cancel
Showing results for 
Search instead for 
Did you mean: 
bornheim
Level 7

DNS vs. DHCP

Jump to solution

Hi,

I'm evaluating cluster configuration. The second node has its external interface located in a test network with a dialup router acting as DHCP server.

My DNS configuration:

Enable conditional forwarding

Default resolvers: 8.8.8.8,8.8.4.4

Conditional Forwarder list:

1.) internal.domain: 10.1.2.3,10.4.5.6

2.) 10.in-addr.arpa: 10.1.2.3,10.4.5.6

Authentication is done with LDAP against ldap://ad1.internal.domain

Normally this works great (in environments with static IP adresses). Now the external interface with DHCP enters the game. I found authentication to be not working. Using tcpdump I found that MWG ist trying to resolve ad1.internal.domain against 8.8.8.8, which fails for obvious reasons.

I think I found the reason for this.

A standard /etc/resolv.conf looks like this:

------------------------------------------

### BEGIN AUTOGENERATED CONFIG

nameserver      127.0.0.1

### END AUTOGENERATED CONFIG

------------------------------------------

Conditional forwarding then is configured in /var/named/chroot/etc/named.conf.mwg.

------------------------------------------

view "default" IN {

        max-cache-ttl 604800;

        max-ncache-ttl 10800;

        zone  "." IN  {

                type forward;

                forwarders {8.8.8.8;8.8.4.4;};

                forward only;

        };

zone  "internal.domain" IN  {

        type forward;

        forwarders {10.1.2.3;10.4.5.6;};

        forward only;

};

zone  "10.in-addr.arpa" IN  {

        type forward;

        forwarders {10.1.2.3;10.4.5.6;};

        forward only;

};

};

------------------------------------------


In a DHCP environment /etc/resolv.conf changes to this:

-------------------------------------------

### BEGIN AUTOGENERATED CONFIG

nameserver 8.8.8.8

nameserver 8.8.4.4

nameserver <IP address of my dialup router>

### END AUTOGENERATED CONFIG

-------------------------------------------

Workaround obviously is to configure a static address. Not instantly, but a reboot did the trick.

This workaround might be impossible for others. May I consider this a bug? If yes: do you expect me to open a case?

Kind regards,

Robert

0 Kudos
1 Solution

Accepted Solutions
McAfee Employee

Re: DNS vs. DHCP

Jump to solution

We both missed the disclaimer at the top saying:

2013-12-30_141143.jpg

You can still open the case and I can file a FMR for you.

Best,

Jon

0 Kudos
3 Replies
McAfee Employee

Re: DNS vs. DHCP

Jump to solution

Hi Robert,

I can reproduce this, open a case and I'll get something filed for you (customer reported case -- instead of internally filed case).

There arent many customers who use DHCP (in my experience). Based on your observations the Web Gateway just ignores conditional DNS when DHCP is used.

Best.

Jon

0 Kudos
McAfee Employee

Re: DNS vs. DHCP

Jump to solution

We both missed the disclaimer at the top saying:

2013-12-30_141143.jpg

You can still open the case and I can file a FMR for you.

Best,

Jon

0 Kudos
bornheim
Level 7

Re: DNS vs. DHCP

Jump to solution

Hi Jon,

thank you: 4-4641006573

Regards,

Robert

0 Kudos