Web lists-archives.com

9.2 DNS Confusion




Hi Folks,

Long time Debian user and up until now I've not had to reach out for help as I've always found the answer after a short Google.

I've recently made the move from 8.x to 9.2 for my production boxes and I'm having the mother of all DNS issues. My network is simple:

My network
2 x Juniper SSG-140 (Active/Passive) HA 1xTrust 1xDMZ 1xUntrust interfaces IPv4 only IPv6 is not enabled.
2 x Netgear GSM724 Switches

The Junipers do DNS proxying for the Trust and DMZ networks. Junipers are in NAT/Route mode.

Sitting onthe Trust network (172.16.11.0/24) are Debian 8.8 / 9.2 and Windoze 10 devices.
Sitting in the DMZ network (192.168.102.0/24) are Debian 9.2 and Centos 7 devices

My problem is this, after a vanilla 9.2 AMD 64 install DNS resolution 99 times out of 100 fails unless I force IPv4 for example:

xxxx@backup:~$ su
Password:
root@backup:/home/xxxx# cat /etc/resolv.conf
domain abc.com
search abc.com.
nameserver 172.16.11.1
root@backup:/home/xxxx# ip ad
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether ca:57:82:c2:51:ad brd ff:ff:ff:ff:ff:ff
    inet 172.16.11.22/24 brd 172.16.11.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::c857:82ff:fec2:51ad/64 scope link
       valid_lft forever preferred_lft forever
root@backup:/home/xxxx# ping www.apple.com
ping: www.apple.com: Temporary failure in name resolution
root@backup:/home/xxxx# ping -4 www.apple.com
PING e6858.dsce9.akamaiedge.net (2.18.170.28) 56(84) bytes of data.
64 bytes from 2.18.170.28: icmp_seq=1 ttl=50 time=19.3 ms
64 bytes from 2.18.170.28: icmp_seq=2 ttl=50 time=19.7 ms
^C
--- e6858.dsce9.akamaiedge.net ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 19.311/19.508/19.705/0.197 ms
root@backup:/home/xxxx#

The above box is in the Trust network however the same result occurs if I use a host in the DMZ.

If I however use a Centos 7 box everything works as expected e.g.

[root@loadbalancer ~]# cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 192.168.102.1
[root@loadbalancer ~]# ip ad
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
    link/ether 22:e7:41:55:a6:9c brd ff:ff:ff:ff:ff:ff
    inet 192.168.102.10/24 brd 192.168.102.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::20e7:41ff:fe55:a69c/64 scope link
       valid_lft forever preferred_lft forever
[root@loadbalancer ~]# ping www.apple.com
PING e6858.dsce9.akamaiedge.net (2.20.214.243) 56(84) bytes of data.
64 bytes from 2.20.214.243 (2.20.214.243): icmp_seq=1 ttl=55 time=28.4 ms
64 bytes from 2.20.214.243 (2.20.214.243): icmp_seq=2 ttl=55 time=28.4 ms
^C
--- e6858.dsce9.akamaiedge.net ping statistics ---
3 packets transmitted, 2 received, 33% packet loss, time 2002ms
rtt min/avg/max/mdev = 28.453/28.456/28.459/0.003 ms
[root@loadbalancer ~]

Also Windoze 10 boxes running on the Trust network and Debian 8 boxes on both have no issues its purely the 9.2 boxes.

Any help would be much appreciated.

Simon