[Freedombox-discuss] Name server queries through the freedom box not working.
A. F. Cano
afc at shibaya.lonestar.org
Wed May 18 00:45:39 UTC 2016
Earlier (On Sat, May 14, 2016 at 01:38:18PM -0400) I wrote:
> On the freedombox:
> $ sudo netstat -anp | egrep :53
> udp 0 0 0.0.0.0:5353 0.0.0.0:* 354/avahi-daemon: r
> udp6 0 0 :::5353 :::* 354/avahi-daemon: r
> So it looks like the freedombox is not listening to port 53. What do I need
> to do to the internal machines so that dns queries are forwarded to the
> freedombox and are propagated from there to the intenet?
Upon further research. I find in the manual
(https://wiki.debian.org/FreedomBox/Manual) that the dns ports should be
enabled. The file /usr/lib/freedombox/first-run.d/90_firewall contains this:
firewall-cmd --zone=internal --permanent --add-service=dns
So to make sure that this was actually executed I did it again from
the shell. I got a warning that dns was already running, so why doesn't
netstat show port 53? Might this have something to do with the fact
that when I first booted the apu1d4 it was not in the final
configuration? (at the time it was only connected to a standalone
computer via one internal interface and there was nothing on the other
2) Is this what first-run means? But then, dns is apparently running
already. Where else can I look? Might this be related to dhcp and since
I don't run dhcp on the internal network, dns is not quite set up
properly? All interfaces have been assigned static IP numbers.
I've even gone back to the interface configuration screen and added the
address of the router at the external interface as the "DNS server" but
netstat returns the same 2 lines shown above. Interestingly, this does
not add a default route, which is probably as it should be, as when ppp
is started, it adds a default route, but will not do so if one exists
already. In any case, whether the external (whichever one it is) is up
or down should make the dns queries fail at that level, but I suspect
that as far as the internal interfaces go, port 53 should be listening.
That way, when a proper route is set up (say by ppp) with proper dns
servers set up, the packets would go where they're supposed to.
This brings a bigger issue: has it been considered how to set
up the external interfaces if there can be more than one? If say, the
primary external interface (in my case the Ubiquiti router) is not
available (as it is not right now) and I wish to use the ppp
connection as a backup, how is/should the routing be handled? Should
external interfaces be deactivated manually so that only one is
available at any time? Should smart routing be implemented based on
available bandwidth if more than one external interface is up? Bonding
for more bandwidth? Yes, I know that these questions are refinements for
further down the road and that I'm spoiled with hardware that has 3
ethernet interfaces and 2 usb ones.
What I would really like to know how to do now is to have the dns packets
from the internal network go through. I suspect that something is not
quite configured right since netstat doesn't show port 53 as listening.
> I've tried to keep is simple on the internal network by not using dhcp (I use
> the /etc/hosts file) and pointing the resolver to the NAT router, now the
> freedombox. The internal machines run Debian wheezy and jessie.
Can anyone help? Any hints as to what else to try?
More information about the Freedombox-discuss