you say it happens on browser startup, then tell which browser, provide full output of "tshark 'port 53'" during browser startup (or whatever you use for packet capture), /etc/nsswitch.conf and /etc/resolv.conf.
    Hi again, sorry for the delay!

    Yepp, it's the usual suspect, Firefox (83.0). Output from the TW machine starting the FF:

    Code:
    cat /etc/nsswitch.conf
    #
    # /etc/nsswitch.conf
    #
    # An example Name Service Switch config file. This file should be
    # sorted with the most-used services at the beginning.
    #
    # The entry '[NOTFOUND=return]' means that the search for an
    # entry should stop if the search in the previous entry turned
    # up nothing. Note that if the search failed due to some other reason
    # (like no NIS server responding) then the search continues with the
    # next entry.
    #
    # Legal entries are:
    #
    #       compat                  Use compatibility setup
    #       nisplus                 Use NIS+ (NIS version 3)
    #       nis                     Use NIS (NIS version 2), also called YP
    #       dns                     Use DNS (Domain Name Service)
    #       files                   Use the local files
    #       [NOTFOUND=return]       Stop searching if not found so far
    #
    # For more information, please read the nsswitch.conf.5 manual page.
    #
    
    passwd: compat
    group:  compat
    shadow: compat
    
    hosts:          files mdns_minimal [NOTFOUND=return] dns
    networks:       files dns
    
    services:       files usrfiles
    protocols:      files usrfiles
    rpc:            files usrfiles
    ethers:         files
    netmasks:       files
    netgroup:       files nis
    publickey:      files
    
    bootparams:     files
    automount:      files nis
    aliases:        files
    Code:
    cat /etc/resolv.conf 
    ### /etc/resolv.conf is a symlink to /var/run/netconfig/resolv.conf
    ### autogenerated by netconfig!
    #
    # Before you change this file manually, consider to define the
    # static DNS configuration using the following variables in the
    # /etc/sysconfig/network/config file:
    #     NETCONFIG_DNS_STATIC_SEARCHLIST
    #     NETCONFIG_DNS_STATIC_SERVERS
    #     NETCONFIG_DNS_FORWARDER
    # or disable DNS configuration updates via netconfig by setting:
    #     NETCONFIG_DNS_POLICY=''
    #
    # See also the netconfig(8) manual page and other documentation.
    #
    ### Call "netconfig update -f" to force adjusting of /etc/resolv.conf.
    search XXXXXXXX.home.arpa
    nameserver 10.0.0.1
    The nameserver (10.0.0.1) is on the other end of the Wireguard site-to-site.

    And this is what I see when I open FF:

    Code:
    No.    Time    Source    Destination    Protocol    Length    Info
    2    2020-12-01 15:04:40.063437    192.168.188.156    10.0.0.1    DNS    81    Standard query 0x9e5a A Dell6.XXXXXXX.home.arpa
    3    2020-12-01 15:04:40.083632    10.0.0.1    192.168.188.156    DNS    158    Standard query response 0x9e5a No such name A Dell6.XXXXXXX.home.arpa SOA prisoner.iana.org
    4    2020-12-01 15:04:40.084300    192.168.188.156    10.0.0.1    DNS    65    Standard query 0xbed4 A Dell6
    5    2020-12-01 15:04:40.100444    10.0.0.1    192.168.188.156    DNS    140    Standard query response 0xbed4 No such name A Dell6 SOA a.root-servers.net
    6    2020-12-01 15:04:40.125926    192.168.188.156    10.0.0.1    DNS    81    Standard query 0x955c A Dell6.XXXXXXX.home.arpa
    7    2020-12-01 15:04:40.148068    10.0.0.1    192.168.188.156    DNS    158    Standard query response 0x955c No such name A Dell6.XXXXXXX.home.arpa SOA prisoner.iana.org
    8    2020-12-01 15:04:40.148515    192.168.188.156    10.0.0.1    DNS    65    Standard query 0xe958 A Dell6
    9    2020-12-01 15:04:40.168537    10.0.0.1    192.168.188.156    DNS    140    Standard query response 0xe958 No such name A Dell6 SOA a.root-servers.net
    ...
    Kind regards

    raspu

  8. #8
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    13,126
    Blog Entries
    2

    Default Re: Why tries 1 TW machine to resolve its hostname via DNS?

    Quote Originally Posted by arvidjaar View Post
    There is only one hostname.

    Oh, so "A" query is reverse lookup. What a revelation.
    Only one hostname mapped to a machine?
    One of a zillion responses to a Google search
    https://support.dnsimple.com/article...y%20RFC%201035.

    And, it's pretty common.
    So, a useful example might be if you run both a mail server and a website on the same machine.
    Because people are used to associating the "www" hostname with a website and "mail" with a mailserver, it would make sense to create two A records (hostnames) pointing to the same IP address if both your web service and mail service are bound to the same IP address. You don't have to do this, but it helps Admins use a hostname that follows convention... After all it would be strange to configure your mail client to connect to your mail server at www.yourdomain.com or connect to a website at mail.yourdomain.com.

    And,
    A reverse lookup record is not an A record, it's a PTR record.

    TSU
    Beginner Wiki Quickstart - https://en.opensuse.org/User:Tsu2/Quickstart_Wiki
    Solved a problem recently? Create a wiki page for future personal reference!
    Learn something new?
    Attended a computing event?
    Post and Share!

  9. #9
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    13,126
    Blog Entries
    2

    Default Re: Why tries 1 TW machine to resolve its hostname via DNS?

    Quote Originally Posted by suse_rasputin View Post
    Hi again, sorry for the delay!

    Yepp, it's the usual suspect, Firefox (83.0). Output from the TW machine starting the FF:

    Code:
    cat /etc/nsswitch.conf
    #
    # /etc/nsswitch.conf
    #
    # An example Name Service Switch config file. This file should be
    # sorted with the most-used services at the beginning.
    #
    # The entry '[NOTFOUND=return]' means that the search for an
    # entry should stop if the search in the previous entry turned
    # up nothing. Note that if the search failed due to some other reason
    # (like no NIS server responding) then the search continues with the
    # next entry.
    #
    # Legal entries are:
    #
    #       compat                  Use compatibility setup
    #       nisplus                 Use NIS+ (NIS version 3)
    #       nis                     Use NIS (NIS version 2), also called YP
    #       dns                     Use DNS (Domain Name Service)
    #       files                   Use the local files
    #       [NOTFOUND=return]       Stop searching if not found so far
    #
    # For more information, please read the nsswitch.conf.5 manual page.
    #
    
    passwd: compat
    group:  compat
    shadow: compat
    
    hosts:          files mdns_minimal [NOTFOUND=return] dns
    networks:       files dns
    
    services:       files usrfiles
    protocols:      files usrfiles
    rpc:            files usrfiles
    ethers:         files
    netmasks:       files
    netgroup:       files nis
    publickey:      files
    
    bootparams:     files
    automount:      files nis
    aliases:        files
    Code:
    cat /etc/resolv.conf 
    ### /etc/resolv.conf is a symlink to /var/run/netconfig/resolv.conf
    ### autogenerated by netconfig!
    #
    # Before you change this file manually, consider to define the
    # static DNS configuration using the following variables in the
    # /etc/sysconfig/network/config file:
    #     NETCONFIG_DNS_STATIC_SEARCHLIST
    #     NETCONFIG_DNS_STATIC_SERVERS
    #     NETCONFIG_DNS_FORWARDER
    # or disable DNS configuration updates via netconfig by setting:
    #     NETCONFIG_DNS_POLICY=''
    #
    # See also the netconfig(8) manual page and other documentation.
    #
    ### Call "netconfig update -f" to force adjusting of /etc/resolv.conf.
    search XXXXXXXX.home.arpa
    nameserver 10.0.0.1
    The nameserver (10.0.0.1) is on the other end of the Wireguard site-to-site.

    And this is what I see when I open FF:

    Code:
    No.    Time    Source    Destination    Protocol    Length    Info
    2    2020-12-01 15:04:40.063437    192.168.188.156    10.0.0.1    DNS    81    Standard query 0x9e5a A Dell6.XXXXXXX.home.arpa
    3    2020-12-01 15:04:40.083632    10.0.0.1    192.168.188.156    DNS    158    Standard query response 0x9e5a No such name A Dell6.XXXXXXX.home.arpa SOA prisoner.iana.org
    4    2020-12-01 15:04:40.084300    192.168.188.156    10.0.0.1    DNS    65    Standard query 0xbed4 A Dell6
    5    2020-12-01 15:04:40.100444    10.0.0.1    192.168.188.156    DNS    140    Standard query response 0xbed4 No such name A Dell6 SOA a.root-servers.net
    6    2020-12-01 15:04:40.125926    192.168.188.156    10.0.0.1    DNS    81    Standard query 0x955c A Dell6.XXXXXXX.home.arpa
    7    2020-12-01 15:04:40.148068    10.0.0.1    192.168.188.156    DNS    158    Standard query response 0x955c No such name A Dell6.XXXXXXX.home.arpa SOA prisoner.iana.org
    8    2020-12-01 15:04:40.148515    192.168.188.156    10.0.0.1    DNS    65    Standard query 0xe958 A Dell6
    9    2020-12-01 15:04:40.168537    10.0.0.1    192.168.188.156    DNS    140    Standard query response 0xe958 No such name A Dell6 SOA a.root-servers.net
    ...
    I wouldn't be worried about your error unless something isn't working.

    All your output means is that
    - Your VPN DHCP is not configured to set a hostname given to you by DHCP
    - Your machine's hostname as configured by you is of course unknown to the VPN network.
    - You apparently configured your machine with a name home.XXXXXX.Dell6 which of course does not likely match anything set up by the VPN administrator.

    There might be situations where the client machine's hostname would be important... eg If you're authenticating to a business network security (like LDAP or AD) to access company resources. Then, you'll likely need to either configure your machine's hostname as part of your company's security domain or allow your machine to have its hostname changed by DHCP. If you're running Workgroup security, it's probably convenient to allow your machine to identify itself with a hostname that's part of the Workgroup, but not critically necessary (You can pass credentials including the Workgroup for instance when accessing a network share).

    But, if you're simply using the VPN to access the Internet without revealing your location and not access any company assets in the VPN, this is not something that's important.

    TSU
    Beginner Wiki Quickstart - https://en.opensuse.org/User:Tsu2/Quickstart_Wiki
    Solved a problem recently? Create a wiki page for future personal reference!
    Learn something new?
    Attended a computing event?
    Post and Share!

  10. #10

    Default Re: Why tries 1 TW machine to resolve its hostname via DNS?

    Quote Originally Posted by tsu2 View Post
    - Your machine's hostname as configured by you is of course unknown to the VPN network.
    ...
    I'm the VPN (Wireguard) administrator.

    I don't want my local domain name and host name to be blown out the WAN interface. How to stop this Firefox nonsense (short of stopping using it, except if there are better non-Google options)?

    It's unbound on the remote router doing the DNS, anything I can do to stop shouting out local domains via the WAN (yes, i will start looking at the router's forums)...
    Kind regards

    raspu

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •