You are not logged in.

#1 2017-02-05 17:14:15

campo85
Member
Registered: 2012-09-05
Posts: 32

Client VPN and DNS for local network

Hi All,

I think this is a common problem, but I can't find a solution anywhere. Basically I have set up my htpc (called enterprise ) to use a third party VPN. The configuration it's quite easy and openvpn does its job. I have a NAS ( called synology-campo ) in my local network and the htpc mount some NFS partition of the NAS. I usually use the name of the NAS to mount the partition but when I use the VPN the DNS used is the one of the VPN and it is not able to resolve the name of the NAS:

campo@enterprise ~/Downloads % drill synology-campo
;; ->>HEADER<<- opcode: QUERY, rcode: NXDOMAIN, id: 57538
;; flags: qr rd ra ; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 
;; QUESTION SECTION:
;; synology-campo.      IN      A

;; ANSWER SECTION:

;; AUTHORITY SECTION:
.       43494   IN      SOA     a.root-servers.net. nstld.verisign-grs.com. 2017020500 1800 900 604800 86400

;; ADDITIONAL SECTION:

;; Query time: 46 msec
;; SERVER: 193.180.164.2
;; WHEN: Sun Feb  5 17:05:41 2017
;; MSG SIZE  rcvd: 107

But if I use the router of course :

campo@enterprise ~/Downloads % drill synology-campo @192.168.0.1
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 25959
;; flags: qr ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 
;; QUESTION SECTION:
;; synology-campo.      IN      A

;; ANSWER SECTION:
synology-campo. 1486314432      IN      A       192.168.0.35

;; AUTHORITY SECTION:

;; ADDITIONAL SECTION:

;; Query time: 58 msec
;; SERVER: 192.168.0.1
;; WHEN: Sun Feb  5 17:07:12 2017
;; MSG SIZE  rcvd: 48

Now I've found a workaround, which is basically to use the router (192.168.0.1) as router. This means that I'm using the ISP DNS. It's not a big deal for the purpose of my VPN, but I was wondering if there is something more efficient and more secure. My idea is to use the 192.168.0.1 just for a small number of name ( synology-campo ), is it possible to setup resolv.conf to do this ?

Offline

#2 2017-02-05 17:29:04

brebs
Member
Registered: 2007-04-03
Posts: 3,742

Re: Client VPN and DNS for local network

Can use Unbound - example.

Edit: And can hard-code name-to-IP lookups in /etc/hosts

Last edited by brebs (2017-02-05 17:30:33)

Offline

#3 2017-02-05 17:36:24

campo85
Member
Registered: 2012-09-05
Posts: 32

Re: Client VPN and DNS for local network

brebs wrote:

Edit: And can hard-code name-to-IP lookups in /etc/hosts

I thought this, but it's another workaround, I don't use the DNS at all in this way.

I'll give a try to Unbound, I don't even know what it is, but maybe it makes the trick.

Cheers.

Offline

#4 2017-02-28 22:49:29

campo85
Member
Registered: 2012-09-05
Posts: 32

Re: Client VPN and DNS for local network

Hi all,

I tried to configure unbound in order to redirect the DNS query for the host of the internal network ( 192.168.0.0 ) to the router ( 192.168.0.1 ), but it didn't work. The only thing it worked is this :

  1 server:
  2   use-syslog: yes
  3   username: "unbound"
  4   verbosity: 1
  5   directory: "/etc/unbound"
  6   trust-anchor-file: trusted-key.key
  7   interface: 127.0.0.1
  8   access-control: 127.0.0.0/8 allow
  9   private-address: 192.168.0.0/24
 10   local-zone: "synology-campo." transparent
 11   local-data:"synology-campo. IN A 192.168.0.35"
 12   forward-zone:
 13     name: "synology-campo."
 14     forward-addr: 192.168.0.1
 15     forward-first: no
 16 

But it worked only cause I've added local-data, which actually is something I'm trying to avoid. Just to clarify :
- synology-campo is the hostname I would like to be resolved
- 192.168.0.1 is the ip of the interal router
- 192.168.0.35 is the IP of synology-campo

Any suggestions ?

Cheers

Offline

#5 2017-02-28 23:27:10

brebs
Member
Registered: 2007-04-03
Posts: 3,742

Re: Client VPN and DNS for local network

Show better debugging info than just "it didn't work".

"man unbound.conf" will help, e.g.:

verbosity: <number>
              The verbosity number, level 0 means no verbosity,  only  errors.
              Level  1  gives  operational information. Level 2 gives detailed
              operational information. Level 3 gives query level  information,
              output  per  query.   Level 4 gives algorithm level information.
              Level 5 logs client identification for cache misses.  Default is
              level  1.  The verbosity can also be increased from the command‐
              line, see unbound(8).

Offline

#6 2017-03-04 02:28:17

campo85
Member
Registered: 2012-09-05
Posts: 32

Re: Client VPN and DNS for local network

brebs wrote:

Show better debugging info than just "it didn't work".

The configuration is this one:

server:
  use-syslog: yes
  username: "unbound"
  verbosity: 5
  directory: "/etc/unbound"
  trust-anchor-file: trusted-key.key
  interface: 127.0.0.1
  access-control: 127.0.0.0/8 allow
  private-address: 192.168.0.0/24
  local-zone: "synology-campo." transparent
  forward-zone:
    name: "synology-campo."
    forward-addr: 192.168.0.1
    forward-first: no

This is the command I run:

~ ⌚ 2:27:15
$ drill synology-campo 
;; ->>HEADER<<- opcode: QUERY, rcode: SERVFAIL, id: 25209
;; flags: qr rd ra ; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 
;; QUESTION SECTION:
;; synology-campo.      IN      A

;; ANSWER SECTION:

;; AUTHORITY SECTION:

;; ADDITIONAL SECTION:

;; Query time: 18 msec
;; SERVER: 127.0.0.1
;; WHEN: Sat Mar  4 02:27:25 2017
;; MSG SIZE  rcvd: 32

And this is the log of unbound:

-- Logs begin at Sat 2016-11-26 15:03:43 UTC, end at Sat 2017-03-04 02:13:17 UTC. --
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: answer from the cache failed
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: udp request from ip4 127.0.0.1 port 50873 (len 16)
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: mesh_run: start
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: validator[module 0] operate: extstate:module_state_initial event:module_event_new
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info: validator operate: query synology-campo. A IN
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: validator: pass to next module
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: mesh_run: validator module exit state is module_wait_module
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: iterator[module 1] operate: extstate:module_state_initial event:module_event_pass
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: process_request: new external request event
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: iter_handle processing q with state INIT REQUEST STATE
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info: resolving synology-campo. A IN
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: request has dependency depth of 0
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: forwarding request
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: iter_handle processing q with state QUERY TARGETS STATE
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info: processQueryTargets: synology-campo. A IN
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: processQueryTargets: targetqueries 0, currentqueries 0 sentcount 0
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info: DelegationPoint<synology-campo.>: 0 names (0 missing), 1 addrs (0 result, 1 avail) parentNS
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug:    ip4 192.168.0.1 port 53 (len 16)
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: attempt to get extra 3 targets
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: servselect ip4 192.168.0.1 port 53 (len 16)
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug:    rtt=16
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: selrtt 16
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info: sending query: synology-campo. A IN
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: sending to target: <synology-campo.> 192.168.0.1#53
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: dnssec status: not expected
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: EDNS lookup known=1 vs=0
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: serviced query UDP timeout=50 msec
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: inserted new pending reply id=01a8
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: opened UDP if=0 port=34393
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: comm point start listening 11
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: mesh_run: iterator module exit state is module_wait_reply
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info: mesh_run: end 1 recursion states (1 with reply, 0 detached), 1 waiting replies, 24 recursion replies sent, 0 replies dropped, 0 states jostled out
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info: average recursion processing time 0.217408 sec
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info: histogram of recursion processing times
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info: [25%]=0.0294912 median[50%]=0.0873813 [75%]=0.349525
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info: lower(secs) upper(secs) recursions
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info:    0.008192    0.016384 2
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info:    0.016384    0.032768 5
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info:    0.032768    0.065536 4
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info:    0.065536    0.131072 3
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info:    0.131072    0.262144 3
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info:    0.262144    0.524288 3
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info:    0.524288    1.000000 4
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info: 0RDd mod1 rep synology-campo. A IN
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: cache memory msg=94128 rrset=132911 infra=38287 val=74378
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: answer cb
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: Incoming reply id = 01a8
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: Incoming reply addr = ip4 192.168.0.1 port 53 (len 16)
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: lookup size is 1 entries
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: received udp reply.
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: udp message[59:0] 01A8800000010001000000010E73796E6F6C6F67792D63616D706F00000100010000291000000080000000C00C0001000158BA22BD0004C0A80023
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: outnet handle udp reply
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: measured roundtrip at 3 msec
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: svcd callbacks start
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: worker svcd callback for qstate 0x5595df653fd0
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: mesh_run: start
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: iterator[module 1] operate: extstate:module_wait_reply event:module_event_reply
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info: iterator operate: query synology-campo. A IN
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: process_response: new external response event
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: iter_handle processing q with state QUERY RESPONSE STATE
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: query response was timeout
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: iter_handle processing q with state QUERY TARGETS STATE
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info: processQueryTargets: synology-campo. A IN
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: processQueryTargets: targetqueries 0, currentqueries 0 sentcount 1
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info: DelegationPoint<synology-campo.>: 0 names (0 missing), 1 addrs (1 result, 0 avail) parentNS
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug:    ip4 192.168.0.1 port 53 (len 16)
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: attempt to get extra 3 targets
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: servselect ip4 192.168.0.1 port 53 (len 16)
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug:    rtt=16
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: selrtt 16
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info: sending query: synology-campo. A IN
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: sending to target: <synology-campo.> 192.168.0.1#53
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: dnssec status: not expected
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: EDNS lookup known=1 vs=0
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: serviced query UDP timeout=50 msec
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: inserted new pending reply id=1980
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: opened UDP if=0 port=20574
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: comm point start listening 12
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: mesh_run: iterator module exit state is module_wait_reply
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info: mesh_run: end 1 recursion states (1 with reply, 0 detached), 1 waiting replies, 24 recursion replies sent, 0 replies dropped, 0 states jostled out
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info: average recursion processing time 0.217408 sec
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info: histogram of recursion processing times
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info: [25%]=0.0294912 median[50%]=0.0873813 [75%]=0.349525
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info: lower(secs) upper(secs) recursions
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info:    0.008192    0.016384 2
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info:    0.016384    0.032768 5
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info:    0.032768    0.065536 4
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info:    0.065536    0.131072 3
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info:    0.131072    0.262144 3
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info:    0.262144    0.524288 3
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info:    0.524288    1.000000 4
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info: 0RDd mod1 rep synology-campo. A IN
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: cache memory msg=94128 rrset=132911 infra=38287 val=74378
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: svcd callbacks end
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: close of port 34393
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: close fd 11
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: answer cb
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: Incoming reply id = 1980
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: Incoming reply addr = ip4 192.168.0.1 port 53 (len 16)
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: lookup size is 1 entries
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: received udp reply.
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: udp message[59:0] 1980800000010001000000010E73796E6F6C6F67792D63616D706F00000100010000291000000080000000C00C0001000158BA22BD0004C0A80023
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: outnet handle udp reply
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: measured roundtrip at 5 msec
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: svcd callbacks start
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: worker svcd callback for qstate 0x5595df653fd0
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: mesh_run: start
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: iterator[module 1] operate: extstate:module_wait_reply event:module_event_reply
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info: iterator operate: query synology-campo. A IN
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: process_response: new external response event
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: iter_handle processing q with state QUERY RESPONSE STATE
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: query response was timeout
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: iter_handle processing q with state QUERY TARGETS STATE
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info: processQueryTargets: synology-campo. A IN
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: processQueryTargets: targetqueries 0, currentqueries 0 sentcount 2
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info: DelegationPoint<synology-campo.>: 0 names (0 missing), 1 addrs (1 result, 0 avail) parentNS
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug:    ip4 192.168.0.1 port 53 (len 16)
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: attempt to get extra 3 targets
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: servselect ip4 192.168.0.1 port 53 (len 16)
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug:    rtt=16
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: selrtt 16
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info: sending query: synology-campo. A IN
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: sending to target: <synology-campo.> 192.168.0.1#53
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: dnssec status: not expected
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: EDNS lookup known=1 vs=0
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: serviced query UDP timeout=50 msec
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: inserted new pending reply id=3c4f
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: opened UDP if=0 port=9072
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: comm point start listening 11
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: mesh_run: iterator module exit state is module_wait_reply
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info: mesh_run: end 1 recursion states (1 with reply, 0 detached), 1 waiting replies, 24 recursion replies sent, 0 replies dropped, 0 states jostled out
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info: average recursion processing time 0.217408 sec
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info: histogram of recursion processing times
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info: [25%]=0.0294912 median[50%]=0.0873813 [75%]=0.349525
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info: lower(secs) upper(secs) recursions
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info:    0.008192    0.016384 2
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info:    0.016384    0.032768 5
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info:    0.032768    0.065536 4
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info:    0.065536    0.131072 3
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info:    0.131072    0.262144 3
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info:    0.262144    0.524288 3
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info:    0.524288    1.000000 4
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info: 0RDd mod1 rep synology-campo. A IN
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: cache memory msg=94128 rrset=132911 infra=38287 val=74378
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: svcd callbacks end
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: close of port 20574
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: close fd 12
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: answer cb
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: Incoming reply id = 3c4f
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: Incoming reply addr = ip4 192.168.0.1 port 53 (len 16)
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: lookup size is 1 entries
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: received udp reply.
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: udp message[59:0] 3C4F800000010001000000010E73796E6F6C6F67792D63616D706F00000100010000291000000080000000C00C0001000158BA22BD0004C0A80023
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: outnet handle udp reply
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: measured roundtrip at 2 msec
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: svcd callbacks start
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: worker svcd callback for qstate 0x5595df653fd0
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: mesh_run: start
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: iterator[module 1] operate: extstate:module_wait_reply event:module_event_reply
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info: iterator operate: query synology-campo. A IN
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: process_response: new external response event
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: iter_handle processing q with state QUERY RESPONSE STATE
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: query response was timeout
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: iter_handle processing q with state QUERY TARGETS STATE
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info: processQueryTargets: synology-campo. A IN
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: processQueryTargets: targetqueries 0, currentqueries 0 sentcount 3
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info: DelegationPoint<synology-campo.>: 0 names (0 missing), 1 addrs (1 result, 0 avail) parentNS
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug:    ip4 192.168.0.1 port 53 (len 16)
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: servselect ip4 192.168.0.1 port 53 (len 16)
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug:    rtt=16
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: selrtt 16
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info: sending query: synology-campo. A IN
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: sending to target: <synology-campo.> 192.168.0.1#53
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: dnssec status: not expected
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: EDNS lookup known=1 vs=0
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: serviced query UDP timeout=50 msec
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: inserted new pending reply id=2aca
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: opened UDP if=0 port=17015
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: comm point start listening 12
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: mesh_run: iterator module exit state is module_wait_reply
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info: mesh_run: end 1 recursion states (1 with reply, 0 detached), 1 waiting replies, 24 recursion replies sent, 0 replies dropped, 0 states jostled out
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info: average recursion processing time 0.217408 sec
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info: histogram of recursion processing times
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info: [25%]=0.0294912 median[50%]=0.0873813 [75%]=0.349525
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info: lower(secs) upper(secs) recursions
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info:    0.008192    0.016384 2
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info:    0.016384    0.032768 5
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info:    0.032768    0.065536 4
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info:    0.065536    0.131072 3
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info:    0.131072    0.262144 3
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info:    0.262144    0.524288 3
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info:    0.524288    1.000000 4
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info: 0RDd mod1 rep synology-campo. A IN
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: cache memory msg=94128 rrset=132911 infra=38287 val=74378
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: svcd callbacks end
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: close of port 9072
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: close fd 11
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: answer cb
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: Incoming reply id = 2aca
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: Incoming reply addr = ip4 192.168.0.1 port 53 (len 16)
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: lookup size is 1 entries
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: received udp reply.
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: udp message[59:0] 2ACA800000010001000000010E73796E6F6C6F67792D63616D706F00000100010000291000000080000000C00C0001000158BA22BD0004C0A80023
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: outnet handle udp reply
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: measured roundtrip at 2 msec
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: svcd callbacks start
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: worker svcd callback for qstate 0x5595df653fd0
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: mesh_run: start
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: iterator[module 1] operate: extstate:module_wait_reply event:module_event_reply
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info: iterator operate: query synology-campo. A IN
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: process_response: new external response event
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: iter_handle processing q with state QUERY RESPONSE STATE
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: query response was timeout
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: iter_handle processing q with state QUERY TARGETS STATE
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info: processQueryTargets: synology-campo. A IN
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: processQueryTargets: targetqueries 0, currentqueries 0 sentcount 4
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info: DelegationPoint<synology-campo.>: 0 names (0 missing), 1 addrs (1 result, 0 avail) parentNS
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug:    ip4 192.168.0.1 port 53 (len 16)
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: servselect ip4 192.168.0.1 port 53 (len 16)
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug:    rtt=16
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: selrtt 16
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info: sending query: synology-campo. A IN
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: sending to target: <synology-campo.> 192.168.0.1#53
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: dnssec status: not expected
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: EDNS lookup known=1 vs=0
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: serviced query UDP timeout=50 msec
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: inserted new pending reply id=fe9e
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: opened UDP if=0 port=10997
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: comm point start listening 11
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: mesh_run: iterator module exit state is module_wait_reply
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info: mesh_run: end 1 recursion states (1 with reply, 0 detached), 1 waiting replies, 24 recursion replies sent, 0 replies dropped, 0 states jostled out
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info: average recursion processing time 0.217408 sec
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info: histogram of recursion processing times
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info: [25%]=0.0294912 median[50%]=0.0873813 [75%]=0.349525
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info: lower(secs) upper(secs) recursions
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info:    0.008192    0.016384 2
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info:    0.016384    0.032768 5
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info:    0.032768    0.065536 4
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info:    0.065536    0.131072 3
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info:    0.131072    0.262144 3
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info:    0.262144    0.524288 3
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info:    0.524288    1.000000 4
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info: 0RDd mod1 rep synology-campo. A IN
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: cache memory msg=94128 rrset=132911 infra=38287 val=74378
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: svcd callbacks end
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: close of port 17015
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: close fd 12
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: answer cb
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: Incoming reply id = fe9e
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: Incoming reply addr = ip4 192.168.0.1 port 53 (len 16)
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: lookup size is 1 entries
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: received udp reply.
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: udp message[59:0] FE9E800000010001000000010E73796E6F6C6F67792D63616D706F00000100010000291000000080000000C00C0001000158BA22BD0004C0A80023
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: outnet handle udp reply
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: measured roundtrip at 2 msec
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: svcd callbacks start
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: worker svcd callback for qstate 0x5595df653fd0
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: mesh_run: start
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: iterator[module 1] operate: extstate:module_wait_reply event:module_event_reply
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info: iterator operate: query synology-campo. A IN
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: process_response: new external response event
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: iter_handle processing q with state QUERY RESPONSE STATE
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: query response was timeout
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: iter_handle processing q with state QUERY TARGETS STATE
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info: processQueryTargets: synology-campo. A IN
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: processQueryTargets: targetqueries 0, currentqueries 0 sentcount 5
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info: DelegationPoint<synology-campo.>: 0 names (0 missing), 1 addrs (0 result, 0 avail) parentNS
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug:    ip4 192.168.0.1 port 53 (len 16)
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: No more query targets, attempting last resort
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: configured forward servers failed -- returning SERVFAIL
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: store error response in message cache
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: return error response SERVFAIL
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: mesh_run: iterator module exit state is module_finished
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: validator[module 0] operate: extstate:module_wait_module event:module_event_moddone
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info: validator operate: query synology-campo. A IN
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: validator: nextmodule returned
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: cannot validate non-answer, rcode SERVFAIL
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: mesh_run: validator module exit state is module_finished
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: query took 0.016741 sec
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info: mesh_run: end 0 recursion states (0 with reply, 0 detached), 0 waiting replies, 25 recursion replies sent, 0 replies dropped, 0 states jostled out
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info: average recursion processing time 0.209382 sec
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info: histogram of recursion processing times
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info: [25%]=0.0279893 median[50%]=0.0764587 [75%]=0.32768
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info: lower(secs) upper(secs) recursions
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info:    0.008192    0.016384 2
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info:    0.016384    0.032768 6
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info:    0.032768    0.065536 4
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info:    0.065536    0.131072 3
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info:    0.131072    0.262144 3
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info:    0.262144    0.524288 3
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] info:    0.524288    1.000000 4
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: cache memory msg=94128 rrset=132911 infra=38287 val=74378
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: svcd callbacks end
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: close of port 10997
Mar 04 02:13:17 NUC unbound[1547]: [1547:0] debug: close fd 11

P.s. I tried to sniff the traffic with tcpdump and this is what I get:

root@NUC:/home/campo
> tcpdump -i any host 192.168.0.1 -c 100 -n -vvv
tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes
02:35:24.999347 IP (tos 0x0, ttl 64, id 17592, offset 0, flags [none], proto UDP (17), length 71)
    192.168.0.28.20068 > 192.168.0.1.53: [udp sum ok] 8810+ [1au] A? synology-campo. ar: . OPT UDPsize=4096 DO (43)
02:35:25.002082 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 87)
    192.168.0.1.53 > 192.168.0.28.20068: [udp sum ok] 8810- q: A? synology-campo. 1/0/1 . OPT UDPsize=4096 DO ar: synology-campo. [47y10w4d2h35m25s] A 192.168.0.35 (59)
02:35:25.002876 IP (tos 0x0, ttl 64, id 17593, offset 0, flags [none], proto UDP (17), length 71)
    192.168.0.28.11712 > 192.168.0.1.53: [udp sum ok] 56193+% [1au] A? synology-campo. ar: . OPT UDPsize=4096 DO (43)
02:35:25.004859 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 87)
    192.168.0.1.53 > 192.168.0.28.11712: [udp sum ok] 56193- q: A? synology-campo. 1/0/1 . OPT UDPsize=4096 DO ar: synology-campo. [47y10w4d2h35m25s] A 192.168.0.35 (59)
02:35:25.005143 IP (tos 0x0, ttl 64, id 17594, offset 0, flags [none], proto UDP (17), length 71)
    192.168.0.28.63327 > 192.168.0.1.53: [udp sum ok] 45579+% [1au] A? synology-campo. ar: . OPT UDPsize=4096 DO (43)
02:35:25.007299 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 87)
    192.168.0.1.53 > 192.168.0.28.63327: [udp sum ok] 45579- q: A? synology-campo. 1/0/1 . OPT UDPsize=4096 DO ar: synology-campo. [47y10w4d2h35m25s] A 192.168.0.35 (59)
02:35:25.007529 IP (tos 0x0, ttl 64, id 17595, offset 0, flags [none], proto UDP (17), length 71)
    192.168.0.28.60313 > 192.168.0.1.53: [udp sum ok] 54040+% [1au] A? synology-campo. ar: . OPT UDPsize=4096 DO (43)
02:35:25.010647 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 87)
    192.168.0.1.53 > 192.168.0.28.60313: [udp sum ok] 54040- q: A? synology-campo. 1/0/1 . OPT UDPsize=4096 DO ar: synology-campo. [47y10w4d2h35m25s] A 192.168.0.35 (59)
02:35:25.010843 IP (tos 0x0, ttl 64, id 17596, offset 0, flags [none], proto UDP (17), length 71)
    192.168.0.28.25937 > 192.168.0.1.53: [udp sum ok] 42403+% [1au] A? synology-campo. ar: . OPT UDPsize=4096 DO (43)
02:35:25.012474 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 87)
    192.168.0.1.53 > 192.168.0.28.25937: [udp sum ok] 42403- q: A? synology-campo. 1/0/1 . OPT UDPsize=4096 DO ar: synology-campo. [47y10w4d2h35m25s] A 192.168.0.35 (59)

I'm not really into tcpdump, but it looks like unbound forward the query to the internal DNS server 192.168.0.1 and it replied correctly to the query, now I don't get it why I'm not able to resolve the address.

Cheers

Last edited by campo85 (2017-03-04 02:40:01)

Offline

#7 2017-03-04 08:28:59

brebs
Member
Registered: 2007-04-03
Posts: 3,742

Re: Client VPN and DNS for local network

You haven't looked at the example I gave.

Probably also want e.g.:

server:
    access-control: 192.168.0.0/16 allow

Offline

#8 2017-03-04 11:21:27

campo85
Member
Registered: 2012-09-05
Posts: 32

Re: Client VPN and DNS for local network

I've read the example but it's not really clear to me. I tried to create the configuration file according to what I've read in the documentation and on internet. I tried to add your suggestion to my configuration file, but same result. Can you please explain me what exactly does your example please ?

# Disable default rejection of 192.168/16 range
local-zone: "168.192.in-addr.arpa." nodefault

forward-zone:
    name: "blah.mycompany.com"
    forward-addr: 192.168.2.1

# Reverse DNS
forward-zone:
    name: "2.168.192.in-addr.arpa"
    forward-addr: 192.168.2.1

In my case I want to resolve synology-campo. My internal DNS is 192.168.0.1 . How can I modify this example to fit my needs ? I'm a little bit confused.

Cheers,
Stefano

Cheers

Offline

Board footer

Powered by FluxBB