SUSE 12.3 as a F/W with DHCP and DNS -- DNS "config" error?

I am in the process of building a SUSE Linux based F/W machine.

I have the F/W configured. I have the DHCP server configured, having manually migrated all the reserved slots from my current F/W appliance.

The problem I am having is with the DSN Server configuration. :frowning:

The host machine name is CFW. My network name is ABC. So I have attempted to configure a LAN side DNS master entry of ABC.ABC.

The DNS accepted this and is running. :slight_smile:

Now I go back to the DHCP server and tell it to sync with the DNS so that I can use DNS to resolve host names locally, and the DHCP wizzard configurator fails, saying that ABC is not defined. :open_mouth:

I have been looking all over on how to do this, I have the SuSEfirewall2 doc (and that part is fine), I have the DHCP doc, and it seems to be good. I have been through the DNS Server Howto doc, etc. I’ve been googling, and searching these threads.

I don’t know what I’m doing wrong.

Could someone give me a pointer as to how this is done? I know just enough about networking to be brutally dangerous, and I’m trying to remedy this [my paying job is on z/Frames where I have written network based applications.]

The actual message is in a box with a red/white X, the word Error and then the next line is the phrase: “DNS zone VSSNET does not exist” This is then followed with a green radio button “OK”.

[Unfortunately I can’t do a screen capture and paste this – seems the login for this forum will not resolve on that machine.]

So using “ABC” as an abstract… Well the actual is vssnet.

I have, I thought, defined VSSNET. to the DNS server. I have had vssnet.vssnet defined. And the DHCP server still fails to sync to the DNS saying that VSSNET is not defined.

Anyone have any idea why this is failing? Apparently, this now causes me to not be able to do DNS resolution for loading patches.

On 2014-01-01 05:16, wylbur wrote:

> Anyone have any idea why this is failing? Apparently, this now causes me
> to not be able to do DNS resolution for loading patches.

DNS should be working even if dhcp does not. That part should only affect resolving local names of
the machines assigned via dhcp.

An alternative DNS server is dnsmasq, it is far easier to configure. Dunno if as powerful. It can
also be synced to dhcp, there is talk of this in the documentation. It is installed by default on

Cheers / Saludos,

Carlos E. R.
(from 13.1 x86_64 “Bottle” (Elessar))

From your description,
Part of the confusion may be what hostnames and network name you are using. If any machine’s hostname to be the same as the network name would be confusing if that is what is happening(if “vssnet” might refer to both a hostname and a network name, you’d have no idea what the error really is referring to).

Once you’ve created your machines with different hostnames, you can then start basic name resolution testing… From the DNS machine itself, ping both by IP address, Hostname only and Fully Qualified Domain Name (combination hostname and network name).

Then run the same tests from another machine trying to resolve your target machine.

Based on your results, you should be able to narrow down your problem.


Sorry for taking so long to get back to this. I sometimes have to travel and well…

“vssnet.” is the network name the way the DNS handles it (strange that it would do that – add a period to the end). So it then wanted a (forgot the correct name for this:) domain defined (e.g., “.com” or “.net” etc.). So I tried to define that as “vssnet” so that you would get vssnet.vssnet.

NO device/machine on my network has the name of vssnet. They have the “workgroup” name of vssnet or VSSNET (depending on Windows or Linux, or Roku, etc. etc.).

So I really don’t understand why the DHCP server is not happy with the DNS when asked to sync to it.

A W7 laptop that is connected by wire gives the correct info when ">ipconfig /all " is issued – except, the reserved rules are being ignored, so it is getting the first available IP in the range, when it should get a different IP.

Default Gateway, DHCP Server, DNS Servers, Primary WINS Server, are all given as — as they should be.

So even though the DNS server is running, it will not resolve anything (on the intranet or Internet), the DHCP is not handing out the right info (given that it gave out a reserved IP to the wrong device).

Wylbur (one of the Wrong brothers)

Ok, after thrashing and bashing, I finally got the DHCP and DNS to sync. I’m not sure what I did that worked, but it had to do with my “domain” definition(s). At anyrate, the DHCP on sync stopped complaining and choking on it, and I got what looks like a correct sync into and with the DNS server.

Now I have forwarder addresses (DNS IPs from my ISP for their servers) for it to use for resolving addresses it doesn’t know.

I can’t get a #ping to resolve in a terminal on this SUSE box.

So, the problem I have is, I am not connecting to the outside world for DNS.

But it appears that internally (within the “LAN”) DNS does resolve so that ping does work.

I do have masquerading on with the F/W, I have selected, do not protect the f/w from the internal network (which means that all services are allowed). So DNS should be working.

Any one have a clue as to what I could have hosed up at this point?

Seems I was wrong again.

So I started over, fresh 12.3 install, reloaded all the stuff I need, deleted everything this firewall machine doesn’t need.

DHCP will configure. DNS will configure.

But you can’t make DHCP sync to DNS. And INT machines connected to this firewall/dhcp/dns machine get the wrong IP addresses assigned to them (DHCP is ignoring the reservation list). Did a PING with a laptop attached, and the ping fails. So the firewall config is not doing Masquerading even though that is selected. And the laptop is not getting DNS resolution either.

Looking at other threads I see similar issues at 13.1. Seems this got broken somewhere.