Ubuntu 16 - DNS Conditional Forward

August 1, 2016

I’m working currently with Ansible/Stackstorm in my free spare time, to learn some new Devops Stuff(BUZZWWWWARRDDD - Jerk on it sales bitches).

After i fall balls deep into the NetworkManager Stuff on Ubuntu, so here is the story…

So i installed a new Ubuntu 16.04 onto my VMWare Workstation (Flame on me with that Ubuntu thingy)…

First i want to setup Kerberos for the Client so the pywinrm will work with Ansible, so simple as that install all the stuff, i will not repost all this because there is plenty of information on the net..

So what i need now, a Kerberos Ticket from a Domain, so the first Problem happens now… Kerberos need to resolve the DNS to find the kdc and so on..

Easy you think, so change Local DNS to DNS Server of the new Domain, buuuutttt…

I want this Ubuntu to be my Linux Dev Station, so DNS need to work with the current DNS Server in the Network, and not with the Domain Server in the Testing Environment, so the thing to do is now DNS Conditional Forward

First thing come in mind with my, yeah easy stuff…

install dnsmasq on the system point resolv.conf on 127.0.0.1 and make the conditional with it, then come the ubuntu home user stuff and fucks with you!!!!

Ubuntu use network-manager and use its own dnsmasq to do this…

Multiple ppl whining about it and they quirks on the web and use scripts like this gist

https://gist.github.com/magnetikonline/6236150#ubuntu-1604lts–1404lts

But i want diggin deeper then remove the stuff(nerds love to diiiigg..), someone has must have a clue why they do this, and need to make some stuff for the it guy right?

Debugging

ps ax | grep dns

/usr/sbin/dnsmasq --no-resolv --keep-in-foreground --no-hosts --bind-interfaces --pid-file=/var/run/NetworkManager/dnsmasq.pid --listen-address=127.0.1.1 --cache-size=0 --conf-file=/dev/null --proxy-dnssec --enable-dbus=org.freedesktop.NetworkManager.dnsmasq --conf-dir=/etc/NetworkManager/dnsmasq.d

What we have here the command line of the dnsmasq and it got a super duper happy path

--conf-dir=/etc/NetworkManager/dnsmasq.d

AWESOME!!! Easy as that add the conditional forward and restart the network-manager

echo “server=/contoso.local/192.168.1.50” > /etc/NetworkManager/dnsmasq.d/contoso.conf service network-manager restart So lets try out our nslookup and it looks fine but now it comes…

wait for it…

wait for ittt……

Maybe i get paid by CL RFsss :-)

WTF ping is not working!!

ping dc1.contoso.local looks like cannot resolv, whaaat the heck…

after some digging i found this strange service “AVAHI” again another… ubuntu home user stuff that fucks with you!!!!

http://superuser.com/questions/704785/ping-cant-resolve-hostname-but-nslookup-can

Yeah i know there are usecases for it, but reaaaaalllyyyy….. common as default??

Solution

so i change the default domain-name in /etc/avahi/avahi-daemon.conf to some like

#/etc/avahi/avahi-daemon.conf
[server]
domain-name=.alocal

Restart the avahi service and vollaa.. ping is working, and my kerberos also…

Summary

If it is the correct solution for that i dont know but it works… prbly removing the avahi service will also work, but learning again something new about ubuntu and its distribution specific layouts and settings, so worth the time.

Credits go to the ppl on the post on http://superuser.com/questions/704785/ping-cant-resolve-hostname-but-nslookup-can/706648#70664 and the guy Andrew Grangaard who blog a solution long time ago… http://www.lowlevelmanager.com/2011/09/fix-linux-dns-issues-with-local.html

Now i can tryout the wonderfull stuff about ansible….

And like always…

Improve, Automate, Rinse and Repeat!

comments powered by Disqus