cancel
Showing results for 
Search instead for 
Did you mean: 

DNS vs. DHCP

Jump to solution

Hi,

I'm evaluating cluster configuration. The second node has its external interface located in a test network with a dialup router acting as DHCP server.

My DNS configuration:

Enable conditional forwarding

Default resolvers: 8.8.8.8,8.8.4.4

Conditional Forwarder list:

1.) internal.domain: 10.1.2.3,10.4.5.6

2.) 10.in-addr.arpa: 10.1.2.3,10.4.5.6

Authentication is done with LDAP against ldap://ad1.internal.domain

Normally this works great (in environments with static IP adresses). Now the external interface with DHCP enters the game. I found authentication to be not working. Using tcpdump I found that MWG ist trying to resolve ad1.internal.domain against 8.8.8.8, which fails for obvious reasons.

I think I found the reason for this.

A standard /etc/resolv.conf looks like this:

------------------------------------------

### BEGIN AUTOGENERATED CONFIG

nameserver      127.0.0.1

### END AUTOGENERATED CONFIG

------------------------------------------

Conditional forwarding then is configured in /var/named/chroot/etc/named.conf.mwg.

------------------------------------------

view "default" IN {

        max-cache-ttl 604800;

        max-ncache-ttl 10800;

        zone  "." IN  {

                type forward;

                forwarders {8.8.8.8;8.8.4.4;};

                forward only;

        };

zone  "internal.domain" IN  {

        type forward;

        forwarders {10.1.2.3;10.4.5.6;};

        forward only;

};

zone  "10.in-addr.arpa" IN  {

        type forward;

        forwarders {10.1.2.3;10.4.5.6;};

        forward only;

};

};

------------------------------------------


In a DHCP environment /etc/resolv.conf changes to this:

-------------------------------------------

### BEGIN AUTOGENERATED CONFIG

nameserver 8.8.8.8

nameserver 8.8.4.4

nameserver <IP address of my dialup router>

### END AUTOGENERATED CONFIG

-------------------------------------------

Workaround obviously is to configure a static address. Not instantly, but a reboot did the trick.

This workaround might be impossible for others. May I consider this a bug? If yes: do you expect me to open a case?

Kind regards,

Robert

1 Solution

Accepted Solutions
McAfee Employee jscholte
McAfee Employee
Report Inappropriate Content
Message 3 of 4

Re: DNS vs. DHCP

Jump to solution

We both missed the disclaimer at the top saying:

2013-12-30_141143.jpg

You can still open the case and I can file a FMR for you.

Best,

Jon

View solution in original post

3 Replies
McAfee Employee jscholte
McAfee Employee
Report Inappropriate Content
Message 2 of 4

Re: DNS vs. DHCP

Jump to solution

Hi Robert,

I can reproduce this, open a case and I'll get something filed for you (customer reported case -- instead of internally filed case).

There arent many customers who use DHCP (in my experience). Based on your observations the Web Gateway just ignores conditional DNS when DHCP is used.

Best.

Jon

McAfee Employee jscholte
McAfee Employee
Report Inappropriate Content
Message 3 of 4

Re: DNS vs. DHCP

Jump to solution

We both missed the disclaimer at the top saying:

2013-12-30_141143.jpg

You can still open the case and I can file a FMR for you.

Best,

Jon

View solution in original post

Re: DNS vs. DHCP

Jump to solution

Hi Jon,

thank you: 4-4641006573

Regards,

Robert

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community