Testing on FREENAS 11.2-BETA3
================================
What's my beginner's error? After creating & configuring a "DNS" jail using "dnsmasq" both forward & reverse lookups seem to be working ok within the jail. But lookups using the jail dns server on the FreeNAS host fail with a time out " no servers could be reached" error. The "DNS" jail is on IP 192.168.0.93 and is pingable from the FreeNAs host.
FreeNAS config:
Jail at 192.168.0.93 config:
My "DNS" jail was created with VNET, but should Berkeley Packet Filter also be used?
Additional jail properties checked: allow.raw_sockets
================================
What's my beginner's error? After creating & configuring a "DNS" jail using "dnsmasq" both forward & reverse lookups seem to be working ok within the jail. But lookups using the jail dns server on the FreeNAS host fail with a time out " no servers could be reached" error. The "DNS" jail is on IP 192.168.0.93 and is pingable from the FreeNAs host.
Code:
root@freenasVM[~]# nslookup dns.mynet.com 192.168.0.93 ;; connection timed out; no servers could be reached
FreeNAS config:
Code:
root@freenasVM[~]# cat /etc/resolv.conf # Generated by resolvconf search mynet.com nameserver 192.168.0.93 nameserver 192.168.0.254 nameserver 8.8.8.8
Jail at 192.168.0.93 config:
Code:
###################################################################### # dnsmasq Settings for dns Jail ###################################################################### # Turn off DHCP no-dhcp-interface=epair0b # Only listen on listen-address. # As configured below, only listen on the local network. listen-address=127.0.0.1 listen-address=192.168.0.93 # IP of dnsmasq Jail bind-interfaces # Never forward simple hostnames (names that do not contain a dot). domain-needed # Prevent non-routable private IP addresses from being forwarded. bogus-priv # My domain. Allows lookups using either simple hostnames or # FQHNs. For example, either 'laptop' or 'laptop.east.fm'. domain=mynet.com # Append the above domain to to simple hostnames (i.e., hostnames # without a period), thereby creating FQDNs. expand-hosts # Queries for my domain answered only by dnsmasq, /etc/hosts, or DHCP. local=/mynet.com/ # Use DNS servers in order shown strict-order # Upstream DNS servers server=8.8.8.8 # Google server=208.67.220.220 # OpenDNS server=8.8.4.4 # Google # Location of our hosts file addn-hosts=/usr/local/etc/hosts root@dns:~ # cat /etc/resolv.conf search local nameserver 192.168.0.93 root@dns:~ # cat /usr/local/etc/hosts 127.0.0.1 localhost # FreeNAS host 192.168.0.91 freenasVM.mynet.com freenasVM #Jails 192.168.0.92 kerberos-KDC.mynet.com kerberos-KDC 192.168.0.93 dns.mynet.com dns 192.168.0.94 test.mynet.com test root@dns:~ # nslookup freenasVM Server: 127.0.0.1 Address: 127.0.0.1#53 Name: freenasVM Address: 192.168.0.91 root@dns:~ # nslookup 192.168.0.91 91.0.168.192.in-addr.arpa name = freenasvm.mynet.com. root@dns:~ # nslookup FreeBSD.org Server: 127.0.0.1 Address: 127.0.0.1#53 Non-authoritative answer: Name: FreeBSD.org Address: 96.47.72.84 Name: FreeBSD.org Address: 2610:1c1:1:606c::50:15
My "DNS" jail was created with VNET, but should Berkeley Packet Filter also be used?
Additional jail properties checked: allow.raw_sockets
Last edited: