You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cloudstack.apache.org by Indra Pramana <in...@sg.or.id> on 2014/07/20 16:53:15 UTC
DNS service on VR not responding
Dear all,
All our guest VMs are having our virtual router (VR)'s IP address on
/etc/resolv.conf. In the past two weeks, I just realised that the DNS
service on the VR is not working, and doesn't respond to DNS queries from
the DNS clients on the guest VM.
I have tried to stop and start back the VR, but the problem persists.
DHCP services seems to be running fine, only DNS services are not working.
>From what I understand, both services are provided by dnsmasq, correct?
Any advice on how can I resolve the problem?
Looking forward to your reply, thank you.
Cheers.
Re: DNS service on VR not responding
Posted by Indra Pramana <in...@sg.or.id>.
Hi Rafael and Santhosh,
Good day to you, and thank you for your suggestions for me to run tcpdump
on the VR!
Problem is fixed -- after running tcpdump I noted some kind of denial of
service attack to the VR, lots of UDP DNS traffic from certain IP address.
I blocked the IP address and the VR's DNS service return back to normal.
Again, many thanks for your suggestions. Appreciate it.
Cheers.
On Tue, Jul 22, 2014 at 8:31 PM, Santhosh Edukulla <
santhosh.edukulla@citrix.com> wrote:
> 1. "tcpdump -vv - i eth0" to capture packets on interface eth0
> 2. "tcpdump -vv -s0 port 53" for full packet capture.
>
> but simple thing i believe we may be missing is to run simple traceroute
> command from guest vm for a domain and see till where packets are going.
>
> Santhosh
> ________________________________________
> From: Rafael Weingartner [rafaelweingartner@gmail.com]
> Sent: Tuesday, July 22, 2014 8:27 AM
> To: users@cloudstack.apache.org
> Subject: Re: DNS service on VR not responding
>
> I would run a tcpdump on the VR, in order to check if the packages from the
> VMs are arriving there.
> When you enabled the log queries debug option, did you find something on
> dnsmasq.log? was it saying that it was solving names form vm...?
>
>
> On Tue, Jul 22, 2014 at 6:21 AM, Indra Pramana <in...@sg.or.id> wrote:
>
> > Hi VIhar,
> >
> > route -n result is quite straightforward. Since it's a shared and not
> > isolated network, the guest VM is on the same subnet as the VR. There are
> > two subnets (X.X.X.0/24 and X.X.Y.0/24) within the shared network. The VR
> > has two IPs on the interface, X.X.X.2 and X.X.Y.2. My guest VM having
> > X.X.Y.* IP will try to communicate to the VR using X.X.Y.2.
> >
> > root@r-2606-VM:~# route -n
> > Kernel IP routing table
> > Destination Gateway Genmask Flags Metric Ref Use
> > Iface
> > 0.0.0.0 X.X.X.1 0.0.0.0 UG 0 0 0 eth0
> > X.X.X.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
> > X.X.Y.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
> > 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0
> > eth1
> >
> > With regards to tcpdump that you suggested, can I have more details on
> how
> > to do? Do I need to perform the tcpdump from the guest VM or the VR?
> >
> > Looking forward to your reply, thank you.
> >
> > Cheers.
> >
> >
> >
> >
> > On Tue, Jul 22, 2014 at 11:44 AM, Vihar <vi...@gmail.com> wrote:
> >
> > > Hi Indra
> > >
> > > Could you check the routing table from the guest VM ( route -n ) and I
> > > would also like you to take a tcpdump from VM to VR with port 53 to
> check
> > > if you are able to get the reply from the VM.
> > >
> > > Regards
> > > Vihar K
> > > On Jul 22, 2014 9:10 AM, "Indra Pramana" <in...@sg.or.id> wrote:
> > >
> > > > Hi Santhosh,
> > > >
> > > > Here it is:
> > > >
> > > > Supported ServicesDhcp, Dns, UserDataService CapabilitiesDhcp:
> > > > VirtualRouter, Dns: VirtualRouter, UserData: VirtualRouter
> > > > The zone has been running for quite some time, I created the zone
> > almost
> > > a
> > > > year ago and there was no issues only until recently. So I don't
> think
> > > the
> > > > issue is due to the zone or service/network offering's default
> > > > configuration, since I didn't make any changes to the zone
> > configuration.
> > > >
> > > > Any advice on what should I investigate next?
> > > >
> > > > Looking forward to your reply, thank you.
> > > >
> > > > Cheers.
> > > >
> > > >
> > > >
> > > > On Mon, Jul 21, 2014 at 11:53 PM, Santhosh Edukulla <
> > > > santhosh.edukulla@citrix.com> wrote:
> > > >
> > > > > While creating zone, you would have selected network offering, we
> can
> > > see
> > > > > the supported services for each network offering, available under
> > > Service
> > > > > Offerings->Select Network Offerings, some thing like below, so you
> > may
> > > > want
> > > > > to check the network offering you associated to your datacenter and
> > > > > corresponding capabilities , below are the supported services for
> one
> > > of
> > > > > the shared network offering.
> > > > >
> > > > > Supported Services Dns, Dhcp, UserData
> > > > > Service Capabilities Dns: VirtualRouter, Dhcp: VirtualRouter,
> > > > UserData:
> > > > > VirtualRouter
> > > > >
> > > > > Santhosh
> > > > > ________________________________________
> > > > > From: Indra Pramana [indra@sg.or.id]
> > > > > Sent: Monday, July 21, 2014 10:37 AM
> > > > > To: users@cloudstack.apache.org
> > > > > Subject: Re: DNS service on VR not responding
> > > > >
> > > > > Hi Santhosh, Vihar,
> > > > >
> > > > > The network which this VR is responsible is a shared, not isolated
> > > > network.
> > > > > It seems there's no network offering being tagged to a shared
> > network?
> > > > How
> > > > > do I know if the DNS service is being chosen or not?
> > > > >
> > > > > Looking forward to your reply, thank you.
> > > > >
> > > > > Cheers.
> > > > >
> > > > >
> > > > >
> > > > > On Mon, Jul 21, 2014 at 6:45 PM, Vihar <vi...@gmail.com> wrote:
> > > > >
> > > > > > Yes, not choosing DNS service from network offering may be one of
> > the
> > > > > > reason it is not resolving the DNS queries.
> > > > > >
> > > > > > Regards
> > > > > > Vihar K
> > > > > > On Jul 21, 2014 4:09 PM, "Santhosh Edukulla" <
> > > > > santhosh.edukulla@citrix.com
> > > > > > >
> > > > > > wrote:
> > > > > >
> > > > > > > Below are points so far,
> > > > > > >
> > > > > > > Have we selected the dns under network offering? As well, can
> you
> > > > check
> > > > > > > whether your dns queries are reaching VR by enabling VR in
> > > > resolv.conf
> > > > > (
> > > > > > > guest vm ) and running trace route for some example domain?
> > > > > > >
> > > > > > > Santhosh
> > > > > > > ________________________________________
> > > > > > > From: Indra Pramana [indra@sg.or.id]
> > > > > > > Sent: Monday, July 21, 2014 6:33 AM
> > > > > > > To: users@cloudstack.apache.org
> > > > > > > Subject: Re: DNS service on VR not responding
> > > > > > >
> > > > > > > Hi Vihar,
> > > > > > >
> > > > > > > Have tried:
> > > > > > >
> > > > > > > - Restarting dnsmasq service
> > > > > > > - Stopping and starting the VR from CloudStack GUI.
> > > > > > >
> > > > > > > Problem still persists. :(
> > > > > > >
> > > > > > > Any other hints or suggestions?
> > > > > > >
> > > > > > > Looking forward to to your reply, thank you.
> > > > > > >
> > > > > > > Cheers.
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > On Mon, Jul 21, 2014 at 6:19 PM, Vihar <vi...@gmail.com>
> > wrote:
> > > > > > >
> > > > > > > > Hi Indra,
> > > > > > > >
> > > > > > > > Are you referring to /etc/resolv.conf on the VR itself or on
> > the
> > > > > guest
> > > > > > > VM?
> > > > > > > > >> I was referring to the VR itself. I thought there was 3 IP
> > > > address
> > > > > > in
> > > > > > > VR
> > > > > > > > itself.
> > > > > > > >
> > > > > > > > Have you tried stopping and starting the VR if not can you
> > give a
> > > > > try.
> > > > > > > >
> > > > > > > > Regards
> > > > > > > > Vihar K
> > > > > > > > On Jul 21, 2014 3:26 PM, "Indra Pramana" <in...@sg.or.id>
> > wrote:
> > > > > > > >
> > > > > > > > > Hi Vihar,
> > > > > > > > >
> > > > > > > > > Are you referring to /etc/resolv.conf on the VR itself or
> on
> > > the
> > > > > > guest
> > > > > > > > VM?
> > > > > > > > >
> > > > > > > > > On the VR itself, there are only two entries on
> > > /etc/resolv.conf
> > > > > > > pointing
> > > > > > > > > to both Google public DNS servers.
> > > > > > > > >
> > > > > > > > > On the guest VM, there are 3 entries, one to the VR and two
> > to
> > > > the
> > > > > > > Google
> > > > > > > > > public DNS servers. If I commented out both Google DNS
> > servers
> > > > and
> > > > > > only
> > > > > > > > > leaving the VR IP there, I cannot resolve anything. If the
> VR
> > > IP
> > > > is
> > > > > > > > > commented out and leaving both Google DNS servers there,
> > then I
> > > > can
> > > > > > > > > resolve. So the issue is confirmed due to DNS service on
> the
> > > VR.
> > > > > > > > >
> > > > > > > > > But I am not too sure why it doesn't respond even though
> the
> > > > > dnsmasq
> > > > > > > > > service is running.
> > > > > > > > >
> > > > > > > > > Thank you.
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > On Mon, Jul 21, 2014 at 1:00 PM, Vihar <vi...@gmail.com>
> > > > wrote:
> > > > > > > > >
> > > > > > > > > > Hi ,
> > > > > > > > > >
> > > > > > > > > > I would like you to comment second and third IP address
> I.e
> > > > > 4.2.2.2
> > > > > > > and
> > > > > > > > > > 8.8.8.8 and uncomment the first IP which is allocated to
> > DNS
> > > > and
> > > > > > try
> > > > > > > to
> > > > > > > > > > resolve the internet. It might be resolving the queries
> > from
> > > > > > external
> > > > > > > > DNS
> > > > > > > > > > server.
> > > > > > > > > >
> > > > > > > > > > If you are not able to resolve the names from VR, check
> if
> > > the
> > > > > DNS
> > > > > > > > > service
> > > > > > > > > > is running properly for the IP which act as a DNS server.
> > > > > > > > > >
> > > > > > > > > > Regards
> > > > > > > > > > Vihar
> > > > > > > > > > On Jul 21, 2014 10:19 AM, "Indra Pramana" <
> indra@sg.or.id>
> > > > > wrote:
> > > > > > > > > >
> > > > > > > > > > > Hi Sanjeev,
> > > > > > > > > > >
> > > > > > > > > > > Good day to you, and thank you for your reply.
> > > > > > > > > > >
> > > > > > > > > > > Yes, I can resolve domains without any issues from
> within
> > > the
> > > > > VR
> > > > > > > > > itself.
> > > > > > > > > > >
> > > > > > > > > > > root@r-2606-VM:/etc# ping yahoo.com
> > > > > > > > > > > PING yahoo.com (98.139.183.24): 56 data bytes
> > > > > > > > > > > 64 bytes from 98.139.183.24: icmp_seq=0 ttl=47
> > > time=250.473
> > > > ms
> > > > > > > > > > > 64 bytes from 98.139.183.24: icmp_seq=1 ttl=47
> > > time=239.240
> > > > ms
> > > > > > > > > > > 64 bytes from 98.139.183.24: icmp_seq=2 ttl=45
> > > time=247.605
> > > > ms
> > > > > > > > > > > 64 bytes from 98.139.183.24: icmp_seq=3 ttl=45
> > > time=244.913
> > > > ms
> > > > > > > > > > > ^C--- yahoo.com ping statistics ---
> > > > > > > > > > > 4 packets transmitted, 4 packets received, 0% packet
> loss
> > > > > > > > > > > round-trip min/avg/max/stddev =
> > > 239.240/245.558/250.473/4.144
> > > > > ms
> > > > > > > > > > >
> > > > > > > > > > > root@r-2606-VM:/etc# ping google.com
> > > > > > > > > > > PING google.com (74.125.68.102): 56 data bytes
> > > > > > > > > > > 64 bytes from 74.125.68.102: icmp_seq=0 ttl=52
> > time=1.353
> > > ms
> > > > > > > > > > > 64 bytes from 74.125.68.102: icmp_seq=1 ttl=52
> > time=1.199
> > > ms
> > > > > > > > > > > 64 bytes from 74.125.68.102: icmp_seq=2 ttl=52
> > time=1.268
> > > ms
> > > > > > > > > > > 64 bytes from 74.125.68.102: icmp_seq=3 ttl=52
> > time=1.287
> > > ms
> > > > > > > > > > > ^C--- google.com ping statistics ---
> > > > > > > > > > > 4 packets transmitted, 4 packets received, 0% packet
> loss
> > > > > > > > > > > round-trip min/avg/max/stddev = 1.199/1.277/1.353/0.055
> > ms
> > > > > > > > > > >
> > > > > > > > > > > The VR uses 8.8.8.8 and 8.8.4.4 to resolve domains.
> > > > > > > > > > >
> > > > > > > > > > > root@r-2606-VM:/etc# cat /etc/resolv.conf
> > > > > > > > > > > nameserver 8.8.8.8
> > > > > > > > > > > nameserver 8.8.4.4
> > > > > > > > > > >
> > > > > > > > > > > I can ping both name servers without any issues.
> > > > > > > > > > >
> > > > > > > > > > > root@r-2606-VM:/etc# ping 8.8.8.8
> > > > > > > > > > > PING 8.8.8.8 (8.8.8.8): 56 data bytes
> > > > > > > > > > > 64 bytes from 8.8.8.8: icmp_seq=0 ttl=52 time=4.693 ms
> > > > > > > > > > > 64 bytes from 8.8.8.8: icmp_seq=1 ttl=52 time=2.390 ms
> > > > > > > > > > > 64 bytes from 8.8.8.8: icmp_seq=2 ttl=52 time=2.523 ms
> > > > > > > > > > > 64 bytes from 8.8.8.8: icmp_seq=3 ttl=52 time=2.458 ms
> > > > > > > > > > > ^C--- 8.8.8.8 ping statistics ---
> > > > > > > > > > > 4 packets transmitted, 4 packets received, 0% packet
> loss
> > > > > > > > > > > round-trip min/avg/max/stddev = 2.390/3.016/4.693/0.969
> > ms
> > > > > > > > > > >
> > > > > > > > > > > root@r-2606-VM:/etc# ping 8.8.4.4
> > > > > > > > > > > PING 8.8.4.4 (8.8.4.4): 56 data bytes
> > > > > > > > > > > 64 bytes from 8.8.4.4: icmp_seq=0 ttl=52 time=2.649 ms
> > > > > > > > > > > 64 bytes from 8.8.4.4: icmp_seq=1 ttl=52 time=2.458 ms
> > > > > > > > > > > 64 bytes from 8.8.4.4: icmp_seq=2 ttl=52 time=2.436 ms
> > > > > > > > > > > 64 bytes from 8.8.4.4: icmp_seq=3 ttl=52 time=2.393 ms
> > > > > > > > > > > ^C--- 8.8.4.4 ping statistics ---
> > > > > > > > > > > 4 packets transmitted, 4 packets received, 0% packet
> loss
> > > > > > > > > > > round-trip min/avg/max/stddev = 2.393/2.484/2.649/0.098
> > ms
> > > > > > > > > > >
> > > > > > > > > > > Looking forward to your reply, thank you.
> > > > > > > > > > >
> > > > > > > > > > > Cheers.
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > > On Mon, Jul 21, 2014 at 12:18 PM, Sanjeev Neelarapu <
> > > > > > > > > > > sanjeev.neelarapu@citrix.com> wrote:
> > > > > > > > > > >
> > > > > > > > > > > > Hi,
> > > > > > > > > > > >
> > > > > > > > > > > > Can you check if the VR is able to resolve the domain
> > > names
> > > > > by
> > > > > > > > > pinging
> > > > > > > > > > > > from VR ?
> > > > > > > > > > > >
> > > > > > > > > > > > -Sanjeev
> > > > > > > > > > > >
> > > > > > > > > > > > -----Original Message-----
> > > > > > > > > > > > From: Vihar [mailto:vih1310@gmail.com]
> > > > > > > > > > > > Sent: Monday, July 21, 2014 5:43 AM
> > > > > > > > > > > > To: users@cloudstack.apache.org
> > > > > > > > > > > > Cc: dev@cloudstack.apache.org
> > > > > > > > > > > > Subject: RE: DNS service on VR not responding
> > > > > > > > > > > >
> > > > > > > > > > > > Hi,
> > > > > > > > > > > >
> > > > > > > > > > > > Yes, if I remove or comment out the first nameserver
> > > entry
> > > > > for
> > > > > > > the
> > > > > > > > > VR's
> > > > > > > > > > > > IP, and only leaving 8.8.8.8 and 8.8.4.4, guest VMs
> > will
> > > be
> > > > > > > running
> > > > > > > > > > fine
> > > > > > > > > > > > and will be able to resolve domains properly."
> > > > > > > > > > > >
> > > > > > > > > > > > Are you able to ping the first DNS server IP address
> > that
> > > > you
> > > > > > > > > commented
> > > > > > > > > > > > out?
> > > > > > > > > > > >
> > > > > > > > > > > > Regards
> > > > > > > > > > > > Vihar K
> > > > > > > > > > > > On Jul 20, 2014 11:29 PM, "Santhosh Edukulla" <
> > > > > > > > > > > > santhosh.edukulla@citrix.com>
> > > > > > > > > > > > wrote:
> > > > > > > > > > > >
> > > > > > > > > > > > > Do a traceroute to an external domain say
> google.com
> > > > from
> > > > > > > guest
> > > > > > > > > vm,
> > > > > > > > > > as
> > > > > > > > > > > > > you mentioned below, both by commenting out vr ip
> and
> > > > not,
> > > > > in
> > > > > > > > > > > > > resolv.conf, you may see the difference.
> > > > > > > > > > > > >
> > > > > > > > > > > > > "Yes, if I remove or comment out the first
> nameserver
> > > > entry
> > > > > > for
> > > > > > > > the
> > > > > > > > > > > > > VR's IP, and only leaving 8.8.8.8 and 8.8.4.4,
> guest
> > > VMs
> > > > > will
> > > > > > > be
> > > > > > > > > > > > > running fine and will be able to resolve domains
> > > > properly."
> > > > > > > > > > > > >
> > > > > > > > > > > > >
> > > > > > > > > > > > > Santhosh
> > > > > > > > > > > > > ________________________________________
> > > > > > > > > > > > > From: Indra Pramana [indra@sg.or.id]
> > > > > > > > > > > > > Sent: Sunday, July 20, 2014 1:48 PM
> > > > > > > > > > > > > To: users@cloudstack.apache.org
> > > > > > > > > > > > > Cc: dev@cloudstack.apache.org
> > > > > > > > > > > > > Subject: Re: DNS service on VR not responding
> > > > > > > > > > > > >
> > > > > > > > > > > > > Hi Santhosh,
> > > > > > > > > > > > >
> > > > > > > > > > > > > Good day to you, and thank you for your email.
> > > > > > > > > > > > >
> > > > > > > > > > > > > Traceroute packets seems to be dropped, I think
> it's
> > by
> > > > > > > default.
> > > > > > > > > See
> > > > > > > > > > > > > result
> > > > > > > > > > > > > below:
> > > > > > > > > > > > >
> > > > > > > > > > > > > # traceroute X.X.X.2
> > > > > > > > > > > > > traceroute to X.X.X.2 (X.X.X.2), 30 hops max, 60
> byte
> > > > > packets
> > > > > > > > > > > > > 1 * * *
> > > > > > > > > > > > > 2 * * *
> > > > > > > > > > > > > 3 * * *
> > > > > > > > > > > > >
> > > > > > > > > > > > > However, I am able to ping, and there is a response
> > > when
> > > > I
> > > > > > > tried
> > > > > > > > to
> > > > > > > > > > > > > telnet to port 53.
> > > > > > > > > > > > >
> > > > > > > > > > > > > 64 bytes from X.X.X.2: icmp_req=4 ttl=64 time=2.00
> ms
> > > > > > > > > > > > > 64 bytes from X.X.X.2: icmp_req=5 ttl=64 time=0.291
> > ms
> > > > > > > > > > > > > 64 bytes from X.X.X.2: icmp_req=6 ttl=64 time=0.384
> > ms
> > > ^C
> > > > > > > > > > > > > --- X.X.X.2 ping statistics ---
> > > > > > > > > > > > > 6 packets transmitted, 6 received, 0% packet loss,
> > time
> > > > > > 4999ms
> > > > > > > > rtt
> > > > > > > > > > > > > min/avg/max/mdev = 0.270/0.603/2.006/0.628 ms
> > > > > > > > > > > > >
> > > > > > > > > > > > > # telnet X.X.X.2 53
> > > > > > > > > > > > > Trying X.X.X.2...
> > > > > > > > > > > > > Connected to X.X.X.2.
> > > > > > > > > > > > > Escape character is '^]'.
> > > > > > > > > > > > >
> > > > > > > > > > > > > netstat -a on the VR shows the service is listening
> > on
> > > > > domain
> > > > > > > > port
> > > > > > > > > > > (53).
> > > > > > > > > > > > >
> > > > > > > > > > > > > tcp 0 0 r-2606-VM:domain *:*
> > > > > > > > > > > > LISTEN
> > > > > > > > > > > > >
> > > > > > > > > > > > > tcp 0 0 X.X.X.2:domain *:*
> > > > > > > > > LISTEN
> > > > > > > > > > > > >
> > > > > > > > > > > > > udp 156992 0 r-2606-VM:domain *:*
> > > > > > > > > > > > >
> > > > > > > > > > > > > udp 164032 0 X.X.X.2:domain *:*
> > > > > > > > > > > > >
> > > > > > > > > > > > > Can you advise if there's anything else I need to
> > > check?
> > > > > > > > > > > > >
> > > > > > > > > > > > > Looking forward to your reply, thank you.
> > > > > > > > > > > > >
> > > > > > > > > > > > > Cheers.
> > > > > > > > > > > > >
> > > > > > > > > > > > >
> > > > > > > > > > > > >
> > > > > > > > > > > > >
> > > > > > > > > > > > > On Mon, Jul 21, 2014 at 1:17 AM, Santhosh Edukulla
> <
> > > > > > > > > > > > > santhosh.edukulla@citrix.com> wrote:
> > > > > > > > > > > > >
> > > > > > > > > > > > > > Run trace route from guest vms, the result will
> > yield
> > > > to
> > > > > > the
> > > > > > > > > point
> > > > > > > > > > > > > > where packet drop is happening, could be a
> network
> > > acl
> > > > > rule
> > > > > > > > > issue,
> > > > > > > > > > > > > > but tracert command can lead to some answers.
> > > > > > > > > > > > > >
> > > > > > > > > > > > > > List running ports as well on VR, do a telnet to
> > dns
> > > > port
> > > > > > on
> > > > > > > > > router
> > > > > > > > > > > > > > from guest vm to verify for its response.
> > > > > > > > > > > > > >
> > > > > > > > > > > > > > Santhosh
> > > > > > > > > > > > > > ________________________________________
> > > > > > > > > > > > > > From: Indra Pramana [indra@sg.or.id]
> > > > > > > > > > > > > > Sent: Sunday, July 20, 2014 1:06 PM
> > > > > > > > > > > > > > To: users@cloudstack.apache.org
> > > > > > > > > > > > > > Cc: dev@cloudstack.apache.org
> > > > > > > > > > > > > > Subject: Re: DNS service on VR not responding
> > > > > > > > > > > > > >
> > > > > > > > > > > > > > Hi Rafael,
> > > > > > > > > > > > > >
> > > > > > > > > > > > > > Good day to you, and thank you for your reply.
> > > > > > > > > > > > > >
> > > > > > > > > > > > > > Can't find anything wrong on dnsmasq.log /
> > > daemon.log,
> > > > > just
> > > > > > > > some
> > > > > > > > > > log
> > > > > > > > > > > > > > entries related to DHCP, nothing on DNS. I masked
> > the
> > > > IP
> > > > > > > > > addresses
> > > > > > > > > > > > > > since they are public.
> > > > > > > > > > > > > >
> > > > > > > > > > > > > > ===
> > > > > > > > > > > > > > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]:
> > > > > DHCPDISCOVER(eth0)
> > > > > > > > > X.X.X.X
> > > > > > > > > > > > > > 06:62:a8:01:13:37
> > > > > > > > > > > > > > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]:
> > > > DHCPOFFER(eth0)
> > > > > > > > X.X.X.X
> > > > > > > > > > > > > > 06:62:a8:01:13:37
> > > > > > > > > > > > > > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]:
> > > > > DHCPREQUEST(eth0)
> > > > > > > > > X.X.X.X
> > > > > > > > > > > > > > 06:62:a8:01:13:37
> > > > > > > > > > > > > > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]:
> > > DHCPACK(eth0)
> > > > > > > X.X.X.X
> > > > > > > > > > > > > > 06:62:a8:01:13:37 yyyyyy
> > > > > > > > > > > > > > Jul 20 16:23:53 r-2606-VM dnsmasq[3519]:
> > > > DHCPINFORM(eth0)
> > > > > > > > X.X.X.X
> > > > > > > > > > > > > > 06:43:4a:01:12:65
> > > > > > > > > > > > > > Jul 20 16:23:53 r-2606-VM dnsmasq[3519]:
> > > DHCPACK(eth0)
> > > > > > > X.X.X.X
> > > > > > > > > > > > > > 06:43:4a:01:12:65 zzzzzz
> > > > > > > > > > > > > > ===
> > > > > > > > > > > > > >
> > > > > > > > > > > > > > Yes, the guest VMs are having difficulties
> > resolving
> > > > > > domains
> > > > > > > > into
> > > > > > > > > > IP
> > > > > > > > > > > > > > addresses because of the problem on the VR's DNS
> > > > server.
> > > > > > > > > > > > > >
> > > > > > > > > > > > > > $ host www.google.com X.X.X.X (where X.X.X.X is
> > the
> > > IP
> > > > > > > address
> > > > > > > > > of
> > > > > > > > > > > > > > the
> > > > > > > > > > > > > VR)
> > > > > > > > > > > > > > ;; connection timed out; no servers could be
> > reached
> > > > > > > > > > > > > >
> > > > > > > > > > > > > > However, from within the VR, I am able to resolve
> > > > domains
> > > > > > > just
> > > > > > > > > > fine.
> > > > > > > > > > > > > >
> > > > > > > > > > > > > > Any advise where can I start troubleshooting
> this?
> > > > > > > > > > > > > >
> > > > > > > > > > > > > > Looking forward to your reply, thank you.
> > > > > > > > > > > > > >
> > > > > > > > > > > > > > Cheers.
> > > > > > > > > > > > > >
> > > > > > > > > > > > > >
> > > > > > > > > > > > > >
> > > > > > > > > > > > > > On Sun, Jul 20, 2014 at 11:26 PM, Rafael
> > Weingartner
> > > <
> > > > > > > > > > > > > > rafaelweingartner@gmail.com> wrote:
> > > > > > > > > > > > > >
> > > > > > > > > > > > > > > Have you taken a look at dnsmasq.log in the VR
> ?
> > > > > > > > > > > > > > > What do you mean with not responding? The
> > addresses
> > > > are
> > > > > > not
> > > > > > > > > being
> > > > > > > > > > > > > > resolved
> > > > > > > > > > > > > > > to ip addresses?
> > > > > > > > > > > > > > >
> > > > > > > > > > > > > > >
> > > > > > > > > > > > > > > On Sun, Jul 20, 2014 at 11:53 AM, Indra
> Pramana <
> > > > > > > > > indra@sg.or.id>
> > > > > > > > > > > > > wrote:
> > > > > > > > > > > > > > >
> > > > > > > > > > > > > > > > Dear all,
> > > > > > > > > > > > > > > >
> > > > > > > > > > > > > > > > All our guest VMs are having our virtual
> router
> > > > > (VR)'s
> > > > > > IP
> > > > > > > > > > > > > > > > address on /etc/resolv.conf. In the past two
> > > > weeks, I
> > > > > > > just
> > > > > > > > > > > > > > > > realised that the DNS service on the VR is
> not
> > > > > working,
> > > > > > > and
> > > > > > > > > > > > > > > > doesn't respond to DNS queries
> > > > > > > > > > > > > > from
> > > > > > > > > > > > > > > > the DNS clients on the guest VM.
> > > > > > > > > > > > > > > >
> > > > > > > > > > > > > > > > I have tried to stop and start back the VR,
> but
> > > the
> > > > > > > problem
> > > > > > > > > > > > persists.
> > > > > > > > > > > > > > > >
> > > > > > > > > > > > > > > > DHCP services seems to be running fine, only
> > DNS
> > > > > > services
> > > > > > > > are
> > > > > > > > > > > > > > > > not
> > > > > > > > > > > > > > > working.
> > > > > > > > > > > > > > > > From what I understand, both services are
> > > provided
> > > > by
> > > > > > > > > dnsmasq,
> > > > > > > > > > > > > correct?
> > > > > > > > > > > > > > > >
> > > > > > > > > > > > > > > > Any advice on how can I resolve the problem?
> > > > > > > > > > > > > > > >
> > > > > > > > > > > > > > > > Looking forward to your reply, thank you.
> > > > > > > > > > > > > > > >
> > > > > > > > > > > > > > > > Cheers.
> > > > > > > > > > > > > > > >
> > > > > > > > > > > > > > >
> > > > > > > > > > > > > > >
> > > > > > > > > > > > > > >
> > > > > > > > > > > > > > > --
> > > > > > > > > > > > > > > Rafael Weing?rtner
> > > > > > > > > > > > > > >
> > > > > > > > > > > > > >
> > > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
>
>
>
> --
> Rafael Weing?rtner
>
RE: DNS service on VR not responding
Posted by Santhosh Edukulla <sa...@citrix.com>.
1. "tcpdump -vv - i eth0" to capture packets on interface eth0
2. "tcpdump -vv -s0 port 53" for full packet capture.
but simple thing i believe we may be missing is to run simple traceroute command from guest vm for a domain and see till where packets are going.
Santhosh
________________________________________
From: Rafael Weingartner [rafaelweingartner@gmail.com]
Sent: Tuesday, July 22, 2014 8:27 AM
To: users@cloudstack.apache.org
Subject: Re: DNS service on VR not responding
I would run a tcpdump on the VR, in order to check if the packages from the
VMs are arriving there.
When you enabled the log queries debug option, did you find something on
dnsmasq.log? was it saying that it was solving names form vm...?
On Tue, Jul 22, 2014 at 6:21 AM, Indra Pramana <in...@sg.or.id> wrote:
> Hi VIhar,
>
> route -n result is quite straightforward. Since it's a shared and not
> isolated network, the guest VM is on the same subnet as the VR. There are
> two subnets (X.X.X.0/24 and X.X.Y.0/24) within the shared network. The VR
> has two IPs on the interface, X.X.X.2 and X.X.Y.2. My guest VM having
> X.X.Y.* IP will try to communicate to the VR using X.X.Y.2.
>
> root@r-2606-VM:~# route -n
> Kernel IP routing table
> Destination Gateway Genmask Flags Metric Ref Use
> Iface
> 0.0.0.0 X.X.X.1 0.0.0.0 UG 0 0 0 eth0
> X.X.X.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
> X.X.Y.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
> 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0
> eth1
>
> With regards to tcpdump that you suggested, can I have more details on how
> to do? Do I need to perform the tcpdump from the guest VM or the VR?
>
> Looking forward to your reply, thank you.
>
> Cheers.
>
>
>
>
> On Tue, Jul 22, 2014 at 11:44 AM, Vihar <vi...@gmail.com> wrote:
>
> > Hi Indra
> >
> > Could you check the routing table from the guest VM ( route -n ) and I
> > would also like you to take a tcpdump from VM to VR with port 53 to check
> > if you are able to get the reply from the VM.
> >
> > Regards
> > Vihar K
> > On Jul 22, 2014 9:10 AM, "Indra Pramana" <in...@sg.or.id> wrote:
> >
> > > Hi Santhosh,
> > >
> > > Here it is:
> > >
> > > Supported ServicesDhcp, Dns, UserDataService CapabilitiesDhcp:
> > > VirtualRouter, Dns: VirtualRouter, UserData: VirtualRouter
> > > The zone has been running for quite some time, I created the zone
> almost
> > a
> > > year ago and there was no issues only until recently. So I don't think
> > the
> > > issue is due to the zone or service/network offering's default
> > > configuration, since I didn't make any changes to the zone
> configuration.
> > >
> > > Any advice on what should I investigate next?
> > >
> > > Looking forward to your reply, thank you.
> > >
> > > Cheers.
> > >
> > >
> > >
> > > On Mon, Jul 21, 2014 at 11:53 PM, Santhosh Edukulla <
> > > santhosh.edukulla@citrix.com> wrote:
> > >
> > > > While creating zone, you would have selected network offering, we can
> > see
> > > > the supported services for each network offering, available under
> > Service
> > > > Offerings->Select Network Offerings, some thing like below, so you
> may
> > > want
> > > > to check the network offering you associated to your datacenter and
> > > > corresponding capabilities , below are the supported services for one
> > of
> > > > the shared network offering.
> > > >
> > > > Supported Services Dns, Dhcp, UserData
> > > > Service Capabilities Dns: VirtualRouter, Dhcp: VirtualRouter,
> > > UserData:
> > > > VirtualRouter
> > > >
> > > > Santhosh
> > > > ________________________________________
> > > > From: Indra Pramana [indra@sg.or.id]
> > > > Sent: Monday, July 21, 2014 10:37 AM
> > > > To: users@cloudstack.apache.org
> > > > Subject: Re: DNS service on VR not responding
> > > >
> > > > Hi Santhosh, Vihar,
> > > >
> > > > The network which this VR is responsible is a shared, not isolated
> > > network.
> > > > It seems there's no network offering being tagged to a shared
> network?
> > > How
> > > > do I know if the DNS service is being chosen or not?
> > > >
> > > > Looking forward to your reply, thank you.
> > > >
> > > > Cheers.
> > > >
> > > >
> > > >
> > > > On Mon, Jul 21, 2014 at 6:45 PM, Vihar <vi...@gmail.com> wrote:
> > > >
> > > > > Yes, not choosing DNS service from network offering may be one of
> the
> > > > > reason it is not resolving the DNS queries.
> > > > >
> > > > > Regards
> > > > > Vihar K
> > > > > On Jul 21, 2014 4:09 PM, "Santhosh Edukulla" <
> > > > santhosh.edukulla@citrix.com
> > > > > >
> > > > > wrote:
> > > > >
> > > > > > Below are points so far,
> > > > > >
> > > > > > Have we selected the dns under network offering? As well, can you
> > > check
> > > > > > whether your dns queries are reaching VR by enabling VR in
> > > resolv.conf
> > > > (
> > > > > > guest vm ) and running trace route for some example domain?
> > > > > >
> > > > > > Santhosh
> > > > > > ________________________________________
> > > > > > From: Indra Pramana [indra@sg.or.id]
> > > > > > Sent: Monday, July 21, 2014 6:33 AM
> > > > > > To: users@cloudstack.apache.org
> > > > > > Subject: Re: DNS service on VR not responding
> > > > > >
> > > > > > Hi Vihar,
> > > > > >
> > > > > > Have tried:
> > > > > >
> > > > > > - Restarting dnsmasq service
> > > > > > - Stopping and starting the VR from CloudStack GUI.
> > > > > >
> > > > > > Problem still persists. :(
> > > > > >
> > > > > > Any other hints or suggestions?
> > > > > >
> > > > > > Looking forward to to your reply, thank you.
> > > > > >
> > > > > > Cheers.
> > > > > >
> > > > > >
> > > > > >
> > > > > > On Mon, Jul 21, 2014 at 6:19 PM, Vihar <vi...@gmail.com>
> wrote:
> > > > > >
> > > > > > > Hi Indra,
> > > > > > >
> > > > > > > Are you referring to /etc/resolv.conf on the VR itself or on
> the
> > > > guest
> > > > > > VM?
> > > > > > > >> I was referring to the VR itself. I thought there was 3 IP
> > > address
> > > > > in
> > > > > > VR
> > > > > > > itself.
> > > > > > >
> > > > > > > Have you tried stopping and starting the VR if not can you
> give a
> > > > try.
> > > > > > >
> > > > > > > Regards
> > > > > > > Vihar K
> > > > > > > On Jul 21, 2014 3:26 PM, "Indra Pramana" <in...@sg.or.id>
> wrote:
> > > > > > >
> > > > > > > > Hi Vihar,
> > > > > > > >
> > > > > > > > Are you referring to /etc/resolv.conf on the VR itself or on
> > the
> > > > > guest
> > > > > > > VM?
> > > > > > > >
> > > > > > > > On the VR itself, there are only two entries on
> > /etc/resolv.conf
> > > > > > pointing
> > > > > > > > to both Google public DNS servers.
> > > > > > > >
> > > > > > > > On the guest VM, there are 3 entries, one to the VR and two
> to
> > > the
> > > > > > Google
> > > > > > > > public DNS servers. If I commented out both Google DNS
> servers
> > > and
> > > > > only
> > > > > > > > leaving the VR IP there, I cannot resolve anything. If the VR
> > IP
> > > is
> > > > > > > > commented out and leaving both Google DNS servers there,
> then I
> > > can
> > > > > > > > resolve. So the issue is confirmed due to DNS service on the
> > VR.
> > > > > > > >
> > > > > > > > But I am not too sure why it doesn't respond even though the
> > > > dnsmasq
> > > > > > > > service is running.
> > > > > > > >
> > > > > > > > Thank you.
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > On Mon, Jul 21, 2014 at 1:00 PM, Vihar <vi...@gmail.com>
> > > wrote:
> > > > > > > >
> > > > > > > > > Hi ,
> > > > > > > > >
> > > > > > > > > I would like you to comment second and third IP address I.e
> > > > 4.2.2.2
> > > > > > and
> > > > > > > > > 8.8.8.8 and uncomment the first IP which is allocated to
> DNS
> > > and
> > > > > try
> > > > > > to
> > > > > > > > > resolve the internet. It might be resolving the queries
> from
> > > > > external
> > > > > > > DNS
> > > > > > > > > server.
> > > > > > > > >
> > > > > > > > > If you are not able to resolve the names from VR, check if
> > the
> > > > DNS
> > > > > > > > service
> > > > > > > > > is running properly for the IP which act as a DNS server.
> > > > > > > > >
> > > > > > > > > Regards
> > > > > > > > > Vihar
> > > > > > > > > On Jul 21, 2014 10:19 AM, "Indra Pramana" <in...@sg.or.id>
> > > > wrote:
> > > > > > > > >
> > > > > > > > > > Hi Sanjeev,
> > > > > > > > > >
> > > > > > > > > > Good day to you, and thank you for your reply.
> > > > > > > > > >
> > > > > > > > > > Yes, I can resolve domains without any issues from within
> > the
> > > > VR
> > > > > > > > itself.
> > > > > > > > > >
> > > > > > > > > > root@r-2606-VM:/etc# ping yahoo.com
> > > > > > > > > > PING yahoo.com (98.139.183.24): 56 data bytes
> > > > > > > > > > 64 bytes from 98.139.183.24: icmp_seq=0 ttl=47
> > time=250.473
> > > ms
> > > > > > > > > > 64 bytes from 98.139.183.24: icmp_seq=1 ttl=47
> > time=239.240
> > > ms
> > > > > > > > > > 64 bytes from 98.139.183.24: icmp_seq=2 ttl=45
> > time=247.605
> > > ms
> > > > > > > > > > 64 bytes from 98.139.183.24: icmp_seq=3 ttl=45
> > time=244.913
> > > ms
> > > > > > > > > > ^C--- yahoo.com ping statistics ---
> > > > > > > > > > 4 packets transmitted, 4 packets received, 0% packet loss
> > > > > > > > > > round-trip min/avg/max/stddev =
> > 239.240/245.558/250.473/4.144
> > > > ms
> > > > > > > > > >
> > > > > > > > > > root@r-2606-VM:/etc# ping google.com
> > > > > > > > > > PING google.com (74.125.68.102): 56 data bytes
> > > > > > > > > > 64 bytes from 74.125.68.102: icmp_seq=0 ttl=52
> time=1.353
> > ms
> > > > > > > > > > 64 bytes from 74.125.68.102: icmp_seq=1 ttl=52
> time=1.199
> > ms
> > > > > > > > > > 64 bytes from 74.125.68.102: icmp_seq=2 ttl=52
> time=1.268
> > ms
> > > > > > > > > > 64 bytes from 74.125.68.102: icmp_seq=3 ttl=52
> time=1.287
> > ms
> > > > > > > > > > ^C--- google.com ping statistics ---
> > > > > > > > > > 4 packets transmitted, 4 packets received, 0% packet loss
> > > > > > > > > > round-trip min/avg/max/stddev = 1.199/1.277/1.353/0.055
> ms
> > > > > > > > > >
> > > > > > > > > > The VR uses 8.8.8.8 and 8.8.4.4 to resolve domains.
> > > > > > > > > >
> > > > > > > > > > root@r-2606-VM:/etc# cat /etc/resolv.conf
> > > > > > > > > > nameserver 8.8.8.8
> > > > > > > > > > nameserver 8.8.4.4
> > > > > > > > > >
> > > > > > > > > > I can ping both name servers without any issues.
> > > > > > > > > >
> > > > > > > > > > root@r-2606-VM:/etc# ping 8.8.8.8
> > > > > > > > > > PING 8.8.8.8 (8.8.8.8): 56 data bytes
> > > > > > > > > > 64 bytes from 8.8.8.8: icmp_seq=0 ttl=52 time=4.693 ms
> > > > > > > > > > 64 bytes from 8.8.8.8: icmp_seq=1 ttl=52 time=2.390 ms
> > > > > > > > > > 64 bytes from 8.8.8.8: icmp_seq=2 ttl=52 time=2.523 ms
> > > > > > > > > > 64 bytes from 8.8.8.8: icmp_seq=3 ttl=52 time=2.458 ms
> > > > > > > > > > ^C--- 8.8.8.8 ping statistics ---
> > > > > > > > > > 4 packets transmitted, 4 packets received, 0% packet loss
> > > > > > > > > > round-trip min/avg/max/stddev = 2.390/3.016/4.693/0.969
> ms
> > > > > > > > > >
> > > > > > > > > > root@r-2606-VM:/etc# ping 8.8.4.4
> > > > > > > > > > PING 8.8.4.4 (8.8.4.4): 56 data bytes
> > > > > > > > > > 64 bytes from 8.8.4.4: icmp_seq=0 ttl=52 time=2.649 ms
> > > > > > > > > > 64 bytes from 8.8.4.4: icmp_seq=1 ttl=52 time=2.458 ms
> > > > > > > > > > 64 bytes from 8.8.4.4: icmp_seq=2 ttl=52 time=2.436 ms
> > > > > > > > > > 64 bytes from 8.8.4.4: icmp_seq=3 ttl=52 time=2.393 ms
> > > > > > > > > > ^C--- 8.8.4.4 ping statistics ---
> > > > > > > > > > 4 packets transmitted, 4 packets received, 0% packet loss
> > > > > > > > > > round-trip min/avg/max/stddev = 2.393/2.484/2.649/0.098
> ms
> > > > > > > > > >
> > > > > > > > > > Looking forward to your reply, thank you.
> > > > > > > > > >
> > > > > > > > > > Cheers.
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > > On Mon, Jul 21, 2014 at 12:18 PM, Sanjeev Neelarapu <
> > > > > > > > > > sanjeev.neelarapu@citrix.com> wrote:
> > > > > > > > > >
> > > > > > > > > > > Hi,
> > > > > > > > > > >
> > > > > > > > > > > Can you check if the VR is able to resolve the domain
> > names
> > > > by
> > > > > > > > pinging
> > > > > > > > > > > from VR ?
> > > > > > > > > > >
> > > > > > > > > > > -Sanjeev
> > > > > > > > > > >
> > > > > > > > > > > -----Original Message-----
> > > > > > > > > > > From: Vihar [mailto:vih1310@gmail.com]
> > > > > > > > > > > Sent: Monday, July 21, 2014 5:43 AM
> > > > > > > > > > > To: users@cloudstack.apache.org
> > > > > > > > > > > Cc: dev@cloudstack.apache.org
> > > > > > > > > > > Subject: RE: DNS service on VR not responding
> > > > > > > > > > >
> > > > > > > > > > > Hi,
> > > > > > > > > > >
> > > > > > > > > > > Yes, if I remove or comment out the first nameserver
> > entry
> > > > for
> > > > > > the
> > > > > > > > VR's
> > > > > > > > > > > IP, and only leaving 8.8.8.8 and 8.8.4.4, guest VMs
> will
> > be
> > > > > > running
> > > > > > > > > fine
> > > > > > > > > > > and will be able to resolve domains properly."
> > > > > > > > > > >
> > > > > > > > > > > Are you able to ping the first DNS server IP address
> that
> > > you
> > > > > > > > commented
> > > > > > > > > > > out?
> > > > > > > > > > >
> > > > > > > > > > > Regards
> > > > > > > > > > > Vihar K
> > > > > > > > > > > On Jul 20, 2014 11:29 PM, "Santhosh Edukulla" <
> > > > > > > > > > > santhosh.edukulla@citrix.com>
> > > > > > > > > > > wrote:
> > > > > > > > > > >
> > > > > > > > > > > > Do a traceroute to an external domain say google.com
> > > from
> > > > > > guest
> > > > > > > > vm,
> > > > > > > > > as
> > > > > > > > > > > > you mentioned below, both by commenting out vr ip and
> > > not,
> > > > in
> > > > > > > > > > > > resolv.conf, you may see the difference.
> > > > > > > > > > > >
> > > > > > > > > > > > "Yes, if I remove or comment out the first nameserver
> > > entry
> > > > > for
> > > > > > > the
> > > > > > > > > > > > VR's IP, and only leaving 8.8.8.8 and 8.8.4.4, guest
> > VMs
> > > > will
> > > > > > be
> > > > > > > > > > > > running fine and will be able to resolve domains
> > > properly."
> > > > > > > > > > > >
> > > > > > > > > > > >
> > > > > > > > > > > > Santhosh
> > > > > > > > > > > > ________________________________________
> > > > > > > > > > > > From: Indra Pramana [indra@sg.or.id]
> > > > > > > > > > > > Sent: Sunday, July 20, 2014 1:48 PM
> > > > > > > > > > > > To: users@cloudstack.apache.org
> > > > > > > > > > > > Cc: dev@cloudstack.apache.org
> > > > > > > > > > > > Subject: Re: DNS service on VR not responding
> > > > > > > > > > > >
> > > > > > > > > > > > Hi Santhosh,
> > > > > > > > > > > >
> > > > > > > > > > > > Good day to you, and thank you for your email.
> > > > > > > > > > > >
> > > > > > > > > > > > Traceroute packets seems to be dropped, I think it's
> by
> > > > > > default.
> > > > > > > > See
> > > > > > > > > > > > result
> > > > > > > > > > > > below:
> > > > > > > > > > > >
> > > > > > > > > > > > # traceroute X.X.X.2
> > > > > > > > > > > > traceroute to X.X.X.2 (X.X.X.2), 30 hops max, 60 byte
> > > > packets
> > > > > > > > > > > > 1 * * *
> > > > > > > > > > > > 2 * * *
> > > > > > > > > > > > 3 * * *
> > > > > > > > > > > >
> > > > > > > > > > > > However, I am able to ping, and there is a response
> > when
> > > I
> > > > > > tried
> > > > > > > to
> > > > > > > > > > > > telnet to port 53.
> > > > > > > > > > > >
> > > > > > > > > > > > 64 bytes from X.X.X.2: icmp_req=4 ttl=64 time=2.00 ms
> > > > > > > > > > > > 64 bytes from X.X.X.2: icmp_req=5 ttl=64 time=0.291
> ms
> > > > > > > > > > > > 64 bytes from X.X.X.2: icmp_req=6 ttl=64 time=0.384
> ms
> > ^C
> > > > > > > > > > > > --- X.X.X.2 ping statistics ---
> > > > > > > > > > > > 6 packets transmitted, 6 received, 0% packet loss,
> time
> > > > > 4999ms
> > > > > > > rtt
> > > > > > > > > > > > min/avg/max/mdev = 0.270/0.603/2.006/0.628 ms
> > > > > > > > > > > >
> > > > > > > > > > > > # telnet X.X.X.2 53
> > > > > > > > > > > > Trying X.X.X.2...
> > > > > > > > > > > > Connected to X.X.X.2.
> > > > > > > > > > > > Escape character is '^]'.
> > > > > > > > > > > >
> > > > > > > > > > > > netstat -a on the VR shows the service is listening
> on
> > > > domain
> > > > > > > port
> > > > > > > > > > (53).
> > > > > > > > > > > >
> > > > > > > > > > > > tcp 0 0 r-2606-VM:domain *:*
> > > > > > > > > > > LISTEN
> > > > > > > > > > > >
> > > > > > > > > > > > tcp 0 0 X.X.X.2:domain *:*
> > > > > > > > LISTEN
> > > > > > > > > > > >
> > > > > > > > > > > > udp 156992 0 r-2606-VM:domain *:*
> > > > > > > > > > > >
> > > > > > > > > > > > udp 164032 0 X.X.X.2:domain *:*
> > > > > > > > > > > >
> > > > > > > > > > > > Can you advise if there's anything else I need to
> > check?
> > > > > > > > > > > >
> > > > > > > > > > > > Looking forward to your reply, thank you.
> > > > > > > > > > > >
> > > > > > > > > > > > Cheers.
> > > > > > > > > > > >
> > > > > > > > > > > >
> > > > > > > > > > > >
> > > > > > > > > > > >
> > > > > > > > > > > > On Mon, Jul 21, 2014 at 1:17 AM, Santhosh Edukulla <
> > > > > > > > > > > > santhosh.edukulla@citrix.com> wrote:
> > > > > > > > > > > >
> > > > > > > > > > > > > Run trace route from guest vms, the result will
> yield
> > > to
> > > > > the
> > > > > > > > point
> > > > > > > > > > > > > where packet drop is happening, could be a network
> > acl
> > > > rule
> > > > > > > > issue,
> > > > > > > > > > > > > but tracert command can lead to some answers.
> > > > > > > > > > > > >
> > > > > > > > > > > > > List running ports as well on VR, do a telnet to
> dns
> > > port
> > > > > on
> > > > > > > > router
> > > > > > > > > > > > > from guest vm to verify for its response.
> > > > > > > > > > > > >
> > > > > > > > > > > > > Santhosh
> > > > > > > > > > > > > ________________________________________
> > > > > > > > > > > > > From: Indra Pramana [indra@sg.or.id]
> > > > > > > > > > > > > Sent: Sunday, July 20, 2014 1:06 PM
> > > > > > > > > > > > > To: users@cloudstack.apache.org
> > > > > > > > > > > > > Cc: dev@cloudstack.apache.org
> > > > > > > > > > > > > Subject: Re: DNS service on VR not responding
> > > > > > > > > > > > >
> > > > > > > > > > > > > Hi Rafael,
> > > > > > > > > > > > >
> > > > > > > > > > > > > Good day to you, and thank you for your reply.
> > > > > > > > > > > > >
> > > > > > > > > > > > > Can't find anything wrong on dnsmasq.log /
> > daemon.log,
> > > > just
> > > > > > > some
> > > > > > > > > log
> > > > > > > > > > > > > entries related to DHCP, nothing on DNS. I masked
> the
> > > IP
> > > > > > > > addresses
> > > > > > > > > > > > > since they are public.
> > > > > > > > > > > > >
> > > > > > > > > > > > > ===
> > > > > > > > > > > > > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]:
> > > > DHCPDISCOVER(eth0)
> > > > > > > > X.X.X.X
> > > > > > > > > > > > > 06:62:a8:01:13:37
> > > > > > > > > > > > > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]:
> > > DHCPOFFER(eth0)
> > > > > > > X.X.X.X
> > > > > > > > > > > > > 06:62:a8:01:13:37
> > > > > > > > > > > > > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]:
> > > > DHCPREQUEST(eth0)
> > > > > > > > X.X.X.X
> > > > > > > > > > > > > 06:62:a8:01:13:37
> > > > > > > > > > > > > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]:
> > DHCPACK(eth0)
> > > > > > X.X.X.X
> > > > > > > > > > > > > 06:62:a8:01:13:37 yyyyyy
> > > > > > > > > > > > > Jul 20 16:23:53 r-2606-VM dnsmasq[3519]:
> > > DHCPINFORM(eth0)
> > > > > > > X.X.X.X
> > > > > > > > > > > > > 06:43:4a:01:12:65
> > > > > > > > > > > > > Jul 20 16:23:53 r-2606-VM dnsmasq[3519]:
> > DHCPACK(eth0)
> > > > > > X.X.X.X
> > > > > > > > > > > > > 06:43:4a:01:12:65 zzzzzz
> > > > > > > > > > > > > ===
> > > > > > > > > > > > >
> > > > > > > > > > > > > Yes, the guest VMs are having difficulties
> resolving
> > > > > domains
> > > > > > > into
> > > > > > > > > IP
> > > > > > > > > > > > > addresses because of the problem on the VR's DNS
> > > server.
> > > > > > > > > > > > >
> > > > > > > > > > > > > $ host www.google.com X.X.X.X (where X.X.X.X is
> the
> > IP
> > > > > > address
> > > > > > > > of
> > > > > > > > > > > > > the
> > > > > > > > > > > > VR)
> > > > > > > > > > > > > ;; connection timed out; no servers could be
> reached
> > > > > > > > > > > > >
> > > > > > > > > > > > > However, from within the VR, I am able to resolve
> > > domains
> > > > > > just
> > > > > > > > > fine.
> > > > > > > > > > > > >
> > > > > > > > > > > > > Any advise where can I start troubleshooting this?
> > > > > > > > > > > > >
> > > > > > > > > > > > > Looking forward to your reply, thank you.
> > > > > > > > > > > > >
> > > > > > > > > > > > > Cheers.
> > > > > > > > > > > > >
> > > > > > > > > > > > >
> > > > > > > > > > > > >
> > > > > > > > > > > > > On Sun, Jul 20, 2014 at 11:26 PM, Rafael
> Weingartner
> > <
> > > > > > > > > > > > > rafaelweingartner@gmail.com> wrote:
> > > > > > > > > > > > >
> > > > > > > > > > > > > > Have you taken a look at dnsmasq.log in the VR ?
> > > > > > > > > > > > > > What do you mean with not responding? The
> addresses
> > > are
> > > > > not
> > > > > > > > being
> > > > > > > > > > > > > resolved
> > > > > > > > > > > > > > to ip addresses?
> > > > > > > > > > > > > >
> > > > > > > > > > > > > >
> > > > > > > > > > > > > > On Sun, Jul 20, 2014 at 11:53 AM, Indra Pramana <
> > > > > > > > indra@sg.or.id>
> > > > > > > > > > > > wrote:
> > > > > > > > > > > > > >
> > > > > > > > > > > > > > > Dear all,
> > > > > > > > > > > > > > >
> > > > > > > > > > > > > > > All our guest VMs are having our virtual router
> > > > (VR)'s
> > > > > IP
> > > > > > > > > > > > > > > address on /etc/resolv.conf. In the past two
> > > weeks, I
> > > > > > just
> > > > > > > > > > > > > > > realised that the DNS service on the VR is not
> > > > working,
> > > > > > and
> > > > > > > > > > > > > > > doesn't respond to DNS queries
> > > > > > > > > > > > > from
> > > > > > > > > > > > > > > the DNS clients on the guest VM.
> > > > > > > > > > > > > > >
> > > > > > > > > > > > > > > I have tried to stop and start back the VR, but
> > the
> > > > > > problem
> > > > > > > > > > > persists.
> > > > > > > > > > > > > > >
> > > > > > > > > > > > > > > DHCP services seems to be running fine, only
> DNS
> > > > > services
> > > > > > > are
> > > > > > > > > > > > > > > not
> > > > > > > > > > > > > > working.
> > > > > > > > > > > > > > > From what I understand, both services are
> > provided
> > > by
> > > > > > > > dnsmasq,
> > > > > > > > > > > > correct?
> > > > > > > > > > > > > > >
> > > > > > > > > > > > > > > Any advice on how can I resolve the problem?
> > > > > > > > > > > > > > >
> > > > > > > > > > > > > > > Looking forward to your reply, thank you.
> > > > > > > > > > > > > > >
> > > > > > > > > > > > > > > Cheers.
> > > > > > > > > > > > > > >
> > > > > > > > > > > > > >
> > > > > > > > > > > > > >
> > > > > > > > > > > > > >
> > > > > > > > > > > > > > --
> > > > > > > > > > > > > > Rafael Weing?rtner
> > > > > > > > > > > > > >
> > > > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
>
--
Rafael Weing?rtner
Re: DNS service on VR not responding
Posted by Rafael Weingartner <ra...@gmail.com>.
I would run a tcpdump on the VR, in order to check if the packages from the
VMs are arriving there.
When you enabled the log queries debug option, did you find something on
dnsmasq.log? was it saying that it was solving names form vm...?
On Tue, Jul 22, 2014 at 6:21 AM, Indra Pramana <in...@sg.or.id> wrote:
> Hi VIhar,
>
> route -n result is quite straightforward. Since it's a shared and not
> isolated network, the guest VM is on the same subnet as the VR. There are
> two subnets (X.X.X.0/24 and X.X.Y.0/24) within the shared network. The VR
> has two IPs on the interface, X.X.X.2 and X.X.Y.2. My guest VM having
> X.X.Y.* IP will try to communicate to the VR using X.X.Y.2.
>
> root@r-2606-VM:~# route -n
> Kernel IP routing table
> Destination Gateway Genmask Flags Metric Ref Use
> Iface
> 0.0.0.0 X.X.X.1 0.0.0.0 UG 0 0 0 eth0
> X.X.X.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
> X.X.Y.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
> 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0
> eth1
>
> With regards to tcpdump that you suggested, can I have more details on how
> to do? Do I need to perform the tcpdump from the guest VM or the VR?
>
> Looking forward to your reply, thank you.
>
> Cheers.
>
>
>
>
> On Tue, Jul 22, 2014 at 11:44 AM, Vihar <vi...@gmail.com> wrote:
>
> > Hi Indra
> >
> > Could you check the routing table from the guest VM ( route -n ) and I
> > would also like you to take a tcpdump from VM to VR with port 53 to check
> > if you are able to get the reply from the VM.
> >
> > Regards
> > Vihar K
> > On Jul 22, 2014 9:10 AM, "Indra Pramana" <in...@sg.or.id> wrote:
> >
> > > Hi Santhosh,
> > >
> > > Here it is:
> > >
> > > Supported ServicesDhcp, Dns, UserDataService CapabilitiesDhcp:
> > > VirtualRouter, Dns: VirtualRouter, UserData: VirtualRouter
> > > The zone has been running for quite some time, I created the zone
> almost
> > a
> > > year ago and there was no issues only until recently. So I don't think
> > the
> > > issue is due to the zone or service/network offering's default
> > > configuration, since I didn't make any changes to the zone
> configuration.
> > >
> > > Any advice on what should I investigate next?
> > >
> > > Looking forward to your reply, thank you.
> > >
> > > Cheers.
> > >
> > >
> > >
> > > On Mon, Jul 21, 2014 at 11:53 PM, Santhosh Edukulla <
> > > santhosh.edukulla@citrix.com> wrote:
> > >
> > > > While creating zone, you would have selected network offering, we can
> > see
> > > > the supported services for each network offering, available under
> > Service
> > > > Offerings->Select Network Offerings, some thing like below, so you
> may
> > > want
> > > > to check the network offering you associated to your datacenter and
> > > > corresponding capabilities , below are the supported services for one
> > of
> > > > the shared network offering.
> > > >
> > > > Supported Services Dns, Dhcp, UserData
> > > > Service Capabilities Dns: VirtualRouter, Dhcp: VirtualRouter,
> > > UserData:
> > > > VirtualRouter
> > > >
> > > > Santhosh
> > > > ________________________________________
> > > > From: Indra Pramana [indra@sg.or.id]
> > > > Sent: Monday, July 21, 2014 10:37 AM
> > > > To: users@cloudstack.apache.org
> > > > Subject: Re: DNS service on VR not responding
> > > >
> > > > Hi Santhosh, Vihar,
> > > >
> > > > The network which this VR is responsible is a shared, not isolated
> > > network.
> > > > It seems there's no network offering being tagged to a shared
> network?
> > > How
> > > > do I know if the DNS service is being chosen or not?
> > > >
> > > > Looking forward to your reply, thank you.
> > > >
> > > > Cheers.
> > > >
> > > >
> > > >
> > > > On Mon, Jul 21, 2014 at 6:45 PM, Vihar <vi...@gmail.com> wrote:
> > > >
> > > > > Yes, not choosing DNS service from network offering may be one of
> the
> > > > > reason it is not resolving the DNS queries.
> > > > >
> > > > > Regards
> > > > > Vihar K
> > > > > On Jul 21, 2014 4:09 PM, "Santhosh Edukulla" <
> > > > santhosh.edukulla@citrix.com
> > > > > >
> > > > > wrote:
> > > > >
> > > > > > Below are points so far,
> > > > > >
> > > > > > Have we selected the dns under network offering? As well, can you
> > > check
> > > > > > whether your dns queries are reaching VR by enabling VR in
> > > resolv.conf
> > > > (
> > > > > > guest vm ) and running trace route for some example domain?
> > > > > >
> > > > > > Santhosh
> > > > > > ________________________________________
> > > > > > From: Indra Pramana [indra@sg.or.id]
> > > > > > Sent: Monday, July 21, 2014 6:33 AM
> > > > > > To: users@cloudstack.apache.org
> > > > > > Subject: Re: DNS service on VR not responding
> > > > > >
> > > > > > Hi Vihar,
> > > > > >
> > > > > > Have tried:
> > > > > >
> > > > > > - Restarting dnsmasq service
> > > > > > - Stopping and starting the VR from CloudStack GUI.
> > > > > >
> > > > > > Problem still persists. :(
> > > > > >
> > > > > > Any other hints or suggestions?
> > > > > >
> > > > > > Looking forward to to your reply, thank you.
> > > > > >
> > > > > > Cheers.
> > > > > >
> > > > > >
> > > > > >
> > > > > > On Mon, Jul 21, 2014 at 6:19 PM, Vihar <vi...@gmail.com>
> wrote:
> > > > > >
> > > > > > > Hi Indra,
> > > > > > >
> > > > > > > Are you referring to /etc/resolv.conf on the VR itself or on
> the
> > > > guest
> > > > > > VM?
> > > > > > > >> I was referring to the VR itself. I thought there was 3 IP
> > > address
> > > > > in
> > > > > > VR
> > > > > > > itself.
> > > > > > >
> > > > > > > Have you tried stopping and starting the VR if not can you
> give a
> > > > try.
> > > > > > >
> > > > > > > Regards
> > > > > > > Vihar K
> > > > > > > On Jul 21, 2014 3:26 PM, "Indra Pramana" <in...@sg.or.id>
> wrote:
> > > > > > >
> > > > > > > > Hi Vihar,
> > > > > > > >
> > > > > > > > Are you referring to /etc/resolv.conf on the VR itself or on
> > the
> > > > > guest
> > > > > > > VM?
> > > > > > > >
> > > > > > > > On the VR itself, there are only two entries on
> > /etc/resolv.conf
> > > > > > pointing
> > > > > > > > to both Google public DNS servers.
> > > > > > > >
> > > > > > > > On the guest VM, there are 3 entries, one to the VR and two
> to
> > > the
> > > > > > Google
> > > > > > > > public DNS servers. If I commented out both Google DNS
> servers
> > > and
> > > > > only
> > > > > > > > leaving the VR IP there, I cannot resolve anything. If the VR
> > IP
> > > is
> > > > > > > > commented out and leaving both Google DNS servers there,
> then I
> > > can
> > > > > > > > resolve. So the issue is confirmed due to DNS service on the
> > VR.
> > > > > > > >
> > > > > > > > But I am not too sure why it doesn't respond even though the
> > > > dnsmasq
> > > > > > > > service is running.
> > > > > > > >
> > > > > > > > Thank you.
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > On Mon, Jul 21, 2014 at 1:00 PM, Vihar <vi...@gmail.com>
> > > wrote:
> > > > > > > >
> > > > > > > > > Hi ,
> > > > > > > > >
> > > > > > > > > I would like you to comment second and third IP address I.e
> > > > 4.2.2.2
> > > > > > and
> > > > > > > > > 8.8.8.8 and uncomment the first IP which is allocated to
> DNS
> > > and
> > > > > try
> > > > > > to
> > > > > > > > > resolve the internet. It might be resolving the queries
> from
> > > > > external
> > > > > > > DNS
> > > > > > > > > server.
> > > > > > > > >
> > > > > > > > > If you are not able to resolve the names from VR, check if
> > the
> > > > DNS
> > > > > > > > service
> > > > > > > > > is running properly for the IP which act as a DNS server.
> > > > > > > > >
> > > > > > > > > Regards
> > > > > > > > > Vihar
> > > > > > > > > On Jul 21, 2014 10:19 AM, "Indra Pramana" <in...@sg.or.id>
> > > > wrote:
> > > > > > > > >
> > > > > > > > > > Hi Sanjeev,
> > > > > > > > > >
> > > > > > > > > > Good day to you, and thank you for your reply.
> > > > > > > > > >
> > > > > > > > > > Yes, I can resolve domains without any issues from within
> > the
> > > > VR
> > > > > > > > itself.
> > > > > > > > > >
> > > > > > > > > > root@r-2606-VM:/etc# ping yahoo.com
> > > > > > > > > > PING yahoo.com (98.139.183.24): 56 data bytes
> > > > > > > > > > 64 bytes from 98.139.183.24: icmp_seq=0 ttl=47
> > time=250.473
> > > ms
> > > > > > > > > > 64 bytes from 98.139.183.24: icmp_seq=1 ttl=47
> > time=239.240
> > > ms
> > > > > > > > > > 64 bytes from 98.139.183.24: icmp_seq=2 ttl=45
> > time=247.605
> > > ms
> > > > > > > > > > 64 bytes from 98.139.183.24: icmp_seq=3 ttl=45
> > time=244.913
> > > ms
> > > > > > > > > > ^C--- yahoo.com ping statistics ---
> > > > > > > > > > 4 packets transmitted, 4 packets received, 0% packet loss
> > > > > > > > > > round-trip min/avg/max/stddev =
> > 239.240/245.558/250.473/4.144
> > > > ms
> > > > > > > > > >
> > > > > > > > > > root@r-2606-VM:/etc# ping google.com
> > > > > > > > > > PING google.com (74.125.68.102): 56 data bytes
> > > > > > > > > > 64 bytes from 74.125.68.102: icmp_seq=0 ttl=52
> time=1.353
> > ms
> > > > > > > > > > 64 bytes from 74.125.68.102: icmp_seq=1 ttl=52
> time=1.199
> > ms
> > > > > > > > > > 64 bytes from 74.125.68.102: icmp_seq=2 ttl=52
> time=1.268
> > ms
> > > > > > > > > > 64 bytes from 74.125.68.102: icmp_seq=3 ttl=52
> time=1.287
> > ms
> > > > > > > > > > ^C--- google.com ping statistics ---
> > > > > > > > > > 4 packets transmitted, 4 packets received, 0% packet loss
> > > > > > > > > > round-trip min/avg/max/stddev = 1.199/1.277/1.353/0.055
> ms
> > > > > > > > > >
> > > > > > > > > > The VR uses 8.8.8.8 and 8.8.4.4 to resolve domains.
> > > > > > > > > >
> > > > > > > > > > root@r-2606-VM:/etc# cat /etc/resolv.conf
> > > > > > > > > > nameserver 8.8.8.8
> > > > > > > > > > nameserver 8.8.4.4
> > > > > > > > > >
> > > > > > > > > > I can ping both name servers without any issues.
> > > > > > > > > >
> > > > > > > > > > root@r-2606-VM:/etc# ping 8.8.8.8
> > > > > > > > > > PING 8.8.8.8 (8.8.8.8): 56 data bytes
> > > > > > > > > > 64 bytes from 8.8.8.8: icmp_seq=0 ttl=52 time=4.693 ms
> > > > > > > > > > 64 bytes from 8.8.8.8: icmp_seq=1 ttl=52 time=2.390 ms
> > > > > > > > > > 64 bytes from 8.8.8.8: icmp_seq=2 ttl=52 time=2.523 ms
> > > > > > > > > > 64 bytes from 8.8.8.8: icmp_seq=3 ttl=52 time=2.458 ms
> > > > > > > > > > ^C--- 8.8.8.8 ping statistics ---
> > > > > > > > > > 4 packets transmitted, 4 packets received, 0% packet loss
> > > > > > > > > > round-trip min/avg/max/stddev = 2.390/3.016/4.693/0.969
> ms
> > > > > > > > > >
> > > > > > > > > > root@r-2606-VM:/etc# ping 8.8.4.4
> > > > > > > > > > PING 8.8.4.4 (8.8.4.4): 56 data bytes
> > > > > > > > > > 64 bytes from 8.8.4.4: icmp_seq=0 ttl=52 time=2.649 ms
> > > > > > > > > > 64 bytes from 8.8.4.4: icmp_seq=1 ttl=52 time=2.458 ms
> > > > > > > > > > 64 bytes from 8.8.4.4: icmp_seq=2 ttl=52 time=2.436 ms
> > > > > > > > > > 64 bytes from 8.8.4.4: icmp_seq=3 ttl=52 time=2.393 ms
> > > > > > > > > > ^C--- 8.8.4.4 ping statistics ---
> > > > > > > > > > 4 packets transmitted, 4 packets received, 0% packet loss
> > > > > > > > > > round-trip min/avg/max/stddev = 2.393/2.484/2.649/0.098
> ms
> > > > > > > > > >
> > > > > > > > > > Looking forward to your reply, thank you.
> > > > > > > > > >
> > > > > > > > > > Cheers.
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > > On Mon, Jul 21, 2014 at 12:18 PM, Sanjeev Neelarapu <
> > > > > > > > > > sanjeev.neelarapu@citrix.com> wrote:
> > > > > > > > > >
> > > > > > > > > > > Hi,
> > > > > > > > > > >
> > > > > > > > > > > Can you check if the VR is able to resolve the domain
> > names
> > > > by
> > > > > > > > pinging
> > > > > > > > > > > from VR ?
> > > > > > > > > > >
> > > > > > > > > > > -Sanjeev
> > > > > > > > > > >
> > > > > > > > > > > -----Original Message-----
> > > > > > > > > > > From: Vihar [mailto:vih1310@gmail.com]
> > > > > > > > > > > Sent: Monday, July 21, 2014 5:43 AM
> > > > > > > > > > > To: users@cloudstack.apache.org
> > > > > > > > > > > Cc: dev@cloudstack.apache.org
> > > > > > > > > > > Subject: RE: DNS service on VR not responding
> > > > > > > > > > >
> > > > > > > > > > > Hi,
> > > > > > > > > > >
> > > > > > > > > > > Yes, if I remove or comment out the first nameserver
> > entry
> > > > for
> > > > > > the
> > > > > > > > VR's
> > > > > > > > > > > IP, and only leaving 8.8.8.8 and 8.8.4.4, guest VMs
> will
> > be
> > > > > > running
> > > > > > > > > fine
> > > > > > > > > > > and will be able to resolve domains properly."
> > > > > > > > > > >
> > > > > > > > > > > Are you able to ping the first DNS server IP address
> that
> > > you
> > > > > > > > commented
> > > > > > > > > > > out?
> > > > > > > > > > >
> > > > > > > > > > > Regards
> > > > > > > > > > > Vihar K
> > > > > > > > > > > On Jul 20, 2014 11:29 PM, "Santhosh Edukulla" <
> > > > > > > > > > > santhosh.edukulla@citrix.com>
> > > > > > > > > > > wrote:
> > > > > > > > > > >
> > > > > > > > > > > > Do a traceroute to an external domain say google.com
> > > from
> > > > > > guest
> > > > > > > > vm,
> > > > > > > > > as
> > > > > > > > > > > > you mentioned below, both by commenting out vr ip and
> > > not,
> > > > in
> > > > > > > > > > > > resolv.conf, you may see the difference.
> > > > > > > > > > > >
> > > > > > > > > > > > "Yes, if I remove or comment out the first nameserver
> > > entry
> > > > > for
> > > > > > > the
> > > > > > > > > > > > VR's IP, and only leaving 8.8.8.8 and 8.8.4.4, guest
> > VMs
> > > > will
> > > > > > be
> > > > > > > > > > > > running fine and will be able to resolve domains
> > > properly."
> > > > > > > > > > > >
> > > > > > > > > > > >
> > > > > > > > > > > > Santhosh
> > > > > > > > > > > > ________________________________________
> > > > > > > > > > > > From: Indra Pramana [indra@sg.or.id]
> > > > > > > > > > > > Sent: Sunday, July 20, 2014 1:48 PM
> > > > > > > > > > > > To: users@cloudstack.apache.org
> > > > > > > > > > > > Cc: dev@cloudstack.apache.org
> > > > > > > > > > > > Subject: Re: DNS service on VR not responding
> > > > > > > > > > > >
> > > > > > > > > > > > Hi Santhosh,
> > > > > > > > > > > >
> > > > > > > > > > > > Good day to you, and thank you for your email.
> > > > > > > > > > > >
> > > > > > > > > > > > Traceroute packets seems to be dropped, I think it's
> by
> > > > > > default.
> > > > > > > > See
> > > > > > > > > > > > result
> > > > > > > > > > > > below:
> > > > > > > > > > > >
> > > > > > > > > > > > # traceroute X.X.X.2
> > > > > > > > > > > > traceroute to X.X.X.2 (X.X.X.2), 30 hops max, 60 byte
> > > > packets
> > > > > > > > > > > > 1 * * *
> > > > > > > > > > > > 2 * * *
> > > > > > > > > > > > 3 * * *
> > > > > > > > > > > >
> > > > > > > > > > > > However, I am able to ping, and there is a response
> > when
> > > I
> > > > > > tried
> > > > > > > to
> > > > > > > > > > > > telnet to port 53.
> > > > > > > > > > > >
> > > > > > > > > > > > 64 bytes from X.X.X.2: icmp_req=4 ttl=64 time=2.00 ms
> > > > > > > > > > > > 64 bytes from X.X.X.2: icmp_req=5 ttl=64 time=0.291
> ms
> > > > > > > > > > > > 64 bytes from X.X.X.2: icmp_req=6 ttl=64 time=0.384
> ms
> > ^C
> > > > > > > > > > > > --- X.X.X.2 ping statistics ---
> > > > > > > > > > > > 6 packets transmitted, 6 received, 0% packet loss,
> time
> > > > > 4999ms
> > > > > > > rtt
> > > > > > > > > > > > min/avg/max/mdev = 0.270/0.603/2.006/0.628 ms
> > > > > > > > > > > >
> > > > > > > > > > > > # telnet X.X.X.2 53
> > > > > > > > > > > > Trying X.X.X.2...
> > > > > > > > > > > > Connected to X.X.X.2.
> > > > > > > > > > > > Escape character is '^]'.
> > > > > > > > > > > >
> > > > > > > > > > > > netstat -a on the VR shows the service is listening
> on
> > > > domain
> > > > > > > port
> > > > > > > > > > (53).
> > > > > > > > > > > >
> > > > > > > > > > > > tcp 0 0 r-2606-VM:domain *:*
> > > > > > > > > > > LISTEN
> > > > > > > > > > > >
> > > > > > > > > > > > tcp 0 0 X.X.X.2:domain *:*
> > > > > > > > LISTEN
> > > > > > > > > > > >
> > > > > > > > > > > > udp 156992 0 r-2606-VM:domain *:*
> > > > > > > > > > > >
> > > > > > > > > > > > udp 164032 0 X.X.X.2:domain *:*
> > > > > > > > > > > >
> > > > > > > > > > > > Can you advise if there's anything else I need to
> > check?
> > > > > > > > > > > >
> > > > > > > > > > > > Looking forward to your reply, thank you.
> > > > > > > > > > > >
> > > > > > > > > > > > Cheers.
> > > > > > > > > > > >
> > > > > > > > > > > >
> > > > > > > > > > > >
> > > > > > > > > > > >
> > > > > > > > > > > > On Mon, Jul 21, 2014 at 1:17 AM, Santhosh Edukulla <
> > > > > > > > > > > > santhosh.edukulla@citrix.com> wrote:
> > > > > > > > > > > >
> > > > > > > > > > > > > Run trace route from guest vms, the result will
> yield
> > > to
> > > > > the
> > > > > > > > point
> > > > > > > > > > > > > where packet drop is happening, could be a network
> > acl
> > > > rule
> > > > > > > > issue,
> > > > > > > > > > > > > but tracert command can lead to some answers.
> > > > > > > > > > > > >
> > > > > > > > > > > > > List running ports as well on VR, do a telnet to
> dns
> > > port
> > > > > on
> > > > > > > > router
> > > > > > > > > > > > > from guest vm to verify for its response.
> > > > > > > > > > > > >
> > > > > > > > > > > > > Santhosh
> > > > > > > > > > > > > ________________________________________
> > > > > > > > > > > > > From: Indra Pramana [indra@sg.or.id]
> > > > > > > > > > > > > Sent: Sunday, July 20, 2014 1:06 PM
> > > > > > > > > > > > > To: users@cloudstack.apache.org
> > > > > > > > > > > > > Cc: dev@cloudstack.apache.org
> > > > > > > > > > > > > Subject: Re: DNS service on VR not responding
> > > > > > > > > > > > >
> > > > > > > > > > > > > Hi Rafael,
> > > > > > > > > > > > >
> > > > > > > > > > > > > Good day to you, and thank you for your reply.
> > > > > > > > > > > > >
> > > > > > > > > > > > > Can't find anything wrong on dnsmasq.log /
> > daemon.log,
> > > > just
> > > > > > > some
> > > > > > > > > log
> > > > > > > > > > > > > entries related to DHCP, nothing on DNS. I masked
> the
> > > IP
> > > > > > > > addresses
> > > > > > > > > > > > > since they are public.
> > > > > > > > > > > > >
> > > > > > > > > > > > > ===
> > > > > > > > > > > > > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]:
> > > > DHCPDISCOVER(eth0)
> > > > > > > > X.X.X.X
> > > > > > > > > > > > > 06:62:a8:01:13:37
> > > > > > > > > > > > > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]:
> > > DHCPOFFER(eth0)
> > > > > > > X.X.X.X
> > > > > > > > > > > > > 06:62:a8:01:13:37
> > > > > > > > > > > > > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]:
> > > > DHCPREQUEST(eth0)
> > > > > > > > X.X.X.X
> > > > > > > > > > > > > 06:62:a8:01:13:37
> > > > > > > > > > > > > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]:
> > DHCPACK(eth0)
> > > > > > X.X.X.X
> > > > > > > > > > > > > 06:62:a8:01:13:37 yyyyyy
> > > > > > > > > > > > > Jul 20 16:23:53 r-2606-VM dnsmasq[3519]:
> > > DHCPINFORM(eth0)
> > > > > > > X.X.X.X
> > > > > > > > > > > > > 06:43:4a:01:12:65
> > > > > > > > > > > > > Jul 20 16:23:53 r-2606-VM dnsmasq[3519]:
> > DHCPACK(eth0)
> > > > > > X.X.X.X
> > > > > > > > > > > > > 06:43:4a:01:12:65 zzzzzz
> > > > > > > > > > > > > ===
> > > > > > > > > > > > >
> > > > > > > > > > > > > Yes, the guest VMs are having difficulties
> resolving
> > > > > domains
> > > > > > > into
> > > > > > > > > IP
> > > > > > > > > > > > > addresses because of the problem on the VR's DNS
> > > server.
> > > > > > > > > > > > >
> > > > > > > > > > > > > $ host www.google.com X.X.X.X (where X.X.X.X is
> the
> > IP
> > > > > > address
> > > > > > > > of
> > > > > > > > > > > > > the
> > > > > > > > > > > > VR)
> > > > > > > > > > > > > ;; connection timed out; no servers could be
> reached
> > > > > > > > > > > > >
> > > > > > > > > > > > > However, from within the VR, I am able to resolve
> > > domains
> > > > > > just
> > > > > > > > > fine.
> > > > > > > > > > > > >
> > > > > > > > > > > > > Any advise where can I start troubleshooting this?
> > > > > > > > > > > > >
> > > > > > > > > > > > > Looking forward to your reply, thank you.
> > > > > > > > > > > > >
> > > > > > > > > > > > > Cheers.
> > > > > > > > > > > > >
> > > > > > > > > > > > >
> > > > > > > > > > > > >
> > > > > > > > > > > > > On Sun, Jul 20, 2014 at 11:26 PM, Rafael
> Weingartner
> > <
> > > > > > > > > > > > > rafaelweingartner@gmail.com> wrote:
> > > > > > > > > > > > >
> > > > > > > > > > > > > > Have you taken a look at dnsmasq.log in the VR ?
> > > > > > > > > > > > > > What do you mean with not responding? The
> addresses
> > > are
> > > > > not
> > > > > > > > being
> > > > > > > > > > > > > resolved
> > > > > > > > > > > > > > to ip addresses?
> > > > > > > > > > > > > >
> > > > > > > > > > > > > >
> > > > > > > > > > > > > > On Sun, Jul 20, 2014 at 11:53 AM, Indra Pramana <
> > > > > > > > indra@sg.or.id>
> > > > > > > > > > > > wrote:
> > > > > > > > > > > > > >
> > > > > > > > > > > > > > > Dear all,
> > > > > > > > > > > > > > >
> > > > > > > > > > > > > > > All our guest VMs are having our virtual router
> > > > (VR)'s
> > > > > IP
> > > > > > > > > > > > > > > address on /etc/resolv.conf. In the past two
> > > weeks, I
> > > > > > just
> > > > > > > > > > > > > > > realised that the DNS service on the VR is not
> > > > working,
> > > > > > and
> > > > > > > > > > > > > > > doesn't respond to DNS queries
> > > > > > > > > > > > > from
> > > > > > > > > > > > > > > the DNS clients on the guest VM.
> > > > > > > > > > > > > > >
> > > > > > > > > > > > > > > I have tried to stop and start back the VR, but
> > the
> > > > > > problem
> > > > > > > > > > > persists.
> > > > > > > > > > > > > > >
> > > > > > > > > > > > > > > DHCP services seems to be running fine, only
> DNS
> > > > > services
> > > > > > > are
> > > > > > > > > > > > > > > not
> > > > > > > > > > > > > > working.
> > > > > > > > > > > > > > > From what I understand, both services are
> > provided
> > > by
> > > > > > > > dnsmasq,
> > > > > > > > > > > > correct?
> > > > > > > > > > > > > > >
> > > > > > > > > > > > > > > Any advice on how can I resolve the problem?
> > > > > > > > > > > > > > >
> > > > > > > > > > > > > > > Looking forward to your reply, thank you.
> > > > > > > > > > > > > > >
> > > > > > > > > > > > > > > Cheers.
> > > > > > > > > > > > > > >
> > > > > > > > > > > > > >
> > > > > > > > > > > > > >
> > > > > > > > > > > > > >
> > > > > > > > > > > > > > --
> > > > > > > > > > > > > > Rafael Weingärtner
> > > > > > > > > > > > > >
> > > > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
>
--
Rafael Weingärtner
Re: DNS service on VR not responding
Posted by Indra Pramana <in...@sg.or.id>.
Hi VIhar,
route -n result is quite straightforward. Since it's a shared and not
isolated network, the guest VM is on the same subnet as the VR. There are
two subnets (X.X.X.0/24 and X.X.Y.0/24) within the shared network. The VR
has two IPs on the interface, X.X.X.2 and X.X.Y.2. My guest VM having
X.X.Y.* IP will try to communicate to the VR using X.X.Y.2.
root@r-2606-VM:~# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
0.0.0.0 X.X.X.1 0.0.0.0 UG 0 0 0 eth0
X.X.X.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
X.X.Y.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
With regards to tcpdump that you suggested, can I have more details on how
to do? Do I need to perform the tcpdump from the guest VM or the VR?
Looking forward to your reply, thank you.
Cheers.
On Tue, Jul 22, 2014 at 11:44 AM, Vihar <vi...@gmail.com> wrote:
> Hi Indra
>
> Could you check the routing table from the guest VM ( route -n ) and I
> would also like you to take a tcpdump from VM to VR with port 53 to check
> if you are able to get the reply from the VM.
>
> Regards
> Vihar K
> On Jul 22, 2014 9:10 AM, "Indra Pramana" <in...@sg.or.id> wrote:
>
> > Hi Santhosh,
> >
> > Here it is:
> >
> > Supported ServicesDhcp, Dns, UserDataService CapabilitiesDhcp:
> > VirtualRouter, Dns: VirtualRouter, UserData: VirtualRouter
> > The zone has been running for quite some time, I created the zone almost
> a
> > year ago and there was no issues only until recently. So I don't think
> the
> > issue is due to the zone or service/network offering's default
> > configuration, since I didn't make any changes to the zone configuration.
> >
> > Any advice on what should I investigate next?
> >
> > Looking forward to your reply, thank you.
> >
> > Cheers.
> >
> >
> >
> > On Mon, Jul 21, 2014 at 11:53 PM, Santhosh Edukulla <
> > santhosh.edukulla@citrix.com> wrote:
> >
> > > While creating zone, you would have selected network offering, we can
> see
> > > the supported services for each network offering, available under
> Service
> > > Offerings->Select Network Offerings, some thing like below, so you may
> > want
> > > to check the network offering you associated to your datacenter and
> > > corresponding capabilities , below are the supported services for one
> of
> > > the shared network offering.
> > >
> > > Supported Services Dns, Dhcp, UserData
> > > Service Capabilities Dns: VirtualRouter, Dhcp: VirtualRouter,
> > UserData:
> > > VirtualRouter
> > >
> > > Santhosh
> > > ________________________________________
> > > From: Indra Pramana [indra@sg.or.id]
> > > Sent: Monday, July 21, 2014 10:37 AM
> > > To: users@cloudstack.apache.org
> > > Subject: Re: DNS service on VR not responding
> > >
> > > Hi Santhosh, Vihar,
> > >
> > > The network which this VR is responsible is a shared, not isolated
> > network.
> > > It seems there's no network offering being tagged to a shared network?
> > How
> > > do I know if the DNS service is being chosen or not?
> > >
> > > Looking forward to your reply, thank you.
> > >
> > > Cheers.
> > >
> > >
> > >
> > > On Mon, Jul 21, 2014 at 6:45 PM, Vihar <vi...@gmail.com> wrote:
> > >
> > > > Yes, not choosing DNS service from network offering may be one of the
> > > > reason it is not resolving the DNS queries.
> > > >
> > > > Regards
> > > > Vihar K
> > > > On Jul 21, 2014 4:09 PM, "Santhosh Edukulla" <
> > > santhosh.edukulla@citrix.com
> > > > >
> > > > wrote:
> > > >
> > > > > Below are points so far,
> > > > >
> > > > > Have we selected the dns under network offering? As well, can you
> > check
> > > > > whether your dns queries are reaching VR by enabling VR in
> > resolv.conf
> > > (
> > > > > guest vm ) and running trace route for some example domain?
> > > > >
> > > > > Santhosh
> > > > > ________________________________________
> > > > > From: Indra Pramana [indra@sg.or.id]
> > > > > Sent: Monday, July 21, 2014 6:33 AM
> > > > > To: users@cloudstack.apache.org
> > > > > Subject: Re: DNS service on VR not responding
> > > > >
> > > > > Hi Vihar,
> > > > >
> > > > > Have tried:
> > > > >
> > > > > - Restarting dnsmasq service
> > > > > - Stopping and starting the VR from CloudStack GUI.
> > > > >
> > > > > Problem still persists. :(
> > > > >
> > > > > Any other hints or suggestions?
> > > > >
> > > > > Looking forward to to your reply, thank you.
> > > > >
> > > > > Cheers.
> > > > >
> > > > >
> > > > >
> > > > > On Mon, Jul 21, 2014 at 6:19 PM, Vihar <vi...@gmail.com> wrote:
> > > > >
> > > > > > Hi Indra,
> > > > > >
> > > > > > Are you referring to /etc/resolv.conf on the VR itself or on the
> > > guest
> > > > > VM?
> > > > > > >> I was referring to the VR itself. I thought there was 3 IP
> > address
> > > > in
> > > > > VR
> > > > > > itself.
> > > > > >
> > > > > > Have you tried stopping and starting the VR if not can you give a
> > > try.
> > > > > >
> > > > > > Regards
> > > > > > Vihar K
> > > > > > On Jul 21, 2014 3:26 PM, "Indra Pramana" <in...@sg.or.id> wrote:
> > > > > >
> > > > > > > Hi Vihar,
> > > > > > >
> > > > > > > Are you referring to /etc/resolv.conf on the VR itself or on
> the
> > > > guest
> > > > > > VM?
> > > > > > >
> > > > > > > On the VR itself, there are only two entries on
> /etc/resolv.conf
> > > > > pointing
> > > > > > > to both Google public DNS servers.
> > > > > > >
> > > > > > > On the guest VM, there are 3 entries, one to the VR and two to
> > the
> > > > > Google
> > > > > > > public DNS servers. If I commented out both Google DNS servers
> > and
> > > > only
> > > > > > > leaving the VR IP there, I cannot resolve anything. If the VR
> IP
> > is
> > > > > > > commented out and leaving both Google DNS servers there, then I
> > can
> > > > > > > resolve. So the issue is confirmed due to DNS service on the
> VR.
> > > > > > >
> > > > > > > But I am not too sure why it doesn't respond even though the
> > > dnsmasq
> > > > > > > service is running.
> > > > > > >
> > > > > > > Thank you.
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > On Mon, Jul 21, 2014 at 1:00 PM, Vihar <vi...@gmail.com>
> > wrote:
> > > > > > >
> > > > > > > > Hi ,
> > > > > > > >
> > > > > > > > I would like you to comment second and third IP address I.e
> > > 4.2.2.2
> > > > > and
> > > > > > > > 8.8.8.8 and uncomment the first IP which is allocated to DNS
> > and
> > > > try
> > > > > to
> > > > > > > > resolve the internet. It might be resolving the queries from
> > > > external
> > > > > > DNS
> > > > > > > > server.
> > > > > > > >
> > > > > > > > If you are not able to resolve the names from VR, check if
> the
> > > DNS
> > > > > > > service
> > > > > > > > is running properly for the IP which act as a DNS server.
> > > > > > > >
> > > > > > > > Regards
> > > > > > > > Vihar
> > > > > > > > On Jul 21, 2014 10:19 AM, "Indra Pramana" <in...@sg.or.id>
> > > wrote:
> > > > > > > >
> > > > > > > > > Hi Sanjeev,
> > > > > > > > >
> > > > > > > > > Good day to you, and thank you for your reply.
> > > > > > > > >
> > > > > > > > > Yes, I can resolve domains without any issues from within
> the
> > > VR
> > > > > > > itself.
> > > > > > > > >
> > > > > > > > > root@r-2606-VM:/etc# ping yahoo.com
> > > > > > > > > PING yahoo.com (98.139.183.24): 56 data bytes
> > > > > > > > > 64 bytes from 98.139.183.24: icmp_seq=0 ttl=47
> time=250.473
> > ms
> > > > > > > > > 64 bytes from 98.139.183.24: icmp_seq=1 ttl=47
> time=239.240
> > ms
> > > > > > > > > 64 bytes from 98.139.183.24: icmp_seq=2 ttl=45
> time=247.605
> > ms
> > > > > > > > > 64 bytes from 98.139.183.24: icmp_seq=3 ttl=45
> time=244.913
> > ms
> > > > > > > > > ^C--- yahoo.com ping statistics ---
> > > > > > > > > 4 packets transmitted, 4 packets received, 0% packet loss
> > > > > > > > > round-trip min/avg/max/stddev =
> 239.240/245.558/250.473/4.144
> > > ms
> > > > > > > > >
> > > > > > > > > root@r-2606-VM:/etc# ping google.com
> > > > > > > > > PING google.com (74.125.68.102): 56 data bytes
> > > > > > > > > 64 bytes from 74.125.68.102: icmp_seq=0 ttl=52 time=1.353
> ms
> > > > > > > > > 64 bytes from 74.125.68.102: icmp_seq=1 ttl=52 time=1.199
> ms
> > > > > > > > > 64 bytes from 74.125.68.102: icmp_seq=2 ttl=52 time=1.268
> ms
> > > > > > > > > 64 bytes from 74.125.68.102: icmp_seq=3 ttl=52 time=1.287
> ms
> > > > > > > > > ^C--- google.com ping statistics ---
> > > > > > > > > 4 packets transmitted, 4 packets received, 0% packet loss
> > > > > > > > > round-trip min/avg/max/stddev = 1.199/1.277/1.353/0.055 ms
> > > > > > > > >
> > > > > > > > > The VR uses 8.8.8.8 and 8.8.4.4 to resolve domains.
> > > > > > > > >
> > > > > > > > > root@r-2606-VM:/etc# cat /etc/resolv.conf
> > > > > > > > > nameserver 8.8.8.8
> > > > > > > > > nameserver 8.8.4.4
> > > > > > > > >
> > > > > > > > > I can ping both name servers without any issues.
> > > > > > > > >
> > > > > > > > > root@r-2606-VM:/etc# ping 8.8.8.8
> > > > > > > > > PING 8.8.8.8 (8.8.8.8): 56 data bytes
> > > > > > > > > 64 bytes from 8.8.8.8: icmp_seq=0 ttl=52 time=4.693 ms
> > > > > > > > > 64 bytes from 8.8.8.8: icmp_seq=1 ttl=52 time=2.390 ms
> > > > > > > > > 64 bytes from 8.8.8.8: icmp_seq=2 ttl=52 time=2.523 ms
> > > > > > > > > 64 bytes from 8.8.8.8: icmp_seq=3 ttl=52 time=2.458 ms
> > > > > > > > > ^C--- 8.8.8.8 ping statistics ---
> > > > > > > > > 4 packets transmitted, 4 packets received, 0% packet loss
> > > > > > > > > round-trip min/avg/max/stddev = 2.390/3.016/4.693/0.969 ms
> > > > > > > > >
> > > > > > > > > root@r-2606-VM:/etc# ping 8.8.4.4
> > > > > > > > > PING 8.8.4.4 (8.8.4.4): 56 data bytes
> > > > > > > > > 64 bytes from 8.8.4.4: icmp_seq=0 ttl=52 time=2.649 ms
> > > > > > > > > 64 bytes from 8.8.4.4: icmp_seq=1 ttl=52 time=2.458 ms
> > > > > > > > > 64 bytes from 8.8.4.4: icmp_seq=2 ttl=52 time=2.436 ms
> > > > > > > > > 64 bytes from 8.8.4.4: icmp_seq=3 ttl=52 time=2.393 ms
> > > > > > > > > ^C--- 8.8.4.4 ping statistics ---
> > > > > > > > > 4 packets transmitted, 4 packets received, 0% packet loss
> > > > > > > > > round-trip min/avg/max/stddev = 2.393/2.484/2.649/0.098 ms
> > > > > > > > >
> > > > > > > > > Looking forward to your reply, thank you.
> > > > > > > > >
> > > > > > > > > Cheers.
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > On Mon, Jul 21, 2014 at 12:18 PM, Sanjeev Neelarapu <
> > > > > > > > > sanjeev.neelarapu@citrix.com> wrote:
> > > > > > > > >
> > > > > > > > > > Hi,
> > > > > > > > > >
> > > > > > > > > > Can you check if the VR is able to resolve the domain
> names
> > > by
> > > > > > > pinging
> > > > > > > > > > from VR ?
> > > > > > > > > >
> > > > > > > > > > -Sanjeev
> > > > > > > > > >
> > > > > > > > > > -----Original Message-----
> > > > > > > > > > From: Vihar [mailto:vih1310@gmail.com]
> > > > > > > > > > Sent: Monday, July 21, 2014 5:43 AM
> > > > > > > > > > To: users@cloudstack.apache.org
> > > > > > > > > > Cc: dev@cloudstack.apache.org
> > > > > > > > > > Subject: RE: DNS service on VR not responding
> > > > > > > > > >
> > > > > > > > > > Hi,
> > > > > > > > > >
> > > > > > > > > > Yes, if I remove or comment out the first nameserver
> entry
> > > for
> > > > > the
> > > > > > > VR's
> > > > > > > > > > IP, and only leaving 8.8.8.8 and 8.8.4.4, guest VMs will
> be
> > > > > running
> > > > > > > > fine
> > > > > > > > > > and will be able to resolve domains properly."
> > > > > > > > > >
> > > > > > > > > > Are you able to ping the first DNS server IP address that
> > you
> > > > > > > commented
> > > > > > > > > > out?
> > > > > > > > > >
> > > > > > > > > > Regards
> > > > > > > > > > Vihar K
> > > > > > > > > > On Jul 20, 2014 11:29 PM, "Santhosh Edukulla" <
> > > > > > > > > > santhosh.edukulla@citrix.com>
> > > > > > > > > > wrote:
> > > > > > > > > >
> > > > > > > > > > > Do a traceroute to an external domain say google.com
> > from
> > > > > guest
> > > > > > > vm,
> > > > > > > > as
> > > > > > > > > > > you mentioned below, both by commenting out vr ip and
> > not,
> > > in
> > > > > > > > > > > resolv.conf, you may see the difference.
> > > > > > > > > > >
> > > > > > > > > > > "Yes, if I remove or comment out the first nameserver
> > entry
> > > > for
> > > > > > the
> > > > > > > > > > > VR's IP, and only leaving 8.8.8.8 and 8.8.4.4, guest
> VMs
> > > will
> > > > > be
> > > > > > > > > > > running fine and will be able to resolve domains
> > properly."
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > > Santhosh
> > > > > > > > > > > ________________________________________
> > > > > > > > > > > From: Indra Pramana [indra@sg.or.id]
> > > > > > > > > > > Sent: Sunday, July 20, 2014 1:48 PM
> > > > > > > > > > > To: users@cloudstack.apache.org
> > > > > > > > > > > Cc: dev@cloudstack.apache.org
> > > > > > > > > > > Subject: Re: DNS service on VR not responding
> > > > > > > > > > >
> > > > > > > > > > > Hi Santhosh,
> > > > > > > > > > >
> > > > > > > > > > > Good day to you, and thank you for your email.
> > > > > > > > > > >
> > > > > > > > > > > Traceroute packets seems to be dropped, I think it's by
> > > > > default.
> > > > > > > See
> > > > > > > > > > > result
> > > > > > > > > > > below:
> > > > > > > > > > >
> > > > > > > > > > > # traceroute X.X.X.2
> > > > > > > > > > > traceroute to X.X.X.2 (X.X.X.2), 30 hops max, 60 byte
> > > packets
> > > > > > > > > > > 1 * * *
> > > > > > > > > > > 2 * * *
> > > > > > > > > > > 3 * * *
> > > > > > > > > > >
> > > > > > > > > > > However, I am able to ping, and there is a response
> when
> > I
> > > > > tried
> > > > > > to
> > > > > > > > > > > telnet to port 53.
> > > > > > > > > > >
> > > > > > > > > > > 64 bytes from X.X.X.2: icmp_req=4 ttl=64 time=2.00 ms
> > > > > > > > > > > 64 bytes from X.X.X.2: icmp_req=5 ttl=64 time=0.291 ms
> > > > > > > > > > > 64 bytes from X.X.X.2: icmp_req=6 ttl=64 time=0.384 ms
> ^C
> > > > > > > > > > > --- X.X.X.2 ping statistics ---
> > > > > > > > > > > 6 packets transmitted, 6 received, 0% packet loss, time
> > > > 4999ms
> > > > > > rtt
> > > > > > > > > > > min/avg/max/mdev = 0.270/0.603/2.006/0.628 ms
> > > > > > > > > > >
> > > > > > > > > > > # telnet X.X.X.2 53
> > > > > > > > > > > Trying X.X.X.2...
> > > > > > > > > > > Connected to X.X.X.2.
> > > > > > > > > > > Escape character is '^]'.
> > > > > > > > > > >
> > > > > > > > > > > netstat -a on the VR shows the service is listening on
> > > domain
> > > > > > port
> > > > > > > > > (53).
> > > > > > > > > > >
> > > > > > > > > > > tcp 0 0 r-2606-VM:domain *:*
> > > > > > > > > > LISTEN
> > > > > > > > > > >
> > > > > > > > > > > tcp 0 0 X.X.X.2:domain *:*
> > > > > > > LISTEN
> > > > > > > > > > >
> > > > > > > > > > > udp 156992 0 r-2606-VM:domain *:*
> > > > > > > > > > >
> > > > > > > > > > > udp 164032 0 X.X.X.2:domain *:*
> > > > > > > > > > >
> > > > > > > > > > > Can you advise if there's anything else I need to
> check?
> > > > > > > > > > >
> > > > > > > > > > > Looking forward to your reply, thank you.
> > > > > > > > > > >
> > > > > > > > > > > Cheers.
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > > On Mon, Jul 21, 2014 at 1:17 AM, Santhosh Edukulla <
> > > > > > > > > > > santhosh.edukulla@citrix.com> wrote:
> > > > > > > > > > >
> > > > > > > > > > > > Run trace route from guest vms, the result will yield
> > to
> > > > the
> > > > > > > point
> > > > > > > > > > > > where packet drop is happening, could be a network
> acl
> > > rule
> > > > > > > issue,
> > > > > > > > > > > > but tracert command can lead to some answers.
> > > > > > > > > > > >
> > > > > > > > > > > > List running ports as well on VR, do a telnet to dns
> > port
> > > > on
> > > > > > > router
> > > > > > > > > > > > from guest vm to verify for its response.
> > > > > > > > > > > >
> > > > > > > > > > > > Santhosh
> > > > > > > > > > > > ________________________________________
> > > > > > > > > > > > From: Indra Pramana [indra@sg.or.id]
> > > > > > > > > > > > Sent: Sunday, July 20, 2014 1:06 PM
> > > > > > > > > > > > To: users@cloudstack.apache.org
> > > > > > > > > > > > Cc: dev@cloudstack.apache.org
> > > > > > > > > > > > Subject: Re: DNS service on VR not responding
> > > > > > > > > > > >
> > > > > > > > > > > > Hi Rafael,
> > > > > > > > > > > >
> > > > > > > > > > > > Good day to you, and thank you for your reply.
> > > > > > > > > > > >
> > > > > > > > > > > > Can't find anything wrong on dnsmasq.log /
> daemon.log,
> > > just
> > > > > > some
> > > > > > > > log
> > > > > > > > > > > > entries related to DHCP, nothing on DNS. I masked the
> > IP
> > > > > > > addresses
> > > > > > > > > > > > since they are public.
> > > > > > > > > > > >
> > > > > > > > > > > > ===
> > > > > > > > > > > > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]:
> > > DHCPDISCOVER(eth0)
> > > > > > > X.X.X.X
> > > > > > > > > > > > 06:62:a8:01:13:37
> > > > > > > > > > > > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]:
> > DHCPOFFER(eth0)
> > > > > > X.X.X.X
> > > > > > > > > > > > 06:62:a8:01:13:37
> > > > > > > > > > > > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]:
> > > DHCPREQUEST(eth0)
> > > > > > > X.X.X.X
> > > > > > > > > > > > 06:62:a8:01:13:37
> > > > > > > > > > > > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]:
> DHCPACK(eth0)
> > > > > X.X.X.X
> > > > > > > > > > > > 06:62:a8:01:13:37 yyyyyy
> > > > > > > > > > > > Jul 20 16:23:53 r-2606-VM dnsmasq[3519]:
> > DHCPINFORM(eth0)
> > > > > > X.X.X.X
> > > > > > > > > > > > 06:43:4a:01:12:65
> > > > > > > > > > > > Jul 20 16:23:53 r-2606-VM dnsmasq[3519]:
> DHCPACK(eth0)
> > > > > X.X.X.X
> > > > > > > > > > > > 06:43:4a:01:12:65 zzzzzz
> > > > > > > > > > > > ===
> > > > > > > > > > > >
> > > > > > > > > > > > Yes, the guest VMs are having difficulties resolving
> > > > domains
> > > > > > into
> > > > > > > > IP
> > > > > > > > > > > > addresses because of the problem on the VR's DNS
> > server.
> > > > > > > > > > > >
> > > > > > > > > > > > $ host www.google.com X.X.X.X (where X.X.X.X is the
> IP
> > > > > address
> > > > > > > of
> > > > > > > > > > > > the
> > > > > > > > > > > VR)
> > > > > > > > > > > > ;; connection timed out; no servers could be reached
> > > > > > > > > > > >
> > > > > > > > > > > > However, from within the VR, I am able to resolve
> > domains
> > > > > just
> > > > > > > > fine.
> > > > > > > > > > > >
> > > > > > > > > > > > Any advise where can I start troubleshooting this?
> > > > > > > > > > > >
> > > > > > > > > > > > Looking forward to your reply, thank you.
> > > > > > > > > > > >
> > > > > > > > > > > > Cheers.
> > > > > > > > > > > >
> > > > > > > > > > > >
> > > > > > > > > > > >
> > > > > > > > > > > > On Sun, Jul 20, 2014 at 11:26 PM, Rafael Weingartner
> <
> > > > > > > > > > > > rafaelweingartner@gmail.com> wrote:
> > > > > > > > > > > >
> > > > > > > > > > > > > Have you taken a look at dnsmasq.log in the VR ?
> > > > > > > > > > > > > What do you mean with not responding? The addresses
> > are
> > > > not
> > > > > > > being
> > > > > > > > > > > > resolved
> > > > > > > > > > > > > to ip addresses?
> > > > > > > > > > > > >
> > > > > > > > > > > > >
> > > > > > > > > > > > > On Sun, Jul 20, 2014 at 11:53 AM, Indra Pramana <
> > > > > > > indra@sg.or.id>
> > > > > > > > > > > wrote:
> > > > > > > > > > > > >
> > > > > > > > > > > > > > Dear all,
> > > > > > > > > > > > > >
> > > > > > > > > > > > > > All our guest VMs are having our virtual router
> > > (VR)'s
> > > > IP
> > > > > > > > > > > > > > address on /etc/resolv.conf. In the past two
> > weeks, I
> > > > > just
> > > > > > > > > > > > > > realised that the DNS service on the VR is not
> > > working,
> > > > > and
> > > > > > > > > > > > > > doesn't respond to DNS queries
> > > > > > > > > > > > from
> > > > > > > > > > > > > > the DNS clients on the guest VM.
> > > > > > > > > > > > > >
> > > > > > > > > > > > > > I have tried to stop and start back the VR, but
> the
> > > > > problem
> > > > > > > > > > persists.
> > > > > > > > > > > > > >
> > > > > > > > > > > > > > DHCP services seems to be running fine, only DNS
> > > > services
> > > > > > are
> > > > > > > > > > > > > > not
> > > > > > > > > > > > > working.
> > > > > > > > > > > > > > From what I understand, both services are
> provided
> > by
> > > > > > > dnsmasq,
> > > > > > > > > > > correct?
> > > > > > > > > > > > > >
> > > > > > > > > > > > > > Any advice on how can I resolve the problem?
> > > > > > > > > > > > > >
> > > > > > > > > > > > > > Looking forward to your reply, thank you.
> > > > > > > > > > > > > >
> > > > > > > > > > > > > > Cheers.
> > > > > > > > > > > > > >
> > > > > > > > > > > > >
> > > > > > > > > > > > >
> > > > > > > > > > > > >
> > > > > > > > > > > > > --
> > > > > > > > > > > > > Rafael Weingärtner
> > > > > > > > > > > > >
> > > > > > > > > > > >
> > > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
>
Re: DNS service on VR not responding
Posted by Vihar <vi...@gmail.com>.
Hi Indra
Could you check the routing table from the guest VM ( route -n ) and I
would also like you to take a tcpdump from VM to VR with port 53 to check
if you are able to get the reply from the VM.
Regards
Vihar K
On Jul 22, 2014 9:10 AM, "Indra Pramana" <in...@sg.or.id> wrote:
> Hi Santhosh,
>
> Here it is:
>
> Supported ServicesDhcp, Dns, UserDataService CapabilitiesDhcp:
> VirtualRouter, Dns: VirtualRouter, UserData: VirtualRouter
> The zone has been running for quite some time, I created the zone almost a
> year ago and there was no issues only until recently. So I don't think the
> issue is due to the zone or service/network offering's default
> configuration, since I didn't make any changes to the zone configuration.
>
> Any advice on what should I investigate next?
>
> Looking forward to your reply, thank you.
>
> Cheers.
>
>
>
> On Mon, Jul 21, 2014 at 11:53 PM, Santhosh Edukulla <
> santhosh.edukulla@citrix.com> wrote:
>
> > While creating zone, you would have selected network offering, we can see
> > the supported services for each network offering, available under Service
> > Offerings->Select Network Offerings, some thing like below, so you may
> want
> > to check the network offering you associated to your datacenter and
> > corresponding capabilities , below are the supported services for one of
> > the shared network offering.
> >
> > Supported Services Dns, Dhcp, UserData
> > Service Capabilities Dns: VirtualRouter, Dhcp: VirtualRouter,
> UserData:
> > VirtualRouter
> >
> > Santhosh
> > ________________________________________
> > From: Indra Pramana [indra@sg.or.id]
> > Sent: Monday, July 21, 2014 10:37 AM
> > To: users@cloudstack.apache.org
> > Subject: Re: DNS service on VR not responding
> >
> > Hi Santhosh, Vihar,
> >
> > The network which this VR is responsible is a shared, not isolated
> network.
> > It seems there's no network offering being tagged to a shared network?
> How
> > do I know if the DNS service is being chosen or not?
> >
> > Looking forward to your reply, thank you.
> >
> > Cheers.
> >
> >
> >
> > On Mon, Jul 21, 2014 at 6:45 PM, Vihar <vi...@gmail.com> wrote:
> >
> > > Yes, not choosing DNS service from network offering may be one of the
> > > reason it is not resolving the DNS queries.
> > >
> > > Regards
> > > Vihar K
> > > On Jul 21, 2014 4:09 PM, "Santhosh Edukulla" <
> > santhosh.edukulla@citrix.com
> > > >
> > > wrote:
> > >
> > > > Below are points so far,
> > > >
> > > > Have we selected the dns under network offering? As well, can you
> check
> > > > whether your dns queries are reaching VR by enabling VR in
> resolv.conf
> > (
> > > > guest vm ) and running trace route for some example domain?
> > > >
> > > > Santhosh
> > > > ________________________________________
> > > > From: Indra Pramana [indra@sg.or.id]
> > > > Sent: Monday, July 21, 2014 6:33 AM
> > > > To: users@cloudstack.apache.org
> > > > Subject: Re: DNS service on VR not responding
> > > >
> > > > Hi Vihar,
> > > >
> > > > Have tried:
> > > >
> > > > - Restarting dnsmasq service
> > > > - Stopping and starting the VR from CloudStack GUI.
> > > >
> > > > Problem still persists. :(
> > > >
> > > > Any other hints or suggestions?
> > > >
> > > > Looking forward to to your reply, thank you.
> > > >
> > > > Cheers.
> > > >
> > > >
> > > >
> > > > On Mon, Jul 21, 2014 at 6:19 PM, Vihar <vi...@gmail.com> wrote:
> > > >
> > > > > Hi Indra,
> > > > >
> > > > > Are you referring to /etc/resolv.conf on the VR itself or on the
> > guest
> > > > VM?
> > > > > >> I was referring to the VR itself. I thought there was 3 IP
> address
> > > in
> > > > VR
> > > > > itself.
> > > > >
> > > > > Have you tried stopping and starting the VR if not can you give a
> > try.
> > > > >
> > > > > Regards
> > > > > Vihar K
> > > > > On Jul 21, 2014 3:26 PM, "Indra Pramana" <in...@sg.or.id> wrote:
> > > > >
> > > > > > Hi Vihar,
> > > > > >
> > > > > > Are you referring to /etc/resolv.conf on the VR itself or on the
> > > guest
> > > > > VM?
> > > > > >
> > > > > > On the VR itself, there are only two entries on /etc/resolv.conf
> > > > pointing
> > > > > > to both Google public DNS servers.
> > > > > >
> > > > > > On the guest VM, there are 3 entries, one to the VR and two to
> the
> > > > Google
> > > > > > public DNS servers. If I commented out both Google DNS servers
> and
> > > only
> > > > > > leaving the VR IP there, I cannot resolve anything. If the VR IP
> is
> > > > > > commented out and leaving both Google DNS servers there, then I
> can
> > > > > > resolve. So the issue is confirmed due to DNS service on the VR.
> > > > > >
> > > > > > But I am not too sure why it doesn't respond even though the
> > dnsmasq
> > > > > > service is running.
> > > > > >
> > > > > > Thank you.
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > On Mon, Jul 21, 2014 at 1:00 PM, Vihar <vi...@gmail.com>
> wrote:
> > > > > >
> > > > > > > Hi ,
> > > > > > >
> > > > > > > I would like you to comment second and third IP address I.e
> > 4.2.2.2
> > > > and
> > > > > > > 8.8.8.8 and uncomment the first IP which is allocated to DNS
> and
> > > try
> > > > to
> > > > > > > resolve the internet. It might be resolving the queries from
> > > external
> > > > > DNS
> > > > > > > server.
> > > > > > >
> > > > > > > If you are not able to resolve the names from VR, check if the
> > DNS
> > > > > > service
> > > > > > > is running properly for the IP which act as a DNS server.
> > > > > > >
> > > > > > > Regards
> > > > > > > Vihar
> > > > > > > On Jul 21, 2014 10:19 AM, "Indra Pramana" <in...@sg.or.id>
> > wrote:
> > > > > > >
> > > > > > > > Hi Sanjeev,
> > > > > > > >
> > > > > > > > Good day to you, and thank you for your reply.
> > > > > > > >
> > > > > > > > Yes, I can resolve domains without any issues from within the
> > VR
> > > > > > itself.
> > > > > > > >
> > > > > > > > root@r-2606-VM:/etc# ping yahoo.com
> > > > > > > > PING yahoo.com (98.139.183.24): 56 data bytes
> > > > > > > > 64 bytes from 98.139.183.24: icmp_seq=0 ttl=47 time=250.473
> ms
> > > > > > > > 64 bytes from 98.139.183.24: icmp_seq=1 ttl=47 time=239.240
> ms
> > > > > > > > 64 bytes from 98.139.183.24: icmp_seq=2 ttl=45 time=247.605
> ms
> > > > > > > > 64 bytes from 98.139.183.24: icmp_seq=3 ttl=45 time=244.913
> ms
> > > > > > > > ^C--- yahoo.com ping statistics ---
> > > > > > > > 4 packets transmitted, 4 packets received, 0% packet loss
> > > > > > > > round-trip min/avg/max/stddev = 239.240/245.558/250.473/4.144
> > ms
> > > > > > > >
> > > > > > > > root@r-2606-VM:/etc# ping google.com
> > > > > > > > PING google.com (74.125.68.102): 56 data bytes
> > > > > > > > 64 bytes from 74.125.68.102: icmp_seq=0 ttl=52 time=1.353 ms
> > > > > > > > 64 bytes from 74.125.68.102: icmp_seq=1 ttl=52 time=1.199 ms
> > > > > > > > 64 bytes from 74.125.68.102: icmp_seq=2 ttl=52 time=1.268 ms
> > > > > > > > 64 bytes from 74.125.68.102: icmp_seq=3 ttl=52 time=1.287 ms
> > > > > > > > ^C--- google.com ping statistics ---
> > > > > > > > 4 packets transmitted, 4 packets received, 0% packet loss
> > > > > > > > round-trip min/avg/max/stddev = 1.199/1.277/1.353/0.055 ms
> > > > > > > >
> > > > > > > > The VR uses 8.8.8.8 and 8.8.4.4 to resolve domains.
> > > > > > > >
> > > > > > > > root@r-2606-VM:/etc# cat /etc/resolv.conf
> > > > > > > > nameserver 8.8.8.8
> > > > > > > > nameserver 8.8.4.4
> > > > > > > >
> > > > > > > > I can ping both name servers without any issues.
> > > > > > > >
> > > > > > > > root@r-2606-VM:/etc# ping 8.8.8.8
> > > > > > > > PING 8.8.8.8 (8.8.8.8): 56 data bytes
> > > > > > > > 64 bytes from 8.8.8.8: icmp_seq=0 ttl=52 time=4.693 ms
> > > > > > > > 64 bytes from 8.8.8.8: icmp_seq=1 ttl=52 time=2.390 ms
> > > > > > > > 64 bytes from 8.8.8.8: icmp_seq=2 ttl=52 time=2.523 ms
> > > > > > > > 64 bytes from 8.8.8.8: icmp_seq=3 ttl=52 time=2.458 ms
> > > > > > > > ^C--- 8.8.8.8 ping statistics ---
> > > > > > > > 4 packets transmitted, 4 packets received, 0% packet loss
> > > > > > > > round-trip min/avg/max/stddev = 2.390/3.016/4.693/0.969 ms
> > > > > > > >
> > > > > > > > root@r-2606-VM:/etc# ping 8.8.4.4
> > > > > > > > PING 8.8.4.4 (8.8.4.4): 56 data bytes
> > > > > > > > 64 bytes from 8.8.4.4: icmp_seq=0 ttl=52 time=2.649 ms
> > > > > > > > 64 bytes from 8.8.4.4: icmp_seq=1 ttl=52 time=2.458 ms
> > > > > > > > 64 bytes from 8.8.4.4: icmp_seq=2 ttl=52 time=2.436 ms
> > > > > > > > 64 bytes from 8.8.4.4: icmp_seq=3 ttl=52 time=2.393 ms
> > > > > > > > ^C--- 8.8.4.4 ping statistics ---
> > > > > > > > 4 packets transmitted, 4 packets received, 0% packet loss
> > > > > > > > round-trip min/avg/max/stddev = 2.393/2.484/2.649/0.098 ms
> > > > > > > >
> > > > > > > > Looking forward to your reply, thank you.
> > > > > > > >
> > > > > > > > Cheers.
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > On Mon, Jul 21, 2014 at 12:18 PM, Sanjeev Neelarapu <
> > > > > > > > sanjeev.neelarapu@citrix.com> wrote:
> > > > > > > >
> > > > > > > > > Hi,
> > > > > > > > >
> > > > > > > > > Can you check if the VR is able to resolve the domain names
> > by
> > > > > > pinging
> > > > > > > > > from VR ?
> > > > > > > > >
> > > > > > > > > -Sanjeev
> > > > > > > > >
> > > > > > > > > -----Original Message-----
> > > > > > > > > From: Vihar [mailto:vih1310@gmail.com]
> > > > > > > > > Sent: Monday, July 21, 2014 5:43 AM
> > > > > > > > > To: users@cloudstack.apache.org
> > > > > > > > > Cc: dev@cloudstack.apache.org
> > > > > > > > > Subject: RE: DNS service on VR not responding
> > > > > > > > >
> > > > > > > > > Hi,
> > > > > > > > >
> > > > > > > > > Yes, if I remove or comment out the first nameserver entry
> > for
> > > > the
> > > > > > VR's
> > > > > > > > > IP, and only leaving 8.8.8.8 and 8.8.4.4, guest VMs will be
> > > > running
> > > > > > > fine
> > > > > > > > > and will be able to resolve domains properly."
> > > > > > > > >
> > > > > > > > > Are you able to ping the first DNS server IP address that
> you
> > > > > > commented
> > > > > > > > > out?
> > > > > > > > >
> > > > > > > > > Regards
> > > > > > > > > Vihar K
> > > > > > > > > On Jul 20, 2014 11:29 PM, "Santhosh Edukulla" <
> > > > > > > > > santhosh.edukulla@citrix.com>
> > > > > > > > > wrote:
> > > > > > > > >
> > > > > > > > > > Do a traceroute to an external domain say google.com
> from
> > > > guest
> > > > > > vm,
> > > > > > > as
> > > > > > > > > > you mentioned below, both by commenting out vr ip and
> not,
> > in
> > > > > > > > > > resolv.conf, you may see the difference.
> > > > > > > > > >
> > > > > > > > > > "Yes, if I remove or comment out the first nameserver
> entry
> > > for
> > > > > the
> > > > > > > > > > VR's IP, and only leaving 8.8.8.8 and 8.8.4.4, guest VMs
> > will
> > > > be
> > > > > > > > > > running fine and will be able to resolve domains
> properly."
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > > Santhosh
> > > > > > > > > > ________________________________________
> > > > > > > > > > From: Indra Pramana [indra@sg.or.id]
> > > > > > > > > > Sent: Sunday, July 20, 2014 1:48 PM
> > > > > > > > > > To: users@cloudstack.apache.org
> > > > > > > > > > Cc: dev@cloudstack.apache.org
> > > > > > > > > > Subject: Re: DNS service on VR not responding
> > > > > > > > > >
> > > > > > > > > > Hi Santhosh,
> > > > > > > > > >
> > > > > > > > > > Good day to you, and thank you for your email.
> > > > > > > > > >
> > > > > > > > > > Traceroute packets seems to be dropped, I think it's by
> > > > default.
> > > > > > See
> > > > > > > > > > result
> > > > > > > > > > below:
> > > > > > > > > >
> > > > > > > > > > # traceroute X.X.X.2
> > > > > > > > > > traceroute to X.X.X.2 (X.X.X.2), 30 hops max, 60 byte
> > packets
> > > > > > > > > > 1 * * *
> > > > > > > > > > 2 * * *
> > > > > > > > > > 3 * * *
> > > > > > > > > >
> > > > > > > > > > However, I am able to ping, and there is a response when
> I
> > > > tried
> > > > > to
> > > > > > > > > > telnet to port 53.
> > > > > > > > > >
> > > > > > > > > > 64 bytes from X.X.X.2: icmp_req=4 ttl=64 time=2.00 ms
> > > > > > > > > > 64 bytes from X.X.X.2: icmp_req=5 ttl=64 time=0.291 ms
> > > > > > > > > > 64 bytes from X.X.X.2: icmp_req=6 ttl=64 time=0.384 ms ^C
> > > > > > > > > > --- X.X.X.2 ping statistics ---
> > > > > > > > > > 6 packets transmitted, 6 received, 0% packet loss, time
> > > 4999ms
> > > > > rtt
> > > > > > > > > > min/avg/max/mdev = 0.270/0.603/2.006/0.628 ms
> > > > > > > > > >
> > > > > > > > > > # telnet X.X.X.2 53
> > > > > > > > > > Trying X.X.X.2...
> > > > > > > > > > Connected to X.X.X.2.
> > > > > > > > > > Escape character is '^]'.
> > > > > > > > > >
> > > > > > > > > > netstat -a on the VR shows the service is listening on
> > domain
> > > > > port
> > > > > > > > (53).
> > > > > > > > > >
> > > > > > > > > > tcp 0 0 r-2606-VM:domain *:*
> > > > > > > > > LISTEN
> > > > > > > > > >
> > > > > > > > > > tcp 0 0 X.X.X.2:domain *:*
> > > > > > LISTEN
> > > > > > > > > >
> > > > > > > > > > udp 156992 0 r-2606-VM:domain *:*
> > > > > > > > > >
> > > > > > > > > > udp 164032 0 X.X.X.2:domain *:*
> > > > > > > > > >
> > > > > > > > > > Can you advise if there's anything else I need to check?
> > > > > > > > > >
> > > > > > > > > > Looking forward to your reply, thank you.
> > > > > > > > > >
> > > > > > > > > > Cheers.
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > > On Mon, Jul 21, 2014 at 1:17 AM, Santhosh Edukulla <
> > > > > > > > > > santhosh.edukulla@citrix.com> wrote:
> > > > > > > > > >
> > > > > > > > > > > Run trace route from guest vms, the result will yield
> to
> > > the
> > > > > > point
> > > > > > > > > > > where packet drop is happening, could be a network acl
> > rule
> > > > > > issue,
> > > > > > > > > > > but tracert command can lead to some answers.
> > > > > > > > > > >
> > > > > > > > > > > List running ports as well on VR, do a telnet to dns
> port
> > > on
> > > > > > router
> > > > > > > > > > > from guest vm to verify for its response.
> > > > > > > > > > >
> > > > > > > > > > > Santhosh
> > > > > > > > > > > ________________________________________
> > > > > > > > > > > From: Indra Pramana [indra@sg.or.id]
> > > > > > > > > > > Sent: Sunday, July 20, 2014 1:06 PM
> > > > > > > > > > > To: users@cloudstack.apache.org
> > > > > > > > > > > Cc: dev@cloudstack.apache.org
> > > > > > > > > > > Subject: Re: DNS service on VR not responding
> > > > > > > > > > >
> > > > > > > > > > > Hi Rafael,
> > > > > > > > > > >
> > > > > > > > > > > Good day to you, and thank you for your reply.
> > > > > > > > > > >
> > > > > > > > > > > Can't find anything wrong on dnsmasq.log / daemon.log,
> > just
> > > > > some
> > > > > > > log
> > > > > > > > > > > entries related to DHCP, nothing on DNS. I masked the
> IP
> > > > > > addresses
> > > > > > > > > > > since they are public.
> > > > > > > > > > >
> > > > > > > > > > > ===
> > > > > > > > > > > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]:
> > DHCPDISCOVER(eth0)
> > > > > > X.X.X.X
> > > > > > > > > > > 06:62:a8:01:13:37
> > > > > > > > > > > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]:
> DHCPOFFER(eth0)
> > > > > X.X.X.X
> > > > > > > > > > > 06:62:a8:01:13:37
> > > > > > > > > > > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]:
> > DHCPREQUEST(eth0)
> > > > > > X.X.X.X
> > > > > > > > > > > 06:62:a8:01:13:37
> > > > > > > > > > > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPACK(eth0)
> > > > X.X.X.X
> > > > > > > > > > > 06:62:a8:01:13:37 yyyyyy
> > > > > > > > > > > Jul 20 16:23:53 r-2606-VM dnsmasq[3519]:
> DHCPINFORM(eth0)
> > > > > X.X.X.X
> > > > > > > > > > > 06:43:4a:01:12:65
> > > > > > > > > > > Jul 20 16:23:53 r-2606-VM dnsmasq[3519]: DHCPACK(eth0)
> > > > X.X.X.X
> > > > > > > > > > > 06:43:4a:01:12:65 zzzzzz
> > > > > > > > > > > ===
> > > > > > > > > > >
> > > > > > > > > > > Yes, the guest VMs are having difficulties resolving
> > > domains
> > > > > into
> > > > > > > IP
> > > > > > > > > > > addresses because of the problem on the VR's DNS
> server.
> > > > > > > > > > >
> > > > > > > > > > > $ host www.google.com X.X.X.X (where X.X.X.X is the IP
> > > > address
> > > > > > of
> > > > > > > > > > > the
> > > > > > > > > > VR)
> > > > > > > > > > > ;; connection timed out; no servers could be reached
> > > > > > > > > > >
> > > > > > > > > > > However, from within the VR, I am able to resolve
> domains
> > > > just
> > > > > > > fine.
> > > > > > > > > > >
> > > > > > > > > > > Any advise where can I start troubleshooting this?
> > > > > > > > > > >
> > > > > > > > > > > Looking forward to your reply, thank you.
> > > > > > > > > > >
> > > > > > > > > > > Cheers.
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > > On Sun, Jul 20, 2014 at 11:26 PM, Rafael Weingartner <
> > > > > > > > > > > rafaelweingartner@gmail.com> wrote:
> > > > > > > > > > >
> > > > > > > > > > > > Have you taken a look at dnsmasq.log in the VR ?
> > > > > > > > > > > > What do you mean with not responding? The addresses
> are
> > > not
> > > > > > being
> > > > > > > > > > > resolved
> > > > > > > > > > > > to ip addresses?
> > > > > > > > > > > >
> > > > > > > > > > > >
> > > > > > > > > > > > On Sun, Jul 20, 2014 at 11:53 AM, Indra Pramana <
> > > > > > indra@sg.or.id>
> > > > > > > > > > wrote:
> > > > > > > > > > > >
> > > > > > > > > > > > > Dear all,
> > > > > > > > > > > > >
> > > > > > > > > > > > > All our guest VMs are having our virtual router
> > (VR)'s
> > > IP
> > > > > > > > > > > > > address on /etc/resolv.conf. In the past two
> weeks, I
> > > > just
> > > > > > > > > > > > > realised that the DNS service on the VR is not
> > working,
> > > > and
> > > > > > > > > > > > > doesn't respond to DNS queries
> > > > > > > > > > > from
> > > > > > > > > > > > > the DNS clients on the guest VM.
> > > > > > > > > > > > >
> > > > > > > > > > > > > I have tried to stop and start back the VR, but the
> > > > problem
> > > > > > > > > persists.
> > > > > > > > > > > > >
> > > > > > > > > > > > > DHCP services seems to be running fine, only DNS
> > > services
> > > > > are
> > > > > > > > > > > > > not
> > > > > > > > > > > > working.
> > > > > > > > > > > > > From what I understand, both services are provided
> by
> > > > > > dnsmasq,
> > > > > > > > > > correct?
> > > > > > > > > > > > >
> > > > > > > > > > > > > Any advice on how can I resolve the problem?
> > > > > > > > > > > > >
> > > > > > > > > > > > > Looking forward to your reply, thank you.
> > > > > > > > > > > > >
> > > > > > > > > > > > > Cheers.
> > > > > > > > > > > > >
> > > > > > > > > > > >
> > > > > > > > > > > >
> > > > > > > > > > > >
> > > > > > > > > > > > --
> > > > > > > > > > > > Rafael Weingärtner
> > > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
>
Re: DNS service on VR not responding
Posted by Indra Pramana <in...@sg.or.id>.
Hi Santhosh,
Here it is:
Supported ServicesDhcp, Dns, UserDataService CapabilitiesDhcp:
VirtualRouter, Dns: VirtualRouter, UserData: VirtualRouter
The zone has been running for quite some time, I created the zone almost a
year ago and there was no issues only until recently. So I don't think the
issue is due to the zone or service/network offering's default
configuration, since I didn't make any changes to the zone configuration.
Any advice on what should I investigate next?
Looking forward to your reply, thank you.
Cheers.
On Mon, Jul 21, 2014 at 11:53 PM, Santhosh Edukulla <
santhosh.edukulla@citrix.com> wrote:
> While creating zone, you would have selected network offering, we can see
> the supported services for each network offering, available under Service
> Offerings->Select Network Offerings, some thing like below, so you may want
> to check the network offering you associated to your datacenter and
> corresponding capabilities , below are the supported services for one of
> the shared network offering.
>
> Supported Services Dns, Dhcp, UserData
> Service Capabilities Dns: VirtualRouter, Dhcp: VirtualRouter, UserData:
> VirtualRouter
>
> Santhosh
> ________________________________________
> From: Indra Pramana [indra@sg.or.id]
> Sent: Monday, July 21, 2014 10:37 AM
> To: users@cloudstack.apache.org
> Subject: Re: DNS service on VR not responding
>
> Hi Santhosh, Vihar,
>
> The network which this VR is responsible is a shared, not isolated network.
> It seems there's no network offering being tagged to a shared network? How
> do I know if the DNS service is being chosen or not?
>
> Looking forward to your reply, thank you.
>
> Cheers.
>
>
>
> On Mon, Jul 21, 2014 at 6:45 PM, Vihar <vi...@gmail.com> wrote:
>
> > Yes, not choosing DNS service from network offering may be one of the
> > reason it is not resolving the DNS queries.
> >
> > Regards
> > Vihar K
> > On Jul 21, 2014 4:09 PM, "Santhosh Edukulla" <
> santhosh.edukulla@citrix.com
> > >
> > wrote:
> >
> > > Below are points so far,
> > >
> > > Have we selected the dns under network offering? As well, can you check
> > > whether your dns queries are reaching VR by enabling VR in resolv.conf
> (
> > > guest vm ) and running trace route for some example domain?
> > >
> > > Santhosh
> > > ________________________________________
> > > From: Indra Pramana [indra@sg.or.id]
> > > Sent: Monday, July 21, 2014 6:33 AM
> > > To: users@cloudstack.apache.org
> > > Subject: Re: DNS service on VR not responding
> > >
> > > Hi Vihar,
> > >
> > > Have tried:
> > >
> > > - Restarting dnsmasq service
> > > - Stopping and starting the VR from CloudStack GUI.
> > >
> > > Problem still persists. :(
> > >
> > > Any other hints or suggestions?
> > >
> > > Looking forward to to your reply, thank you.
> > >
> > > Cheers.
> > >
> > >
> > >
> > > On Mon, Jul 21, 2014 at 6:19 PM, Vihar <vi...@gmail.com> wrote:
> > >
> > > > Hi Indra,
> > > >
> > > > Are you referring to /etc/resolv.conf on the VR itself or on the
> guest
> > > VM?
> > > > >> I was referring to the VR itself. I thought there was 3 IP address
> > in
> > > VR
> > > > itself.
> > > >
> > > > Have you tried stopping and starting the VR if not can you give a
> try.
> > > >
> > > > Regards
> > > > Vihar K
> > > > On Jul 21, 2014 3:26 PM, "Indra Pramana" <in...@sg.or.id> wrote:
> > > >
> > > > > Hi Vihar,
> > > > >
> > > > > Are you referring to /etc/resolv.conf on the VR itself or on the
> > guest
> > > > VM?
> > > > >
> > > > > On the VR itself, there are only two entries on /etc/resolv.conf
> > > pointing
> > > > > to both Google public DNS servers.
> > > > >
> > > > > On the guest VM, there are 3 entries, one to the VR and two to the
> > > Google
> > > > > public DNS servers. If I commented out both Google DNS servers and
> > only
> > > > > leaving the VR IP there, I cannot resolve anything. If the VR IP is
> > > > > commented out and leaving both Google DNS servers there, then I can
> > > > > resolve. So the issue is confirmed due to DNS service on the VR.
> > > > >
> > > > > But I am not too sure why it doesn't respond even though the
> dnsmasq
> > > > > service is running.
> > > > >
> > > > > Thank you.
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > On Mon, Jul 21, 2014 at 1:00 PM, Vihar <vi...@gmail.com> wrote:
> > > > >
> > > > > > Hi ,
> > > > > >
> > > > > > I would like you to comment second and third IP address I.e
> 4.2.2.2
> > > and
> > > > > > 8.8.8.8 and uncomment the first IP which is allocated to DNS and
> > try
> > > to
> > > > > > resolve the internet. It might be resolving the queries from
> > external
> > > > DNS
> > > > > > server.
> > > > > >
> > > > > > If you are not able to resolve the names from VR, check if the
> DNS
> > > > > service
> > > > > > is running properly for the IP which act as a DNS server.
> > > > > >
> > > > > > Regards
> > > > > > Vihar
> > > > > > On Jul 21, 2014 10:19 AM, "Indra Pramana" <in...@sg.or.id>
> wrote:
> > > > > >
> > > > > > > Hi Sanjeev,
> > > > > > >
> > > > > > > Good day to you, and thank you for your reply.
> > > > > > >
> > > > > > > Yes, I can resolve domains without any issues from within the
> VR
> > > > > itself.
> > > > > > >
> > > > > > > root@r-2606-VM:/etc# ping yahoo.com
> > > > > > > PING yahoo.com (98.139.183.24): 56 data bytes
> > > > > > > 64 bytes from 98.139.183.24: icmp_seq=0 ttl=47 time=250.473 ms
> > > > > > > 64 bytes from 98.139.183.24: icmp_seq=1 ttl=47 time=239.240 ms
> > > > > > > 64 bytes from 98.139.183.24: icmp_seq=2 ttl=45 time=247.605 ms
> > > > > > > 64 bytes from 98.139.183.24: icmp_seq=3 ttl=45 time=244.913 ms
> > > > > > > ^C--- yahoo.com ping statistics ---
> > > > > > > 4 packets transmitted, 4 packets received, 0% packet loss
> > > > > > > round-trip min/avg/max/stddev = 239.240/245.558/250.473/4.144
> ms
> > > > > > >
> > > > > > > root@r-2606-VM:/etc# ping google.com
> > > > > > > PING google.com (74.125.68.102): 56 data bytes
> > > > > > > 64 bytes from 74.125.68.102: icmp_seq=0 ttl=52 time=1.353 ms
> > > > > > > 64 bytes from 74.125.68.102: icmp_seq=1 ttl=52 time=1.199 ms
> > > > > > > 64 bytes from 74.125.68.102: icmp_seq=2 ttl=52 time=1.268 ms
> > > > > > > 64 bytes from 74.125.68.102: icmp_seq=3 ttl=52 time=1.287 ms
> > > > > > > ^C--- google.com ping statistics ---
> > > > > > > 4 packets transmitted, 4 packets received, 0% packet loss
> > > > > > > round-trip min/avg/max/stddev = 1.199/1.277/1.353/0.055 ms
> > > > > > >
> > > > > > > The VR uses 8.8.8.8 and 8.8.4.4 to resolve domains.
> > > > > > >
> > > > > > > root@r-2606-VM:/etc# cat /etc/resolv.conf
> > > > > > > nameserver 8.8.8.8
> > > > > > > nameserver 8.8.4.4
> > > > > > >
> > > > > > > I can ping both name servers without any issues.
> > > > > > >
> > > > > > > root@r-2606-VM:/etc# ping 8.8.8.8
> > > > > > > PING 8.8.8.8 (8.8.8.8): 56 data bytes
> > > > > > > 64 bytes from 8.8.8.8: icmp_seq=0 ttl=52 time=4.693 ms
> > > > > > > 64 bytes from 8.8.8.8: icmp_seq=1 ttl=52 time=2.390 ms
> > > > > > > 64 bytes from 8.8.8.8: icmp_seq=2 ttl=52 time=2.523 ms
> > > > > > > 64 bytes from 8.8.8.8: icmp_seq=3 ttl=52 time=2.458 ms
> > > > > > > ^C--- 8.8.8.8 ping statistics ---
> > > > > > > 4 packets transmitted, 4 packets received, 0% packet loss
> > > > > > > round-trip min/avg/max/stddev = 2.390/3.016/4.693/0.969 ms
> > > > > > >
> > > > > > > root@r-2606-VM:/etc# ping 8.8.4.4
> > > > > > > PING 8.8.4.4 (8.8.4.4): 56 data bytes
> > > > > > > 64 bytes from 8.8.4.4: icmp_seq=0 ttl=52 time=2.649 ms
> > > > > > > 64 bytes from 8.8.4.4: icmp_seq=1 ttl=52 time=2.458 ms
> > > > > > > 64 bytes from 8.8.4.4: icmp_seq=2 ttl=52 time=2.436 ms
> > > > > > > 64 bytes from 8.8.4.4: icmp_seq=3 ttl=52 time=2.393 ms
> > > > > > > ^C--- 8.8.4.4 ping statistics ---
> > > > > > > 4 packets transmitted, 4 packets received, 0% packet loss
> > > > > > > round-trip min/avg/max/stddev = 2.393/2.484/2.649/0.098 ms
> > > > > > >
> > > > > > > Looking forward to your reply, thank you.
> > > > > > >
> > > > > > > Cheers.
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > On Mon, Jul 21, 2014 at 12:18 PM, Sanjeev Neelarapu <
> > > > > > > sanjeev.neelarapu@citrix.com> wrote:
> > > > > > >
> > > > > > > > Hi,
> > > > > > > >
> > > > > > > > Can you check if the VR is able to resolve the domain names
> by
> > > > > pinging
> > > > > > > > from VR ?
> > > > > > > >
> > > > > > > > -Sanjeev
> > > > > > > >
> > > > > > > > -----Original Message-----
> > > > > > > > From: Vihar [mailto:vih1310@gmail.com]
> > > > > > > > Sent: Monday, July 21, 2014 5:43 AM
> > > > > > > > To: users@cloudstack.apache.org
> > > > > > > > Cc: dev@cloudstack.apache.org
> > > > > > > > Subject: RE: DNS service on VR not responding
> > > > > > > >
> > > > > > > > Hi,
> > > > > > > >
> > > > > > > > Yes, if I remove or comment out the first nameserver entry
> for
> > > the
> > > > > VR's
> > > > > > > > IP, and only leaving 8.8.8.8 and 8.8.4.4, guest VMs will be
> > > running
> > > > > > fine
> > > > > > > > and will be able to resolve domains properly."
> > > > > > > >
> > > > > > > > Are you able to ping the first DNS server IP address that you
> > > > > commented
> > > > > > > > out?
> > > > > > > >
> > > > > > > > Regards
> > > > > > > > Vihar K
> > > > > > > > On Jul 20, 2014 11:29 PM, "Santhosh Edukulla" <
> > > > > > > > santhosh.edukulla@citrix.com>
> > > > > > > > wrote:
> > > > > > > >
> > > > > > > > > Do a traceroute to an external domain say google.com from
> > > guest
> > > > > vm,
> > > > > > as
> > > > > > > > > you mentioned below, both by commenting out vr ip and not,
> in
> > > > > > > > > resolv.conf, you may see the difference.
> > > > > > > > >
> > > > > > > > > "Yes, if I remove or comment out the first nameserver entry
> > for
> > > > the
> > > > > > > > > VR's IP, and only leaving 8.8.8.8 and 8.8.4.4, guest VMs
> will
> > > be
> > > > > > > > > running fine and will be able to resolve domains properly."
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > Santhosh
> > > > > > > > > ________________________________________
> > > > > > > > > From: Indra Pramana [indra@sg.or.id]
> > > > > > > > > Sent: Sunday, July 20, 2014 1:48 PM
> > > > > > > > > To: users@cloudstack.apache.org
> > > > > > > > > Cc: dev@cloudstack.apache.org
> > > > > > > > > Subject: Re: DNS service on VR not responding
> > > > > > > > >
> > > > > > > > > Hi Santhosh,
> > > > > > > > >
> > > > > > > > > Good day to you, and thank you for your email.
> > > > > > > > >
> > > > > > > > > Traceroute packets seems to be dropped, I think it's by
> > > default.
> > > > > See
> > > > > > > > > result
> > > > > > > > > below:
> > > > > > > > >
> > > > > > > > > # traceroute X.X.X.2
> > > > > > > > > traceroute to X.X.X.2 (X.X.X.2), 30 hops max, 60 byte
> packets
> > > > > > > > > 1 * * *
> > > > > > > > > 2 * * *
> > > > > > > > > 3 * * *
> > > > > > > > >
> > > > > > > > > However, I am able to ping, and there is a response when I
> > > tried
> > > > to
> > > > > > > > > telnet to port 53.
> > > > > > > > >
> > > > > > > > > 64 bytes from X.X.X.2: icmp_req=4 ttl=64 time=2.00 ms
> > > > > > > > > 64 bytes from X.X.X.2: icmp_req=5 ttl=64 time=0.291 ms
> > > > > > > > > 64 bytes from X.X.X.2: icmp_req=6 ttl=64 time=0.384 ms ^C
> > > > > > > > > --- X.X.X.2 ping statistics ---
> > > > > > > > > 6 packets transmitted, 6 received, 0% packet loss, time
> > 4999ms
> > > > rtt
> > > > > > > > > min/avg/max/mdev = 0.270/0.603/2.006/0.628 ms
> > > > > > > > >
> > > > > > > > > # telnet X.X.X.2 53
> > > > > > > > > Trying X.X.X.2...
> > > > > > > > > Connected to X.X.X.2.
> > > > > > > > > Escape character is '^]'.
> > > > > > > > >
> > > > > > > > > netstat -a on the VR shows the service is listening on
> domain
> > > > port
> > > > > > > (53).
> > > > > > > > >
> > > > > > > > > tcp 0 0 r-2606-VM:domain *:*
> > > > > > > > LISTEN
> > > > > > > > >
> > > > > > > > > tcp 0 0 X.X.X.2:domain *:*
> > > > > LISTEN
> > > > > > > > >
> > > > > > > > > udp 156992 0 r-2606-VM:domain *:*
> > > > > > > > >
> > > > > > > > > udp 164032 0 X.X.X.2:domain *:*
> > > > > > > > >
> > > > > > > > > Can you advise if there's anything else I need to check?
> > > > > > > > >
> > > > > > > > > Looking forward to your reply, thank you.
> > > > > > > > >
> > > > > > > > > Cheers.
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > On Mon, Jul 21, 2014 at 1:17 AM, Santhosh Edukulla <
> > > > > > > > > santhosh.edukulla@citrix.com> wrote:
> > > > > > > > >
> > > > > > > > > > Run trace route from guest vms, the result will yield to
> > the
> > > > > point
> > > > > > > > > > where packet drop is happening, could be a network acl
> rule
> > > > > issue,
> > > > > > > > > > but tracert command can lead to some answers.
> > > > > > > > > >
> > > > > > > > > > List running ports as well on VR, do a telnet to dns port
> > on
> > > > > router
> > > > > > > > > > from guest vm to verify for its response.
> > > > > > > > > >
> > > > > > > > > > Santhosh
> > > > > > > > > > ________________________________________
> > > > > > > > > > From: Indra Pramana [indra@sg.or.id]
> > > > > > > > > > Sent: Sunday, July 20, 2014 1:06 PM
> > > > > > > > > > To: users@cloudstack.apache.org
> > > > > > > > > > Cc: dev@cloudstack.apache.org
> > > > > > > > > > Subject: Re: DNS service on VR not responding
> > > > > > > > > >
> > > > > > > > > > Hi Rafael,
> > > > > > > > > >
> > > > > > > > > > Good day to you, and thank you for your reply.
> > > > > > > > > >
> > > > > > > > > > Can't find anything wrong on dnsmasq.log / daemon.log,
> just
> > > > some
> > > > > > log
> > > > > > > > > > entries related to DHCP, nothing on DNS. I masked the IP
> > > > > addresses
> > > > > > > > > > since they are public.
> > > > > > > > > >
> > > > > > > > > > ===
> > > > > > > > > > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]:
> DHCPDISCOVER(eth0)
> > > > > X.X.X.X
> > > > > > > > > > 06:62:a8:01:13:37
> > > > > > > > > > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPOFFER(eth0)
> > > > X.X.X.X
> > > > > > > > > > 06:62:a8:01:13:37
> > > > > > > > > > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]:
> DHCPREQUEST(eth0)
> > > > > X.X.X.X
> > > > > > > > > > 06:62:a8:01:13:37
> > > > > > > > > > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPACK(eth0)
> > > X.X.X.X
> > > > > > > > > > 06:62:a8:01:13:37 yyyyyy
> > > > > > > > > > Jul 20 16:23:53 r-2606-VM dnsmasq[3519]: DHCPINFORM(eth0)
> > > > X.X.X.X
> > > > > > > > > > 06:43:4a:01:12:65
> > > > > > > > > > Jul 20 16:23:53 r-2606-VM dnsmasq[3519]: DHCPACK(eth0)
> > > X.X.X.X
> > > > > > > > > > 06:43:4a:01:12:65 zzzzzz
> > > > > > > > > > ===
> > > > > > > > > >
> > > > > > > > > > Yes, the guest VMs are having difficulties resolving
> > domains
> > > > into
> > > > > > IP
> > > > > > > > > > addresses because of the problem on the VR's DNS server.
> > > > > > > > > >
> > > > > > > > > > $ host www.google.com X.X.X.X (where X.X.X.X is the IP
> > > address
> > > > > of
> > > > > > > > > > the
> > > > > > > > > VR)
> > > > > > > > > > ;; connection timed out; no servers could be reached
> > > > > > > > > >
> > > > > > > > > > However, from within the VR, I am able to resolve domains
> > > just
> > > > > > fine.
> > > > > > > > > >
> > > > > > > > > > Any advise where can I start troubleshooting this?
> > > > > > > > > >
> > > > > > > > > > Looking forward to your reply, thank you.
> > > > > > > > > >
> > > > > > > > > > Cheers.
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > > On Sun, Jul 20, 2014 at 11:26 PM, Rafael Weingartner <
> > > > > > > > > > rafaelweingartner@gmail.com> wrote:
> > > > > > > > > >
> > > > > > > > > > > Have you taken a look at dnsmasq.log in the VR ?
> > > > > > > > > > > What do you mean with not responding? The addresses are
> > not
> > > > > being
> > > > > > > > > > resolved
> > > > > > > > > > > to ip addresses?
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > > On Sun, Jul 20, 2014 at 11:53 AM, Indra Pramana <
> > > > > indra@sg.or.id>
> > > > > > > > > wrote:
> > > > > > > > > > >
> > > > > > > > > > > > Dear all,
> > > > > > > > > > > >
> > > > > > > > > > > > All our guest VMs are having our virtual router
> (VR)'s
> > IP
> > > > > > > > > > > > address on /etc/resolv.conf. In the past two weeks, I
> > > just
> > > > > > > > > > > > realised that the DNS service on the VR is not
> working,
> > > and
> > > > > > > > > > > > doesn't respond to DNS queries
> > > > > > > > > > from
> > > > > > > > > > > > the DNS clients on the guest VM.
> > > > > > > > > > > >
> > > > > > > > > > > > I have tried to stop and start back the VR, but the
> > > problem
> > > > > > > > persists.
> > > > > > > > > > > >
> > > > > > > > > > > > DHCP services seems to be running fine, only DNS
> > services
> > > > are
> > > > > > > > > > > > not
> > > > > > > > > > > working.
> > > > > > > > > > > > From what I understand, both services are provided by
> > > > > dnsmasq,
> > > > > > > > > correct?
> > > > > > > > > > > >
> > > > > > > > > > > > Any advice on how can I resolve the problem?
> > > > > > > > > > > >
> > > > > > > > > > > > Looking forward to your reply, thank you.
> > > > > > > > > > > >
> > > > > > > > > > > > Cheers.
> > > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > > --
> > > > > > > > > > > Rafael Weingärtner
> > > > > > > > > > >
> > > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
>
RE: DNS service on VR not responding
Posted by Santhosh Edukulla <sa...@citrix.com>.
While creating zone, you would have selected network offering, we can see the supported services for each network offering, available under Service Offerings->Select Network Offerings, some thing like below, so you may want to check the network offering you associated to your datacenter and corresponding capabilities , below are the supported services for one of the shared network offering.
Supported Services Dns, Dhcp, UserData
Service Capabilities Dns: VirtualRouter, Dhcp: VirtualRouter, UserData: VirtualRouter
Santhosh
________________________________________
From: Indra Pramana [indra@sg.or.id]
Sent: Monday, July 21, 2014 10:37 AM
To: users@cloudstack.apache.org
Subject: Re: DNS service on VR not responding
Hi Santhosh, Vihar,
The network which this VR is responsible is a shared, not isolated network.
It seems there's no network offering being tagged to a shared network? How
do I know if the DNS service is being chosen or not?
Looking forward to your reply, thank you.
Cheers.
On Mon, Jul 21, 2014 at 6:45 PM, Vihar <vi...@gmail.com> wrote:
> Yes, not choosing DNS service from network offering may be one of the
> reason it is not resolving the DNS queries.
>
> Regards
> Vihar K
> On Jul 21, 2014 4:09 PM, "Santhosh Edukulla" <santhosh.edukulla@citrix.com
> >
> wrote:
>
> > Below are points so far,
> >
> > Have we selected the dns under network offering? As well, can you check
> > whether your dns queries are reaching VR by enabling VR in resolv.conf (
> > guest vm ) and running trace route for some example domain?
> >
> > Santhosh
> > ________________________________________
> > From: Indra Pramana [indra@sg.or.id]
> > Sent: Monday, July 21, 2014 6:33 AM
> > To: users@cloudstack.apache.org
> > Subject: Re: DNS service on VR not responding
> >
> > Hi Vihar,
> >
> > Have tried:
> >
> > - Restarting dnsmasq service
> > - Stopping and starting the VR from CloudStack GUI.
> >
> > Problem still persists. :(
> >
> > Any other hints or suggestions?
> >
> > Looking forward to to your reply, thank you.
> >
> > Cheers.
> >
> >
> >
> > On Mon, Jul 21, 2014 at 6:19 PM, Vihar <vi...@gmail.com> wrote:
> >
> > > Hi Indra,
> > >
> > > Are you referring to /etc/resolv.conf on the VR itself or on the guest
> > VM?
> > > >> I was referring to the VR itself. I thought there was 3 IP address
> in
> > VR
> > > itself.
> > >
> > > Have you tried stopping and starting the VR if not can you give a try.
> > >
> > > Regards
> > > Vihar K
> > > On Jul 21, 2014 3:26 PM, "Indra Pramana" <in...@sg.or.id> wrote:
> > >
> > > > Hi Vihar,
> > > >
> > > > Are you referring to /etc/resolv.conf on the VR itself or on the
> guest
> > > VM?
> > > >
> > > > On the VR itself, there are only two entries on /etc/resolv.conf
> > pointing
> > > > to both Google public DNS servers.
> > > >
> > > > On the guest VM, there are 3 entries, one to the VR and two to the
> > Google
> > > > public DNS servers. If I commented out both Google DNS servers and
> only
> > > > leaving the VR IP there, I cannot resolve anything. If the VR IP is
> > > > commented out and leaving both Google DNS servers there, then I can
> > > > resolve. So the issue is confirmed due to DNS service on the VR.
> > > >
> > > > But I am not too sure why it doesn't respond even though the dnsmasq
> > > > service is running.
> > > >
> > > > Thank you.
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > On Mon, Jul 21, 2014 at 1:00 PM, Vihar <vi...@gmail.com> wrote:
> > > >
> > > > > Hi ,
> > > > >
> > > > > I would like you to comment second and third IP address I.e 4.2.2.2
> > and
> > > > > 8.8.8.8 and uncomment the first IP which is allocated to DNS and
> try
> > to
> > > > > resolve the internet. It might be resolving the queries from
> external
> > > DNS
> > > > > server.
> > > > >
> > > > > If you are not able to resolve the names from VR, check if the DNS
> > > > service
> > > > > is running properly for the IP which act as a DNS server.
> > > > >
> > > > > Regards
> > > > > Vihar
> > > > > On Jul 21, 2014 10:19 AM, "Indra Pramana" <in...@sg.or.id> wrote:
> > > > >
> > > > > > Hi Sanjeev,
> > > > > >
> > > > > > Good day to you, and thank you for your reply.
> > > > > >
> > > > > > Yes, I can resolve domains without any issues from within the VR
> > > > itself.
> > > > > >
> > > > > > root@r-2606-VM:/etc# ping yahoo.com
> > > > > > PING yahoo.com (98.139.183.24): 56 data bytes
> > > > > > 64 bytes from 98.139.183.24: icmp_seq=0 ttl=47 time=250.473 ms
> > > > > > 64 bytes from 98.139.183.24: icmp_seq=1 ttl=47 time=239.240 ms
> > > > > > 64 bytes from 98.139.183.24: icmp_seq=2 ttl=45 time=247.605 ms
> > > > > > 64 bytes from 98.139.183.24: icmp_seq=3 ttl=45 time=244.913 ms
> > > > > > ^C--- yahoo.com ping statistics ---
> > > > > > 4 packets transmitted, 4 packets received, 0% packet loss
> > > > > > round-trip min/avg/max/stddev = 239.240/245.558/250.473/4.144 ms
> > > > > >
> > > > > > root@r-2606-VM:/etc# ping google.com
> > > > > > PING google.com (74.125.68.102): 56 data bytes
> > > > > > 64 bytes from 74.125.68.102: icmp_seq=0 ttl=52 time=1.353 ms
> > > > > > 64 bytes from 74.125.68.102: icmp_seq=1 ttl=52 time=1.199 ms
> > > > > > 64 bytes from 74.125.68.102: icmp_seq=2 ttl=52 time=1.268 ms
> > > > > > 64 bytes from 74.125.68.102: icmp_seq=3 ttl=52 time=1.287 ms
> > > > > > ^C--- google.com ping statistics ---
> > > > > > 4 packets transmitted, 4 packets received, 0% packet loss
> > > > > > round-trip min/avg/max/stddev = 1.199/1.277/1.353/0.055 ms
> > > > > >
> > > > > > The VR uses 8.8.8.8 and 8.8.4.4 to resolve domains.
> > > > > >
> > > > > > root@r-2606-VM:/etc# cat /etc/resolv.conf
> > > > > > nameserver 8.8.8.8
> > > > > > nameserver 8.8.4.4
> > > > > >
> > > > > > I can ping both name servers without any issues.
> > > > > >
> > > > > > root@r-2606-VM:/etc# ping 8.8.8.8
> > > > > > PING 8.8.8.8 (8.8.8.8): 56 data bytes
> > > > > > 64 bytes from 8.8.8.8: icmp_seq=0 ttl=52 time=4.693 ms
> > > > > > 64 bytes from 8.8.8.8: icmp_seq=1 ttl=52 time=2.390 ms
> > > > > > 64 bytes from 8.8.8.8: icmp_seq=2 ttl=52 time=2.523 ms
> > > > > > 64 bytes from 8.8.8.8: icmp_seq=3 ttl=52 time=2.458 ms
> > > > > > ^C--- 8.8.8.8 ping statistics ---
> > > > > > 4 packets transmitted, 4 packets received, 0% packet loss
> > > > > > round-trip min/avg/max/stddev = 2.390/3.016/4.693/0.969 ms
> > > > > >
> > > > > > root@r-2606-VM:/etc# ping 8.8.4.4
> > > > > > PING 8.8.4.4 (8.8.4.4): 56 data bytes
> > > > > > 64 bytes from 8.8.4.4: icmp_seq=0 ttl=52 time=2.649 ms
> > > > > > 64 bytes from 8.8.4.4: icmp_seq=1 ttl=52 time=2.458 ms
> > > > > > 64 bytes from 8.8.4.4: icmp_seq=2 ttl=52 time=2.436 ms
> > > > > > 64 bytes from 8.8.4.4: icmp_seq=3 ttl=52 time=2.393 ms
> > > > > > ^C--- 8.8.4.4 ping statistics ---
> > > > > > 4 packets transmitted, 4 packets received, 0% packet loss
> > > > > > round-trip min/avg/max/stddev = 2.393/2.484/2.649/0.098 ms
> > > > > >
> > > > > > Looking forward to your reply, thank you.
> > > > > >
> > > > > > Cheers.
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > On Mon, Jul 21, 2014 at 12:18 PM, Sanjeev Neelarapu <
> > > > > > sanjeev.neelarapu@citrix.com> wrote:
> > > > > >
> > > > > > > Hi,
> > > > > > >
> > > > > > > Can you check if the VR is able to resolve the domain names by
> > > > pinging
> > > > > > > from VR ?
> > > > > > >
> > > > > > > -Sanjeev
> > > > > > >
> > > > > > > -----Original Message-----
> > > > > > > From: Vihar [mailto:vih1310@gmail.com]
> > > > > > > Sent: Monday, July 21, 2014 5:43 AM
> > > > > > > To: users@cloudstack.apache.org
> > > > > > > Cc: dev@cloudstack.apache.org
> > > > > > > Subject: RE: DNS service on VR not responding
> > > > > > >
> > > > > > > Hi,
> > > > > > >
> > > > > > > Yes, if I remove or comment out the first nameserver entry for
> > the
> > > > VR's
> > > > > > > IP, and only leaving 8.8.8.8 and 8.8.4.4, guest VMs will be
> > running
> > > > > fine
> > > > > > > and will be able to resolve domains properly."
> > > > > > >
> > > > > > > Are you able to ping the first DNS server IP address that you
> > > > commented
> > > > > > > out?
> > > > > > >
> > > > > > > Regards
> > > > > > > Vihar K
> > > > > > > On Jul 20, 2014 11:29 PM, "Santhosh Edukulla" <
> > > > > > > santhosh.edukulla@citrix.com>
> > > > > > > wrote:
> > > > > > >
> > > > > > > > Do a traceroute to an external domain say google.com from
> > guest
> > > > vm,
> > > > > as
> > > > > > > > you mentioned below, both by commenting out vr ip and not, in
> > > > > > > > resolv.conf, you may see the difference.
> > > > > > > >
> > > > > > > > "Yes, if I remove or comment out the first nameserver entry
> for
> > > the
> > > > > > > > VR's IP, and only leaving 8.8.8.8 and 8.8.4.4, guest VMs will
> > be
> > > > > > > > running fine and will be able to resolve domains properly."
> > > > > > > >
> > > > > > > >
> > > > > > > > Santhosh
> > > > > > > > ________________________________________
> > > > > > > > From: Indra Pramana [indra@sg.or.id]
> > > > > > > > Sent: Sunday, July 20, 2014 1:48 PM
> > > > > > > > To: users@cloudstack.apache.org
> > > > > > > > Cc: dev@cloudstack.apache.org
> > > > > > > > Subject: Re: DNS service on VR not responding
> > > > > > > >
> > > > > > > > Hi Santhosh,
> > > > > > > >
> > > > > > > > Good day to you, and thank you for your email.
> > > > > > > >
> > > > > > > > Traceroute packets seems to be dropped, I think it's by
> > default.
> > > > See
> > > > > > > > result
> > > > > > > > below:
> > > > > > > >
> > > > > > > > # traceroute X.X.X.2
> > > > > > > > traceroute to X.X.X.2 (X.X.X.2), 30 hops max, 60 byte packets
> > > > > > > > 1 * * *
> > > > > > > > 2 * * *
> > > > > > > > 3 * * *
> > > > > > > >
> > > > > > > > However, I am able to ping, and there is a response when I
> > tried
> > > to
> > > > > > > > telnet to port 53.
> > > > > > > >
> > > > > > > > 64 bytes from X.X.X.2: icmp_req=4 ttl=64 time=2.00 ms
> > > > > > > > 64 bytes from X.X.X.2: icmp_req=5 ttl=64 time=0.291 ms
> > > > > > > > 64 bytes from X.X.X.2: icmp_req=6 ttl=64 time=0.384 ms ^C
> > > > > > > > --- X.X.X.2 ping statistics ---
> > > > > > > > 6 packets transmitted, 6 received, 0% packet loss, time
> 4999ms
> > > rtt
> > > > > > > > min/avg/max/mdev = 0.270/0.603/2.006/0.628 ms
> > > > > > > >
> > > > > > > > # telnet X.X.X.2 53
> > > > > > > > Trying X.X.X.2...
> > > > > > > > Connected to X.X.X.2.
> > > > > > > > Escape character is '^]'.
> > > > > > > >
> > > > > > > > netstat -a on the VR shows the service is listening on domain
> > > port
> > > > > > (53).
> > > > > > > >
> > > > > > > > tcp 0 0 r-2606-VM:domain *:*
> > > > > > > LISTEN
> > > > > > > >
> > > > > > > > tcp 0 0 X.X.X.2:domain *:*
> > > > LISTEN
> > > > > > > >
> > > > > > > > udp 156992 0 r-2606-VM:domain *:*
> > > > > > > >
> > > > > > > > udp 164032 0 X.X.X.2:domain *:*
> > > > > > > >
> > > > > > > > Can you advise if there's anything else I need to check?
> > > > > > > >
> > > > > > > > Looking forward to your reply, thank you.
> > > > > > > >
> > > > > > > > Cheers.
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > On Mon, Jul 21, 2014 at 1:17 AM, Santhosh Edukulla <
> > > > > > > > santhosh.edukulla@citrix.com> wrote:
> > > > > > > >
> > > > > > > > > Run trace route from guest vms, the result will yield to
> the
> > > > point
> > > > > > > > > where packet drop is happening, could be a network acl rule
> > > > issue,
> > > > > > > > > but tracert command can lead to some answers.
> > > > > > > > >
> > > > > > > > > List running ports as well on VR, do a telnet to dns port
> on
> > > > router
> > > > > > > > > from guest vm to verify for its response.
> > > > > > > > >
> > > > > > > > > Santhosh
> > > > > > > > > ________________________________________
> > > > > > > > > From: Indra Pramana [indra@sg.or.id]
> > > > > > > > > Sent: Sunday, July 20, 2014 1:06 PM
> > > > > > > > > To: users@cloudstack.apache.org
> > > > > > > > > Cc: dev@cloudstack.apache.org
> > > > > > > > > Subject: Re: DNS service on VR not responding
> > > > > > > > >
> > > > > > > > > Hi Rafael,
> > > > > > > > >
> > > > > > > > > Good day to you, and thank you for your reply.
> > > > > > > > >
> > > > > > > > > Can't find anything wrong on dnsmasq.log / daemon.log, just
> > > some
> > > > > log
> > > > > > > > > entries related to DHCP, nothing on DNS. I masked the IP
> > > > addresses
> > > > > > > > > since they are public.
> > > > > > > > >
> > > > > > > > > ===
> > > > > > > > > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPDISCOVER(eth0)
> > > > X.X.X.X
> > > > > > > > > 06:62:a8:01:13:37
> > > > > > > > > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPOFFER(eth0)
> > > X.X.X.X
> > > > > > > > > 06:62:a8:01:13:37
> > > > > > > > > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPREQUEST(eth0)
> > > > X.X.X.X
> > > > > > > > > 06:62:a8:01:13:37
> > > > > > > > > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPACK(eth0)
> > X.X.X.X
> > > > > > > > > 06:62:a8:01:13:37 yyyyyy
> > > > > > > > > Jul 20 16:23:53 r-2606-VM dnsmasq[3519]: DHCPINFORM(eth0)
> > > X.X.X.X
> > > > > > > > > 06:43:4a:01:12:65
> > > > > > > > > Jul 20 16:23:53 r-2606-VM dnsmasq[3519]: DHCPACK(eth0)
> > X.X.X.X
> > > > > > > > > 06:43:4a:01:12:65 zzzzzz
> > > > > > > > > ===
> > > > > > > > >
> > > > > > > > > Yes, the guest VMs are having difficulties resolving
> domains
> > > into
> > > > > IP
> > > > > > > > > addresses because of the problem on the VR's DNS server.
> > > > > > > > >
> > > > > > > > > $ host www.google.com X.X.X.X (where X.X.X.X is the IP
> > address
> > > > of
> > > > > > > > > the
> > > > > > > > VR)
> > > > > > > > > ;; connection timed out; no servers could be reached
> > > > > > > > >
> > > > > > > > > However, from within the VR, I am able to resolve domains
> > just
> > > > > fine.
> > > > > > > > >
> > > > > > > > > Any advise where can I start troubleshooting this?
> > > > > > > > >
> > > > > > > > > Looking forward to your reply, thank you.
> > > > > > > > >
> > > > > > > > > Cheers.
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > On Sun, Jul 20, 2014 at 11:26 PM, Rafael Weingartner <
> > > > > > > > > rafaelweingartner@gmail.com> wrote:
> > > > > > > > >
> > > > > > > > > > Have you taken a look at dnsmasq.log in the VR ?
> > > > > > > > > > What do you mean with not responding? The addresses are
> not
> > > > being
> > > > > > > > > resolved
> > > > > > > > > > to ip addresses?
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > > On Sun, Jul 20, 2014 at 11:53 AM, Indra Pramana <
> > > > indra@sg.or.id>
> > > > > > > > wrote:
> > > > > > > > > >
> > > > > > > > > > > Dear all,
> > > > > > > > > > >
> > > > > > > > > > > All our guest VMs are having our virtual router (VR)'s
> IP
> > > > > > > > > > > address on /etc/resolv.conf. In the past two weeks, I
> > just
> > > > > > > > > > > realised that the DNS service on the VR is not working,
> > and
> > > > > > > > > > > doesn't respond to DNS queries
> > > > > > > > > from
> > > > > > > > > > > the DNS clients on the guest VM.
> > > > > > > > > > >
> > > > > > > > > > > I have tried to stop and start back the VR, but the
> > problem
> > > > > > > persists.
> > > > > > > > > > >
> > > > > > > > > > > DHCP services seems to be running fine, only DNS
> services
> > > are
> > > > > > > > > > > not
> > > > > > > > > > working.
> > > > > > > > > > > From what I understand, both services are provided by
> > > > dnsmasq,
> > > > > > > > correct?
> > > > > > > > > > >
> > > > > > > > > > > Any advice on how can I resolve the problem?
> > > > > > > > > > >
> > > > > > > > > > > Looking forward to your reply, thank you.
> > > > > > > > > > >
> > > > > > > > > > > Cheers.
> > > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > > --
> > > > > > > > > > Rafael Weingärtner
> > > > > > > > > >
> > > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
>
Re: DNS service on VR not responding
Posted by Indra Pramana <in...@sg.or.id>.
Hi Santhosh, Vihar,
The network which this VR is responsible is a shared, not isolated network.
It seems there's no network offering being tagged to a shared network? How
do I know if the DNS service is being chosen or not?
Looking forward to your reply, thank you.
Cheers.
On Mon, Jul 21, 2014 at 6:45 PM, Vihar <vi...@gmail.com> wrote:
> Yes, not choosing DNS service from network offering may be one of the
> reason it is not resolving the DNS queries.
>
> Regards
> Vihar K
> On Jul 21, 2014 4:09 PM, "Santhosh Edukulla" <santhosh.edukulla@citrix.com
> >
> wrote:
>
> > Below are points so far,
> >
> > Have we selected the dns under network offering? As well, can you check
> > whether your dns queries are reaching VR by enabling VR in resolv.conf (
> > guest vm ) and running trace route for some example domain?
> >
> > Santhosh
> > ________________________________________
> > From: Indra Pramana [indra@sg.or.id]
> > Sent: Monday, July 21, 2014 6:33 AM
> > To: users@cloudstack.apache.org
> > Subject: Re: DNS service on VR not responding
> >
> > Hi Vihar,
> >
> > Have tried:
> >
> > - Restarting dnsmasq service
> > - Stopping and starting the VR from CloudStack GUI.
> >
> > Problem still persists. :(
> >
> > Any other hints or suggestions?
> >
> > Looking forward to to your reply, thank you.
> >
> > Cheers.
> >
> >
> >
> > On Mon, Jul 21, 2014 at 6:19 PM, Vihar <vi...@gmail.com> wrote:
> >
> > > Hi Indra,
> > >
> > > Are you referring to /etc/resolv.conf on the VR itself or on the guest
> > VM?
> > > >> I was referring to the VR itself. I thought there was 3 IP address
> in
> > VR
> > > itself.
> > >
> > > Have you tried stopping and starting the VR if not can you give a try.
> > >
> > > Regards
> > > Vihar K
> > > On Jul 21, 2014 3:26 PM, "Indra Pramana" <in...@sg.or.id> wrote:
> > >
> > > > Hi Vihar,
> > > >
> > > > Are you referring to /etc/resolv.conf on the VR itself or on the
> guest
> > > VM?
> > > >
> > > > On the VR itself, there are only two entries on /etc/resolv.conf
> > pointing
> > > > to both Google public DNS servers.
> > > >
> > > > On the guest VM, there are 3 entries, one to the VR and two to the
> > Google
> > > > public DNS servers. If I commented out both Google DNS servers and
> only
> > > > leaving the VR IP there, I cannot resolve anything. If the VR IP is
> > > > commented out and leaving both Google DNS servers there, then I can
> > > > resolve. So the issue is confirmed due to DNS service on the VR.
> > > >
> > > > But I am not too sure why it doesn't respond even though the dnsmasq
> > > > service is running.
> > > >
> > > > Thank you.
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > On Mon, Jul 21, 2014 at 1:00 PM, Vihar <vi...@gmail.com> wrote:
> > > >
> > > > > Hi ,
> > > > >
> > > > > I would like you to comment second and third IP address I.e 4.2.2.2
> > and
> > > > > 8.8.8.8 and uncomment the first IP which is allocated to DNS and
> try
> > to
> > > > > resolve the internet. It might be resolving the queries from
> external
> > > DNS
> > > > > server.
> > > > >
> > > > > If you are not able to resolve the names from VR, check if the DNS
> > > > service
> > > > > is running properly for the IP which act as a DNS server.
> > > > >
> > > > > Regards
> > > > > Vihar
> > > > > On Jul 21, 2014 10:19 AM, "Indra Pramana" <in...@sg.or.id> wrote:
> > > > >
> > > > > > Hi Sanjeev,
> > > > > >
> > > > > > Good day to you, and thank you for your reply.
> > > > > >
> > > > > > Yes, I can resolve domains without any issues from within the VR
> > > > itself.
> > > > > >
> > > > > > root@r-2606-VM:/etc# ping yahoo.com
> > > > > > PING yahoo.com (98.139.183.24): 56 data bytes
> > > > > > 64 bytes from 98.139.183.24: icmp_seq=0 ttl=47 time=250.473 ms
> > > > > > 64 bytes from 98.139.183.24: icmp_seq=1 ttl=47 time=239.240 ms
> > > > > > 64 bytes from 98.139.183.24: icmp_seq=2 ttl=45 time=247.605 ms
> > > > > > 64 bytes from 98.139.183.24: icmp_seq=3 ttl=45 time=244.913 ms
> > > > > > ^C--- yahoo.com ping statistics ---
> > > > > > 4 packets transmitted, 4 packets received, 0% packet loss
> > > > > > round-trip min/avg/max/stddev = 239.240/245.558/250.473/4.144 ms
> > > > > >
> > > > > > root@r-2606-VM:/etc# ping google.com
> > > > > > PING google.com (74.125.68.102): 56 data bytes
> > > > > > 64 bytes from 74.125.68.102: icmp_seq=0 ttl=52 time=1.353 ms
> > > > > > 64 bytes from 74.125.68.102: icmp_seq=1 ttl=52 time=1.199 ms
> > > > > > 64 bytes from 74.125.68.102: icmp_seq=2 ttl=52 time=1.268 ms
> > > > > > 64 bytes from 74.125.68.102: icmp_seq=3 ttl=52 time=1.287 ms
> > > > > > ^C--- google.com ping statistics ---
> > > > > > 4 packets transmitted, 4 packets received, 0% packet loss
> > > > > > round-trip min/avg/max/stddev = 1.199/1.277/1.353/0.055 ms
> > > > > >
> > > > > > The VR uses 8.8.8.8 and 8.8.4.4 to resolve domains.
> > > > > >
> > > > > > root@r-2606-VM:/etc# cat /etc/resolv.conf
> > > > > > nameserver 8.8.8.8
> > > > > > nameserver 8.8.4.4
> > > > > >
> > > > > > I can ping both name servers without any issues.
> > > > > >
> > > > > > root@r-2606-VM:/etc# ping 8.8.8.8
> > > > > > PING 8.8.8.8 (8.8.8.8): 56 data bytes
> > > > > > 64 bytes from 8.8.8.8: icmp_seq=0 ttl=52 time=4.693 ms
> > > > > > 64 bytes from 8.8.8.8: icmp_seq=1 ttl=52 time=2.390 ms
> > > > > > 64 bytes from 8.8.8.8: icmp_seq=2 ttl=52 time=2.523 ms
> > > > > > 64 bytes from 8.8.8.8: icmp_seq=3 ttl=52 time=2.458 ms
> > > > > > ^C--- 8.8.8.8 ping statistics ---
> > > > > > 4 packets transmitted, 4 packets received, 0% packet loss
> > > > > > round-trip min/avg/max/stddev = 2.390/3.016/4.693/0.969 ms
> > > > > >
> > > > > > root@r-2606-VM:/etc# ping 8.8.4.4
> > > > > > PING 8.8.4.4 (8.8.4.4): 56 data bytes
> > > > > > 64 bytes from 8.8.4.4: icmp_seq=0 ttl=52 time=2.649 ms
> > > > > > 64 bytes from 8.8.4.4: icmp_seq=1 ttl=52 time=2.458 ms
> > > > > > 64 bytes from 8.8.4.4: icmp_seq=2 ttl=52 time=2.436 ms
> > > > > > 64 bytes from 8.8.4.4: icmp_seq=3 ttl=52 time=2.393 ms
> > > > > > ^C--- 8.8.4.4 ping statistics ---
> > > > > > 4 packets transmitted, 4 packets received, 0% packet loss
> > > > > > round-trip min/avg/max/stddev = 2.393/2.484/2.649/0.098 ms
> > > > > >
> > > > > > Looking forward to your reply, thank you.
> > > > > >
> > > > > > Cheers.
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > On Mon, Jul 21, 2014 at 12:18 PM, Sanjeev Neelarapu <
> > > > > > sanjeev.neelarapu@citrix.com> wrote:
> > > > > >
> > > > > > > Hi,
> > > > > > >
> > > > > > > Can you check if the VR is able to resolve the domain names by
> > > > pinging
> > > > > > > from VR ?
> > > > > > >
> > > > > > > -Sanjeev
> > > > > > >
> > > > > > > -----Original Message-----
> > > > > > > From: Vihar [mailto:vih1310@gmail.com]
> > > > > > > Sent: Monday, July 21, 2014 5:43 AM
> > > > > > > To: users@cloudstack.apache.org
> > > > > > > Cc: dev@cloudstack.apache.org
> > > > > > > Subject: RE: DNS service on VR not responding
> > > > > > >
> > > > > > > Hi,
> > > > > > >
> > > > > > > Yes, if I remove or comment out the first nameserver entry for
> > the
> > > > VR's
> > > > > > > IP, and only leaving 8.8.8.8 and 8.8.4.4, guest VMs will be
> > running
> > > > > fine
> > > > > > > and will be able to resolve domains properly."
> > > > > > >
> > > > > > > Are you able to ping the first DNS server IP address that you
> > > > commented
> > > > > > > out?
> > > > > > >
> > > > > > > Regards
> > > > > > > Vihar K
> > > > > > > On Jul 20, 2014 11:29 PM, "Santhosh Edukulla" <
> > > > > > > santhosh.edukulla@citrix.com>
> > > > > > > wrote:
> > > > > > >
> > > > > > > > Do a traceroute to an external domain say google.com from
> > guest
> > > > vm,
> > > > > as
> > > > > > > > you mentioned below, both by commenting out vr ip and not, in
> > > > > > > > resolv.conf, you may see the difference.
> > > > > > > >
> > > > > > > > "Yes, if I remove or comment out the first nameserver entry
> for
> > > the
> > > > > > > > VR's IP, and only leaving 8.8.8.8 and 8.8.4.4, guest VMs will
> > be
> > > > > > > > running fine and will be able to resolve domains properly."
> > > > > > > >
> > > > > > > >
> > > > > > > > Santhosh
> > > > > > > > ________________________________________
> > > > > > > > From: Indra Pramana [indra@sg.or.id]
> > > > > > > > Sent: Sunday, July 20, 2014 1:48 PM
> > > > > > > > To: users@cloudstack.apache.org
> > > > > > > > Cc: dev@cloudstack.apache.org
> > > > > > > > Subject: Re: DNS service on VR not responding
> > > > > > > >
> > > > > > > > Hi Santhosh,
> > > > > > > >
> > > > > > > > Good day to you, and thank you for your email.
> > > > > > > >
> > > > > > > > Traceroute packets seems to be dropped, I think it's by
> > default.
> > > > See
> > > > > > > > result
> > > > > > > > below:
> > > > > > > >
> > > > > > > > # traceroute X.X.X.2
> > > > > > > > traceroute to X.X.X.2 (X.X.X.2), 30 hops max, 60 byte packets
> > > > > > > > 1 * * *
> > > > > > > > 2 * * *
> > > > > > > > 3 * * *
> > > > > > > >
> > > > > > > > However, I am able to ping, and there is a response when I
> > tried
> > > to
> > > > > > > > telnet to port 53.
> > > > > > > >
> > > > > > > > 64 bytes from X.X.X.2: icmp_req=4 ttl=64 time=2.00 ms
> > > > > > > > 64 bytes from X.X.X.2: icmp_req=5 ttl=64 time=0.291 ms
> > > > > > > > 64 bytes from X.X.X.2: icmp_req=6 ttl=64 time=0.384 ms ^C
> > > > > > > > --- X.X.X.2 ping statistics ---
> > > > > > > > 6 packets transmitted, 6 received, 0% packet loss, time
> 4999ms
> > > rtt
> > > > > > > > min/avg/max/mdev = 0.270/0.603/2.006/0.628 ms
> > > > > > > >
> > > > > > > > # telnet X.X.X.2 53
> > > > > > > > Trying X.X.X.2...
> > > > > > > > Connected to X.X.X.2.
> > > > > > > > Escape character is '^]'.
> > > > > > > >
> > > > > > > > netstat -a on the VR shows the service is listening on domain
> > > port
> > > > > > (53).
> > > > > > > >
> > > > > > > > tcp 0 0 r-2606-VM:domain *:*
> > > > > > > LISTEN
> > > > > > > >
> > > > > > > > tcp 0 0 X.X.X.2:domain *:*
> > > > LISTEN
> > > > > > > >
> > > > > > > > udp 156992 0 r-2606-VM:domain *:*
> > > > > > > >
> > > > > > > > udp 164032 0 X.X.X.2:domain *:*
> > > > > > > >
> > > > > > > > Can you advise if there's anything else I need to check?
> > > > > > > >
> > > > > > > > Looking forward to your reply, thank you.
> > > > > > > >
> > > > > > > > Cheers.
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > On Mon, Jul 21, 2014 at 1:17 AM, Santhosh Edukulla <
> > > > > > > > santhosh.edukulla@citrix.com> wrote:
> > > > > > > >
> > > > > > > > > Run trace route from guest vms, the result will yield to
> the
> > > > point
> > > > > > > > > where packet drop is happening, could be a network acl rule
> > > > issue,
> > > > > > > > > but tracert command can lead to some answers.
> > > > > > > > >
> > > > > > > > > List running ports as well on VR, do a telnet to dns port
> on
> > > > router
> > > > > > > > > from guest vm to verify for its response.
> > > > > > > > >
> > > > > > > > > Santhosh
> > > > > > > > > ________________________________________
> > > > > > > > > From: Indra Pramana [indra@sg.or.id]
> > > > > > > > > Sent: Sunday, July 20, 2014 1:06 PM
> > > > > > > > > To: users@cloudstack.apache.org
> > > > > > > > > Cc: dev@cloudstack.apache.org
> > > > > > > > > Subject: Re: DNS service on VR not responding
> > > > > > > > >
> > > > > > > > > Hi Rafael,
> > > > > > > > >
> > > > > > > > > Good day to you, and thank you for your reply.
> > > > > > > > >
> > > > > > > > > Can't find anything wrong on dnsmasq.log / daemon.log, just
> > > some
> > > > > log
> > > > > > > > > entries related to DHCP, nothing on DNS. I masked the IP
> > > > addresses
> > > > > > > > > since they are public.
> > > > > > > > >
> > > > > > > > > ===
> > > > > > > > > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPDISCOVER(eth0)
> > > > X.X.X.X
> > > > > > > > > 06:62:a8:01:13:37
> > > > > > > > > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPOFFER(eth0)
> > > X.X.X.X
> > > > > > > > > 06:62:a8:01:13:37
> > > > > > > > > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPREQUEST(eth0)
> > > > X.X.X.X
> > > > > > > > > 06:62:a8:01:13:37
> > > > > > > > > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPACK(eth0)
> > X.X.X.X
> > > > > > > > > 06:62:a8:01:13:37 yyyyyy
> > > > > > > > > Jul 20 16:23:53 r-2606-VM dnsmasq[3519]: DHCPINFORM(eth0)
> > > X.X.X.X
> > > > > > > > > 06:43:4a:01:12:65
> > > > > > > > > Jul 20 16:23:53 r-2606-VM dnsmasq[3519]: DHCPACK(eth0)
> > X.X.X.X
> > > > > > > > > 06:43:4a:01:12:65 zzzzzz
> > > > > > > > > ===
> > > > > > > > >
> > > > > > > > > Yes, the guest VMs are having difficulties resolving
> domains
> > > into
> > > > > IP
> > > > > > > > > addresses because of the problem on the VR's DNS server.
> > > > > > > > >
> > > > > > > > > $ host www.google.com X.X.X.X (where X.X.X.X is the IP
> > address
> > > > of
> > > > > > > > > the
> > > > > > > > VR)
> > > > > > > > > ;; connection timed out; no servers could be reached
> > > > > > > > >
> > > > > > > > > However, from within the VR, I am able to resolve domains
> > just
> > > > > fine.
> > > > > > > > >
> > > > > > > > > Any advise where can I start troubleshooting this?
> > > > > > > > >
> > > > > > > > > Looking forward to your reply, thank you.
> > > > > > > > >
> > > > > > > > > Cheers.
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > On Sun, Jul 20, 2014 at 11:26 PM, Rafael Weingartner <
> > > > > > > > > rafaelweingartner@gmail.com> wrote:
> > > > > > > > >
> > > > > > > > > > Have you taken a look at dnsmasq.log in the VR ?
> > > > > > > > > > What do you mean with not responding? The addresses are
> not
> > > > being
> > > > > > > > > resolved
> > > > > > > > > > to ip addresses?
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > > On Sun, Jul 20, 2014 at 11:53 AM, Indra Pramana <
> > > > indra@sg.or.id>
> > > > > > > > wrote:
> > > > > > > > > >
> > > > > > > > > > > Dear all,
> > > > > > > > > > >
> > > > > > > > > > > All our guest VMs are having our virtual router (VR)'s
> IP
> > > > > > > > > > > address on /etc/resolv.conf. In the past two weeks, I
> > just
> > > > > > > > > > > realised that the DNS service on the VR is not working,
> > and
> > > > > > > > > > > doesn't respond to DNS queries
> > > > > > > > > from
> > > > > > > > > > > the DNS clients on the guest VM.
> > > > > > > > > > >
> > > > > > > > > > > I have tried to stop and start back the VR, but the
> > problem
> > > > > > > persists.
> > > > > > > > > > >
> > > > > > > > > > > DHCP services seems to be running fine, only DNS
> services
> > > are
> > > > > > > > > > > not
> > > > > > > > > > working.
> > > > > > > > > > > From what I understand, both services are provided by
> > > > dnsmasq,
> > > > > > > > correct?
> > > > > > > > > > >
> > > > > > > > > > > Any advice on how can I resolve the problem?
> > > > > > > > > > >
> > > > > > > > > > > Looking forward to your reply, thank you.
> > > > > > > > > > >
> > > > > > > > > > > Cheers.
> > > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > > --
> > > > > > > > > > Rafael Weingärtner
> > > > > > > > > >
> > > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
>
RE: DNS service on VR not responding
Posted by Vihar <vi...@gmail.com>.
Yes, not choosing DNS service from network offering may be one of the
reason it is not resolving the DNS queries.
Regards
Vihar K
On Jul 21, 2014 4:09 PM, "Santhosh Edukulla" <sa...@citrix.com>
wrote:
> Below are points so far,
>
> Have we selected the dns under network offering? As well, can you check
> whether your dns queries are reaching VR by enabling VR in resolv.conf (
> guest vm ) and running trace route for some example domain?
>
> Santhosh
> ________________________________________
> From: Indra Pramana [indra@sg.or.id]
> Sent: Monday, July 21, 2014 6:33 AM
> To: users@cloudstack.apache.org
> Subject: Re: DNS service on VR not responding
>
> Hi Vihar,
>
> Have tried:
>
> - Restarting dnsmasq service
> - Stopping and starting the VR from CloudStack GUI.
>
> Problem still persists. :(
>
> Any other hints or suggestions?
>
> Looking forward to to your reply, thank you.
>
> Cheers.
>
>
>
> On Mon, Jul 21, 2014 at 6:19 PM, Vihar <vi...@gmail.com> wrote:
>
> > Hi Indra,
> >
> > Are you referring to /etc/resolv.conf on the VR itself or on the guest
> VM?
> > >> I was referring to the VR itself. I thought there was 3 IP address in
> VR
> > itself.
> >
> > Have you tried stopping and starting the VR if not can you give a try.
> >
> > Regards
> > Vihar K
> > On Jul 21, 2014 3:26 PM, "Indra Pramana" <in...@sg.or.id> wrote:
> >
> > > Hi Vihar,
> > >
> > > Are you referring to /etc/resolv.conf on the VR itself or on the guest
> > VM?
> > >
> > > On the VR itself, there are only two entries on /etc/resolv.conf
> pointing
> > > to both Google public DNS servers.
> > >
> > > On the guest VM, there are 3 entries, one to the VR and two to the
> Google
> > > public DNS servers. If I commented out both Google DNS servers and only
> > > leaving the VR IP there, I cannot resolve anything. If the VR IP is
> > > commented out and leaving both Google DNS servers there, then I can
> > > resolve. So the issue is confirmed due to DNS service on the VR.
> > >
> > > But I am not too sure why it doesn't respond even though the dnsmasq
> > > service is running.
> > >
> > > Thank you.
> > >
> > >
> > >
> > >
> > >
> > >
> > > On Mon, Jul 21, 2014 at 1:00 PM, Vihar <vi...@gmail.com> wrote:
> > >
> > > > Hi ,
> > > >
> > > > I would like you to comment second and third IP address I.e 4.2.2.2
> and
> > > > 8.8.8.8 and uncomment the first IP which is allocated to DNS and try
> to
> > > > resolve the internet. It might be resolving the queries from external
> > DNS
> > > > server.
> > > >
> > > > If you are not able to resolve the names from VR, check if the DNS
> > > service
> > > > is running properly for the IP which act as a DNS server.
> > > >
> > > > Regards
> > > > Vihar
> > > > On Jul 21, 2014 10:19 AM, "Indra Pramana" <in...@sg.or.id> wrote:
> > > >
> > > > > Hi Sanjeev,
> > > > >
> > > > > Good day to you, and thank you for your reply.
> > > > >
> > > > > Yes, I can resolve domains without any issues from within the VR
> > > itself.
> > > > >
> > > > > root@r-2606-VM:/etc# ping yahoo.com
> > > > > PING yahoo.com (98.139.183.24): 56 data bytes
> > > > > 64 bytes from 98.139.183.24: icmp_seq=0 ttl=47 time=250.473 ms
> > > > > 64 bytes from 98.139.183.24: icmp_seq=1 ttl=47 time=239.240 ms
> > > > > 64 bytes from 98.139.183.24: icmp_seq=2 ttl=45 time=247.605 ms
> > > > > 64 bytes from 98.139.183.24: icmp_seq=3 ttl=45 time=244.913 ms
> > > > > ^C--- yahoo.com ping statistics ---
> > > > > 4 packets transmitted, 4 packets received, 0% packet loss
> > > > > round-trip min/avg/max/stddev = 239.240/245.558/250.473/4.144 ms
> > > > >
> > > > > root@r-2606-VM:/etc# ping google.com
> > > > > PING google.com (74.125.68.102): 56 data bytes
> > > > > 64 bytes from 74.125.68.102: icmp_seq=0 ttl=52 time=1.353 ms
> > > > > 64 bytes from 74.125.68.102: icmp_seq=1 ttl=52 time=1.199 ms
> > > > > 64 bytes from 74.125.68.102: icmp_seq=2 ttl=52 time=1.268 ms
> > > > > 64 bytes from 74.125.68.102: icmp_seq=3 ttl=52 time=1.287 ms
> > > > > ^C--- google.com ping statistics ---
> > > > > 4 packets transmitted, 4 packets received, 0% packet loss
> > > > > round-trip min/avg/max/stddev = 1.199/1.277/1.353/0.055 ms
> > > > >
> > > > > The VR uses 8.8.8.8 and 8.8.4.4 to resolve domains.
> > > > >
> > > > > root@r-2606-VM:/etc# cat /etc/resolv.conf
> > > > > nameserver 8.8.8.8
> > > > > nameserver 8.8.4.4
> > > > >
> > > > > I can ping both name servers without any issues.
> > > > >
> > > > > root@r-2606-VM:/etc# ping 8.8.8.8
> > > > > PING 8.8.8.8 (8.8.8.8): 56 data bytes
> > > > > 64 bytes from 8.8.8.8: icmp_seq=0 ttl=52 time=4.693 ms
> > > > > 64 bytes from 8.8.8.8: icmp_seq=1 ttl=52 time=2.390 ms
> > > > > 64 bytes from 8.8.8.8: icmp_seq=2 ttl=52 time=2.523 ms
> > > > > 64 bytes from 8.8.8.8: icmp_seq=3 ttl=52 time=2.458 ms
> > > > > ^C--- 8.8.8.8 ping statistics ---
> > > > > 4 packets transmitted, 4 packets received, 0% packet loss
> > > > > round-trip min/avg/max/stddev = 2.390/3.016/4.693/0.969 ms
> > > > >
> > > > > root@r-2606-VM:/etc# ping 8.8.4.4
> > > > > PING 8.8.4.4 (8.8.4.4): 56 data bytes
> > > > > 64 bytes from 8.8.4.4: icmp_seq=0 ttl=52 time=2.649 ms
> > > > > 64 bytes from 8.8.4.4: icmp_seq=1 ttl=52 time=2.458 ms
> > > > > 64 bytes from 8.8.4.4: icmp_seq=2 ttl=52 time=2.436 ms
> > > > > 64 bytes from 8.8.4.4: icmp_seq=3 ttl=52 time=2.393 ms
> > > > > ^C--- 8.8.4.4 ping statistics ---
> > > > > 4 packets transmitted, 4 packets received, 0% packet loss
> > > > > round-trip min/avg/max/stddev = 2.393/2.484/2.649/0.098 ms
> > > > >
> > > > > Looking forward to your reply, thank you.
> > > > >
> > > > > Cheers.
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > On Mon, Jul 21, 2014 at 12:18 PM, Sanjeev Neelarapu <
> > > > > sanjeev.neelarapu@citrix.com> wrote:
> > > > >
> > > > > > Hi,
> > > > > >
> > > > > > Can you check if the VR is able to resolve the domain names by
> > > pinging
> > > > > > from VR ?
> > > > > >
> > > > > > -Sanjeev
> > > > > >
> > > > > > -----Original Message-----
> > > > > > From: Vihar [mailto:vih1310@gmail.com]
> > > > > > Sent: Monday, July 21, 2014 5:43 AM
> > > > > > To: users@cloudstack.apache.org
> > > > > > Cc: dev@cloudstack.apache.org
> > > > > > Subject: RE: DNS service on VR not responding
> > > > > >
> > > > > > Hi,
> > > > > >
> > > > > > Yes, if I remove or comment out the first nameserver entry for
> the
> > > VR's
> > > > > > IP, and only leaving 8.8.8.8 and 8.8.4.4, guest VMs will be
> running
> > > > fine
> > > > > > and will be able to resolve domains properly."
> > > > > >
> > > > > > Are you able to ping the first DNS server IP address that you
> > > commented
> > > > > > out?
> > > > > >
> > > > > > Regards
> > > > > > Vihar K
> > > > > > On Jul 20, 2014 11:29 PM, "Santhosh Edukulla" <
> > > > > > santhosh.edukulla@citrix.com>
> > > > > > wrote:
> > > > > >
> > > > > > > Do a traceroute to an external domain say google.com from
> guest
> > > vm,
> > > > as
> > > > > > > you mentioned below, both by commenting out vr ip and not, in
> > > > > > > resolv.conf, you may see the difference.
> > > > > > >
> > > > > > > "Yes, if I remove or comment out the first nameserver entry for
> > the
> > > > > > > VR's IP, and only leaving 8.8.8.8 and 8.8.4.4, guest VMs will
> be
> > > > > > > running fine and will be able to resolve domains properly."
> > > > > > >
> > > > > > >
> > > > > > > Santhosh
> > > > > > > ________________________________________
> > > > > > > From: Indra Pramana [indra@sg.or.id]
> > > > > > > Sent: Sunday, July 20, 2014 1:48 PM
> > > > > > > To: users@cloudstack.apache.org
> > > > > > > Cc: dev@cloudstack.apache.org
> > > > > > > Subject: Re: DNS service on VR not responding
> > > > > > >
> > > > > > > Hi Santhosh,
> > > > > > >
> > > > > > > Good day to you, and thank you for your email.
> > > > > > >
> > > > > > > Traceroute packets seems to be dropped, I think it's by
> default.
> > > See
> > > > > > > result
> > > > > > > below:
> > > > > > >
> > > > > > > # traceroute X.X.X.2
> > > > > > > traceroute to X.X.X.2 (X.X.X.2), 30 hops max, 60 byte packets
> > > > > > > 1 * * *
> > > > > > > 2 * * *
> > > > > > > 3 * * *
> > > > > > >
> > > > > > > However, I am able to ping, and there is a response when I
> tried
> > to
> > > > > > > telnet to port 53.
> > > > > > >
> > > > > > > 64 bytes from X.X.X.2: icmp_req=4 ttl=64 time=2.00 ms
> > > > > > > 64 bytes from X.X.X.2: icmp_req=5 ttl=64 time=0.291 ms
> > > > > > > 64 bytes from X.X.X.2: icmp_req=6 ttl=64 time=0.384 ms ^C
> > > > > > > --- X.X.X.2 ping statistics ---
> > > > > > > 6 packets transmitted, 6 received, 0% packet loss, time 4999ms
> > rtt
> > > > > > > min/avg/max/mdev = 0.270/0.603/2.006/0.628 ms
> > > > > > >
> > > > > > > # telnet X.X.X.2 53
> > > > > > > Trying X.X.X.2...
> > > > > > > Connected to X.X.X.2.
> > > > > > > Escape character is '^]'.
> > > > > > >
> > > > > > > netstat -a on the VR shows the service is listening on domain
> > port
> > > > > (53).
> > > > > > >
> > > > > > > tcp 0 0 r-2606-VM:domain *:*
> > > > > > LISTEN
> > > > > > >
> > > > > > > tcp 0 0 X.X.X.2:domain *:*
> > > LISTEN
> > > > > > >
> > > > > > > udp 156992 0 r-2606-VM:domain *:*
> > > > > > >
> > > > > > > udp 164032 0 X.X.X.2:domain *:*
> > > > > > >
> > > > > > > Can you advise if there's anything else I need to check?
> > > > > > >
> > > > > > > Looking forward to your reply, thank you.
> > > > > > >
> > > > > > > Cheers.
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > On Mon, Jul 21, 2014 at 1:17 AM, Santhosh Edukulla <
> > > > > > > santhosh.edukulla@citrix.com> wrote:
> > > > > > >
> > > > > > > > Run trace route from guest vms, the result will yield to the
> > > point
> > > > > > > > where packet drop is happening, could be a network acl rule
> > > issue,
> > > > > > > > but tracert command can lead to some answers.
> > > > > > > >
> > > > > > > > List running ports as well on VR, do a telnet to dns port on
> > > router
> > > > > > > > from guest vm to verify for its response.
> > > > > > > >
> > > > > > > > Santhosh
> > > > > > > > ________________________________________
> > > > > > > > From: Indra Pramana [indra@sg.or.id]
> > > > > > > > Sent: Sunday, July 20, 2014 1:06 PM
> > > > > > > > To: users@cloudstack.apache.org
> > > > > > > > Cc: dev@cloudstack.apache.org
> > > > > > > > Subject: Re: DNS service on VR not responding
> > > > > > > >
> > > > > > > > Hi Rafael,
> > > > > > > >
> > > > > > > > Good day to you, and thank you for your reply.
> > > > > > > >
> > > > > > > > Can't find anything wrong on dnsmasq.log / daemon.log, just
> > some
> > > > log
> > > > > > > > entries related to DHCP, nothing on DNS. I masked the IP
> > > addresses
> > > > > > > > since they are public.
> > > > > > > >
> > > > > > > > ===
> > > > > > > > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPDISCOVER(eth0)
> > > X.X.X.X
> > > > > > > > 06:62:a8:01:13:37
> > > > > > > > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPOFFER(eth0)
> > X.X.X.X
> > > > > > > > 06:62:a8:01:13:37
> > > > > > > > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPREQUEST(eth0)
> > > X.X.X.X
> > > > > > > > 06:62:a8:01:13:37
> > > > > > > > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPACK(eth0)
> X.X.X.X
> > > > > > > > 06:62:a8:01:13:37 yyyyyy
> > > > > > > > Jul 20 16:23:53 r-2606-VM dnsmasq[3519]: DHCPINFORM(eth0)
> > X.X.X.X
> > > > > > > > 06:43:4a:01:12:65
> > > > > > > > Jul 20 16:23:53 r-2606-VM dnsmasq[3519]: DHCPACK(eth0)
> X.X.X.X
> > > > > > > > 06:43:4a:01:12:65 zzzzzz
> > > > > > > > ===
> > > > > > > >
> > > > > > > > Yes, the guest VMs are having difficulties resolving domains
> > into
> > > > IP
> > > > > > > > addresses because of the problem on the VR's DNS server.
> > > > > > > >
> > > > > > > > $ host www.google.com X.X.X.X (where X.X.X.X is the IP
> address
> > > of
> > > > > > > > the
> > > > > > > VR)
> > > > > > > > ;; connection timed out; no servers could be reached
> > > > > > > >
> > > > > > > > However, from within the VR, I am able to resolve domains
> just
> > > > fine.
> > > > > > > >
> > > > > > > > Any advise where can I start troubleshooting this?
> > > > > > > >
> > > > > > > > Looking forward to your reply, thank you.
> > > > > > > >
> > > > > > > > Cheers.
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > On Sun, Jul 20, 2014 at 11:26 PM, Rafael Weingartner <
> > > > > > > > rafaelweingartner@gmail.com> wrote:
> > > > > > > >
> > > > > > > > > Have you taken a look at dnsmasq.log in the VR ?
> > > > > > > > > What do you mean with not responding? The addresses are not
> > > being
> > > > > > > > resolved
> > > > > > > > > to ip addresses?
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > On Sun, Jul 20, 2014 at 11:53 AM, Indra Pramana <
> > > indra@sg.or.id>
> > > > > > > wrote:
> > > > > > > > >
> > > > > > > > > > Dear all,
> > > > > > > > > >
> > > > > > > > > > All our guest VMs are having our virtual router (VR)'s IP
> > > > > > > > > > address on /etc/resolv.conf. In the past two weeks, I
> just
> > > > > > > > > > realised that the DNS service on the VR is not working,
> and
> > > > > > > > > > doesn't respond to DNS queries
> > > > > > > > from
> > > > > > > > > > the DNS clients on the guest VM.
> > > > > > > > > >
> > > > > > > > > > I have tried to stop and start back the VR, but the
> problem
> > > > > > persists.
> > > > > > > > > >
> > > > > > > > > > DHCP services seems to be running fine, only DNS services
> > are
> > > > > > > > > > not
> > > > > > > > > working.
> > > > > > > > > > From what I understand, both services are provided by
> > > dnsmasq,
> > > > > > > correct?
> > > > > > > > > >
> > > > > > > > > > Any advice on how can I resolve the problem?
> > > > > > > > > >
> > > > > > > > > > Looking forward to your reply, thank you.
> > > > > > > > > >
> > > > > > > > > > Cheers.
> > > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > --
> > > > > > > > > Rafael Weingärtner
> > > > > > > > >
> > > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
>
RE: DNS service on VR not responding
Posted by Santhosh Edukulla <sa...@citrix.com>.
Below are points so far,
Have we selected the dns under network offering? As well, can you check whether your dns queries are reaching VR by enabling VR in resolv.conf ( guest vm ) and running trace route for some example domain?
Santhosh
________________________________________
From: Indra Pramana [indra@sg.or.id]
Sent: Monday, July 21, 2014 6:33 AM
To: users@cloudstack.apache.org
Subject: Re: DNS service on VR not responding
Hi Vihar,
Have tried:
- Restarting dnsmasq service
- Stopping and starting the VR from CloudStack GUI.
Problem still persists. :(
Any other hints or suggestions?
Looking forward to to your reply, thank you.
Cheers.
On Mon, Jul 21, 2014 at 6:19 PM, Vihar <vi...@gmail.com> wrote:
> Hi Indra,
>
> Are you referring to /etc/resolv.conf on the VR itself or on the guest VM?
> >> I was referring to the VR itself. I thought there was 3 IP address in VR
> itself.
>
> Have you tried stopping and starting the VR if not can you give a try.
>
> Regards
> Vihar K
> On Jul 21, 2014 3:26 PM, "Indra Pramana" <in...@sg.or.id> wrote:
>
> > Hi Vihar,
> >
> > Are you referring to /etc/resolv.conf on the VR itself or on the guest
> VM?
> >
> > On the VR itself, there are only two entries on /etc/resolv.conf pointing
> > to both Google public DNS servers.
> >
> > On the guest VM, there are 3 entries, one to the VR and two to the Google
> > public DNS servers. If I commented out both Google DNS servers and only
> > leaving the VR IP there, I cannot resolve anything. If the VR IP is
> > commented out and leaving both Google DNS servers there, then I can
> > resolve. So the issue is confirmed due to DNS service on the VR.
> >
> > But I am not too sure why it doesn't respond even though the dnsmasq
> > service is running.
> >
> > Thank you.
> >
> >
> >
> >
> >
> >
> > On Mon, Jul 21, 2014 at 1:00 PM, Vihar <vi...@gmail.com> wrote:
> >
> > > Hi ,
> > >
> > > I would like you to comment second and third IP address I.e 4.2.2.2 and
> > > 8.8.8.8 and uncomment the first IP which is allocated to DNS and try to
> > > resolve the internet. It might be resolving the queries from external
> DNS
> > > server.
> > >
> > > If you are not able to resolve the names from VR, check if the DNS
> > service
> > > is running properly for the IP which act as a DNS server.
> > >
> > > Regards
> > > Vihar
> > > On Jul 21, 2014 10:19 AM, "Indra Pramana" <in...@sg.or.id> wrote:
> > >
> > > > Hi Sanjeev,
> > > >
> > > > Good day to you, and thank you for your reply.
> > > >
> > > > Yes, I can resolve domains without any issues from within the VR
> > itself.
> > > >
> > > > root@r-2606-VM:/etc# ping yahoo.com
> > > > PING yahoo.com (98.139.183.24): 56 data bytes
> > > > 64 bytes from 98.139.183.24: icmp_seq=0 ttl=47 time=250.473 ms
> > > > 64 bytes from 98.139.183.24: icmp_seq=1 ttl=47 time=239.240 ms
> > > > 64 bytes from 98.139.183.24: icmp_seq=2 ttl=45 time=247.605 ms
> > > > 64 bytes from 98.139.183.24: icmp_seq=3 ttl=45 time=244.913 ms
> > > > ^C--- yahoo.com ping statistics ---
> > > > 4 packets transmitted, 4 packets received, 0% packet loss
> > > > round-trip min/avg/max/stddev = 239.240/245.558/250.473/4.144 ms
> > > >
> > > > root@r-2606-VM:/etc# ping google.com
> > > > PING google.com (74.125.68.102): 56 data bytes
> > > > 64 bytes from 74.125.68.102: icmp_seq=0 ttl=52 time=1.353 ms
> > > > 64 bytes from 74.125.68.102: icmp_seq=1 ttl=52 time=1.199 ms
> > > > 64 bytes from 74.125.68.102: icmp_seq=2 ttl=52 time=1.268 ms
> > > > 64 bytes from 74.125.68.102: icmp_seq=3 ttl=52 time=1.287 ms
> > > > ^C--- google.com ping statistics ---
> > > > 4 packets transmitted, 4 packets received, 0% packet loss
> > > > round-trip min/avg/max/stddev = 1.199/1.277/1.353/0.055 ms
> > > >
> > > > The VR uses 8.8.8.8 and 8.8.4.4 to resolve domains.
> > > >
> > > > root@r-2606-VM:/etc# cat /etc/resolv.conf
> > > > nameserver 8.8.8.8
> > > > nameserver 8.8.4.4
> > > >
> > > > I can ping both name servers without any issues.
> > > >
> > > > root@r-2606-VM:/etc# ping 8.8.8.8
> > > > PING 8.8.8.8 (8.8.8.8): 56 data bytes
> > > > 64 bytes from 8.8.8.8: icmp_seq=0 ttl=52 time=4.693 ms
> > > > 64 bytes from 8.8.8.8: icmp_seq=1 ttl=52 time=2.390 ms
> > > > 64 bytes from 8.8.8.8: icmp_seq=2 ttl=52 time=2.523 ms
> > > > 64 bytes from 8.8.8.8: icmp_seq=3 ttl=52 time=2.458 ms
> > > > ^C--- 8.8.8.8 ping statistics ---
> > > > 4 packets transmitted, 4 packets received, 0% packet loss
> > > > round-trip min/avg/max/stddev = 2.390/3.016/4.693/0.969 ms
> > > >
> > > > root@r-2606-VM:/etc# ping 8.8.4.4
> > > > PING 8.8.4.4 (8.8.4.4): 56 data bytes
> > > > 64 bytes from 8.8.4.4: icmp_seq=0 ttl=52 time=2.649 ms
> > > > 64 bytes from 8.8.4.4: icmp_seq=1 ttl=52 time=2.458 ms
> > > > 64 bytes from 8.8.4.4: icmp_seq=2 ttl=52 time=2.436 ms
> > > > 64 bytes from 8.8.4.4: icmp_seq=3 ttl=52 time=2.393 ms
> > > > ^C--- 8.8.4.4 ping statistics ---
> > > > 4 packets transmitted, 4 packets received, 0% packet loss
> > > > round-trip min/avg/max/stddev = 2.393/2.484/2.649/0.098 ms
> > > >
> > > > Looking forward to your reply, thank you.
> > > >
> > > > Cheers.
> > > >
> > > >
> > > >
> > > >
> > > > On Mon, Jul 21, 2014 at 12:18 PM, Sanjeev Neelarapu <
> > > > sanjeev.neelarapu@citrix.com> wrote:
> > > >
> > > > > Hi,
> > > > >
> > > > > Can you check if the VR is able to resolve the domain names by
> > pinging
> > > > > from VR ?
> > > > >
> > > > > -Sanjeev
> > > > >
> > > > > -----Original Message-----
> > > > > From: Vihar [mailto:vih1310@gmail.com]
> > > > > Sent: Monday, July 21, 2014 5:43 AM
> > > > > To: users@cloudstack.apache.org
> > > > > Cc: dev@cloudstack.apache.org
> > > > > Subject: RE: DNS service on VR not responding
> > > > >
> > > > > Hi,
> > > > >
> > > > > Yes, if I remove or comment out the first nameserver entry for the
> > VR's
> > > > > IP, and only leaving 8.8.8.8 and 8.8.4.4, guest VMs will be running
> > > fine
> > > > > and will be able to resolve domains properly."
> > > > >
> > > > > Are you able to ping the first DNS server IP address that you
> > commented
> > > > > out?
> > > > >
> > > > > Regards
> > > > > Vihar K
> > > > > On Jul 20, 2014 11:29 PM, "Santhosh Edukulla" <
> > > > > santhosh.edukulla@citrix.com>
> > > > > wrote:
> > > > >
> > > > > > Do a traceroute to an external domain say google.com from guest
> > vm,
> > > as
> > > > > > you mentioned below, both by commenting out vr ip and not, in
> > > > > > resolv.conf, you may see the difference.
> > > > > >
> > > > > > "Yes, if I remove or comment out the first nameserver entry for
> the
> > > > > > VR's IP, and only leaving 8.8.8.8 and 8.8.4.4, guest VMs will be
> > > > > > running fine and will be able to resolve domains properly."
> > > > > >
> > > > > >
> > > > > > Santhosh
> > > > > > ________________________________________
> > > > > > From: Indra Pramana [indra@sg.or.id]
> > > > > > Sent: Sunday, July 20, 2014 1:48 PM
> > > > > > To: users@cloudstack.apache.org
> > > > > > Cc: dev@cloudstack.apache.org
> > > > > > Subject: Re: DNS service on VR not responding
> > > > > >
> > > > > > Hi Santhosh,
> > > > > >
> > > > > > Good day to you, and thank you for your email.
> > > > > >
> > > > > > Traceroute packets seems to be dropped, I think it's by default.
> > See
> > > > > > result
> > > > > > below:
> > > > > >
> > > > > > # traceroute X.X.X.2
> > > > > > traceroute to X.X.X.2 (X.X.X.2), 30 hops max, 60 byte packets
> > > > > > 1 * * *
> > > > > > 2 * * *
> > > > > > 3 * * *
> > > > > >
> > > > > > However, I am able to ping, and there is a response when I tried
> to
> > > > > > telnet to port 53.
> > > > > >
> > > > > > 64 bytes from X.X.X.2: icmp_req=4 ttl=64 time=2.00 ms
> > > > > > 64 bytes from X.X.X.2: icmp_req=5 ttl=64 time=0.291 ms
> > > > > > 64 bytes from X.X.X.2: icmp_req=6 ttl=64 time=0.384 ms ^C
> > > > > > --- X.X.X.2 ping statistics ---
> > > > > > 6 packets transmitted, 6 received, 0% packet loss, time 4999ms
> rtt
> > > > > > min/avg/max/mdev = 0.270/0.603/2.006/0.628 ms
> > > > > >
> > > > > > # telnet X.X.X.2 53
> > > > > > Trying X.X.X.2...
> > > > > > Connected to X.X.X.2.
> > > > > > Escape character is '^]'.
> > > > > >
> > > > > > netstat -a on the VR shows the service is listening on domain
> port
> > > > (53).
> > > > > >
> > > > > > tcp 0 0 r-2606-VM:domain *:*
> > > > > LISTEN
> > > > > >
> > > > > > tcp 0 0 X.X.X.2:domain *:*
> > LISTEN
> > > > > >
> > > > > > udp 156992 0 r-2606-VM:domain *:*
> > > > > >
> > > > > > udp 164032 0 X.X.X.2:domain *:*
> > > > > >
> > > > > > Can you advise if there's anything else I need to check?
> > > > > >
> > > > > > Looking forward to your reply, thank you.
> > > > > >
> > > > > > Cheers.
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > On Mon, Jul 21, 2014 at 1:17 AM, Santhosh Edukulla <
> > > > > > santhosh.edukulla@citrix.com> wrote:
> > > > > >
> > > > > > > Run trace route from guest vms, the result will yield to the
> > point
> > > > > > > where packet drop is happening, could be a network acl rule
> > issue,
> > > > > > > but tracert command can lead to some answers.
> > > > > > >
> > > > > > > List running ports as well on VR, do a telnet to dns port on
> > router
> > > > > > > from guest vm to verify for its response.
> > > > > > >
> > > > > > > Santhosh
> > > > > > > ________________________________________
> > > > > > > From: Indra Pramana [indra@sg.or.id]
> > > > > > > Sent: Sunday, July 20, 2014 1:06 PM
> > > > > > > To: users@cloudstack.apache.org
> > > > > > > Cc: dev@cloudstack.apache.org
> > > > > > > Subject: Re: DNS service on VR not responding
> > > > > > >
> > > > > > > Hi Rafael,
> > > > > > >
> > > > > > > Good day to you, and thank you for your reply.
> > > > > > >
> > > > > > > Can't find anything wrong on dnsmasq.log / daemon.log, just
> some
> > > log
> > > > > > > entries related to DHCP, nothing on DNS. I masked the IP
> > addresses
> > > > > > > since they are public.
> > > > > > >
> > > > > > > ===
> > > > > > > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPDISCOVER(eth0)
> > X.X.X.X
> > > > > > > 06:62:a8:01:13:37
> > > > > > > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPOFFER(eth0)
> X.X.X.X
> > > > > > > 06:62:a8:01:13:37
> > > > > > > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPREQUEST(eth0)
> > X.X.X.X
> > > > > > > 06:62:a8:01:13:37
> > > > > > > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPACK(eth0) X.X.X.X
> > > > > > > 06:62:a8:01:13:37 yyyyyy
> > > > > > > Jul 20 16:23:53 r-2606-VM dnsmasq[3519]: DHCPINFORM(eth0)
> X.X.X.X
> > > > > > > 06:43:4a:01:12:65
> > > > > > > Jul 20 16:23:53 r-2606-VM dnsmasq[3519]: DHCPACK(eth0) X.X.X.X
> > > > > > > 06:43:4a:01:12:65 zzzzzz
> > > > > > > ===
> > > > > > >
> > > > > > > Yes, the guest VMs are having difficulties resolving domains
> into
> > > IP
> > > > > > > addresses because of the problem on the VR's DNS server.
> > > > > > >
> > > > > > > $ host www.google.com X.X.X.X (where X.X.X.X is the IP address
> > of
> > > > > > > the
> > > > > > VR)
> > > > > > > ;; connection timed out; no servers could be reached
> > > > > > >
> > > > > > > However, from within the VR, I am able to resolve domains just
> > > fine.
> > > > > > >
> > > > > > > Any advise where can I start troubleshooting this?
> > > > > > >
> > > > > > > Looking forward to your reply, thank you.
> > > > > > >
> > > > > > > Cheers.
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > On Sun, Jul 20, 2014 at 11:26 PM, Rafael Weingartner <
> > > > > > > rafaelweingartner@gmail.com> wrote:
> > > > > > >
> > > > > > > > Have you taken a look at dnsmasq.log in the VR ?
> > > > > > > > What do you mean with not responding? The addresses are not
> > being
> > > > > > > resolved
> > > > > > > > to ip addresses?
> > > > > > > >
> > > > > > > >
> > > > > > > > On Sun, Jul 20, 2014 at 11:53 AM, Indra Pramana <
> > indra@sg.or.id>
> > > > > > wrote:
> > > > > > > >
> > > > > > > > > Dear all,
> > > > > > > > >
> > > > > > > > > All our guest VMs are having our virtual router (VR)'s IP
> > > > > > > > > address on /etc/resolv.conf. In the past two weeks, I just
> > > > > > > > > realised that the DNS service on the VR is not working, and
> > > > > > > > > doesn't respond to DNS queries
> > > > > > > from
> > > > > > > > > the DNS clients on the guest VM.
> > > > > > > > >
> > > > > > > > > I have tried to stop and start back the VR, but the problem
> > > > > persists.
> > > > > > > > >
> > > > > > > > > DHCP services seems to be running fine, only DNS services
> are
> > > > > > > > > not
> > > > > > > > working.
> > > > > > > > > From what I understand, both services are provided by
> > dnsmasq,
> > > > > > correct?
> > > > > > > > >
> > > > > > > > > Any advice on how can I resolve the problem?
> > > > > > > > >
> > > > > > > > > Looking forward to your reply, thank you.
> > > > > > > > >
> > > > > > > > > Cheers.
> > > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > --
> > > > > > > > Rafael Weingärtner
> > > > > > > >
> > > > > > >
> > > > >
> > > >
> > >
> >
>
Re: DNS service on VR not responding
Posted by Indra Pramana <in...@sg.or.id>.
Hi Vihar,
Have tried:
- Restarting dnsmasq service
- Stopping and starting the VR from CloudStack GUI.
Problem still persists. :(
Any other hints or suggestions?
Looking forward to to your reply, thank you.
Cheers.
On Mon, Jul 21, 2014 at 6:19 PM, Vihar <vi...@gmail.com> wrote:
> Hi Indra,
>
> Are you referring to /etc/resolv.conf on the VR itself or on the guest VM?
> >> I was referring to the VR itself. I thought there was 3 IP address in VR
> itself.
>
> Have you tried stopping and starting the VR if not can you give a try.
>
> Regards
> Vihar K
> On Jul 21, 2014 3:26 PM, "Indra Pramana" <in...@sg.or.id> wrote:
>
> > Hi Vihar,
> >
> > Are you referring to /etc/resolv.conf on the VR itself or on the guest
> VM?
> >
> > On the VR itself, there are only two entries on /etc/resolv.conf pointing
> > to both Google public DNS servers.
> >
> > On the guest VM, there are 3 entries, one to the VR and two to the Google
> > public DNS servers. If I commented out both Google DNS servers and only
> > leaving the VR IP there, I cannot resolve anything. If the VR IP is
> > commented out and leaving both Google DNS servers there, then I can
> > resolve. So the issue is confirmed due to DNS service on the VR.
> >
> > But I am not too sure why it doesn't respond even though the dnsmasq
> > service is running.
> >
> > Thank you.
> >
> >
> >
> >
> >
> >
> > On Mon, Jul 21, 2014 at 1:00 PM, Vihar <vi...@gmail.com> wrote:
> >
> > > Hi ,
> > >
> > > I would like you to comment second and third IP address I.e 4.2.2.2 and
> > > 8.8.8.8 and uncomment the first IP which is allocated to DNS and try to
> > > resolve the internet. It might be resolving the queries from external
> DNS
> > > server.
> > >
> > > If you are not able to resolve the names from VR, check if the DNS
> > service
> > > is running properly for the IP which act as a DNS server.
> > >
> > > Regards
> > > Vihar
> > > On Jul 21, 2014 10:19 AM, "Indra Pramana" <in...@sg.or.id> wrote:
> > >
> > > > Hi Sanjeev,
> > > >
> > > > Good day to you, and thank you for your reply.
> > > >
> > > > Yes, I can resolve domains without any issues from within the VR
> > itself.
> > > >
> > > > root@r-2606-VM:/etc# ping yahoo.com
> > > > PING yahoo.com (98.139.183.24): 56 data bytes
> > > > 64 bytes from 98.139.183.24: icmp_seq=0 ttl=47 time=250.473 ms
> > > > 64 bytes from 98.139.183.24: icmp_seq=1 ttl=47 time=239.240 ms
> > > > 64 bytes from 98.139.183.24: icmp_seq=2 ttl=45 time=247.605 ms
> > > > 64 bytes from 98.139.183.24: icmp_seq=3 ttl=45 time=244.913 ms
> > > > ^C--- yahoo.com ping statistics ---
> > > > 4 packets transmitted, 4 packets received, 0% packet loss
> > > > round-trip min/avg/max/stddev = 239.240/245.558/250.473/4.144 ms
> > > >
> > > > root@r-2606-VM:/etc# ping google.com
> > > > PING google.com (74.125.68.102): 56 data bytes
> > > > 64 bytes from 74.125.68.102: icmp_seq=0 ttl=52 time=1.353 ms
> > > > 64 bytes from 74.125.68.102: icmp_seq=1 ttl=52 time=1.199 ms
> > > > 64 bytes from 74.125.68.102: icmp_seq=2 ttl=52 time=1.268 ms
> > > > 64 bytes from 74.125.68.102: icmp_seq=3 ttl=52 time=1.287 ms
> > > > ^C--- google.com ping statistics ---
> > > > 4 packets transmitted, 4 packets received, 0% packet loss
> > > > round-trip min/avg/max/stddev = 1.199/1.277/1.353/0.055 ms
> > > >
> > > > The VR uses 8.8.8.8 and 8.8.4.4 to resolve domains.
> > > >
> > > > root@r-2606-VM:/etc# cat /etc/resolv.conf
> > > > nameserver 8.8.8.8
> > > > nameserver 8.8.4.4
> > > >
> > > > I can ping both name servers without any issues.
> > > >
> > > > root@r-2606-VM:/etc# ping 8.8.8.8
> > > > PING 8.8.8.8 (8.8.8.8): 56 data bytes
> > > > 64 bytes from 8.8.8.8: icmp_seq=0 ttl=52 time=4.693 ms
> > > > 64 bytes from 8.8.8.8: icmp_seq=1 ttl=52 time=2.390 ms
> > > > 64 bytes from 8.8.8.8: icmp_seq=2 ttl=52 time=2.523 ms
> > > > 64 bytes from 8.8.8.8: icmp_seq=3 ttl=52 time=2.458 ms
> > > > ^C--- 8.8.8.8 ping statistics ---
> > > > 4 packets transmitted, 4 packets received, 0% packet loss
> > > > round-trip min/avg/max/stddev = 2.390/3.016/4.693/0.969 ms
> > > >
> > > > root@r-2606-VM:/etc# ping 8.8.4.4
> > > > PING 8.8.4.4 (8.8.4.4): 56 data bytes
> > > > 64 bytes from 8.8.4.4: icmp_seq=0 ttl=52 time=2.649 ms
> > > > 64 bytes from 8.8.4.4: icmp_seq=1 ttl=52 time=2.458 ms
> > > > 64 bytes from 8.8.4.4: icmp_seq=2 ttl=52 time=2.436 ms
> > > > 64 bytes from 8.8.4.4: icmp_seq=3 ttl=52 time=2.393 ms
> > > > ^C--- 8.8.4.4 ping statistics ---
> > > > 4 packets transmitted, 4 packets received, 0% packet loss
> > > > round-trip min/avg/max/stddev = 2.393/2.484/2.649/0.098 ms
> > > >
> > > > Looking forward to your reply, thank you.
> > > >
> > > > Cheers.
> > > >
> > > >
> > > >
> > > >
> > > > On Mon, Jul 21, 2014 at 12:18 PM, Sanjeev Neelarapu <
> > > > sanjeev.neelarapu@citrix.com> wrote:
> > > >
> > > > > Hi,
> > > > >
> > > > > Can you check if the VR is able to resolve the domain names by
> > pinging
> > > > > from VR ?
> > > > >
> > > > > -Sanjeev
> > > > >
> > > > > -----Original Message-----
> > > > > From: Vihar [mailto:vih1310@gmail.com]
> > > > > Sent: Monday, July 21, 2014 5:43 AM
> > > > > To: users@cloudstack.apache.org
> > > > > Cc: dev@cloudstack.apache.org
> > > > > Subject: RE: DNS service on VR not responding
> > > > >
> > > > > Hi,
> > > > >
> > > > > Yes, if I remove or comment out the first nameserver entry for the
> > VR's
> > > > > IP, and only leaving 8.8.8.8 and 8.8.4.4, guest VMs will be running
> > > fine
> > > > > and will be able to resolve domains properly."
> > > > >
> > > > > Are you able to ping the first DNS server IP address that you
> > commented
> > > > > out?
> > > > >
> > > > > Regards
> > > > > Vihar K
> > > > > On Jul 20, 2014 11:29 PM, "Santhosh Edukulla" <
> > > > > santhosh.edukulla@citrix.com>
> > > > > wrote:
> > > > >
> > > > > > Do a traceroute to an external domain say google.com from guest
> > vm,
> > > as
> > > > > > you mentioned below, both by commenting out vr ip and not, in
> > > > > > resolv.conf, you may see the difference.
> > > > > >
> > > > > > "Yes, if I remove or comment out the first nameserver entry for
> the
> > > > > > VR's IP, and only leaving 8.8.8.8 and 8.8.4.4, guest VMs will be
> > > > > > running fine and will be able to resolve domains properly."
> > > > > >
> > > > > >
> > > > > > Santhosh
> > > > > > ________________________________________
> > > > > > From: Indra Pramana [indra@sg.or.id]
> > > > > > Sent: Sunday, July 20, 2014 1:48 PM
> > > > > > To: users@cloudstack.apache.org
> > > > > > Cc: dev@cloudstack.apache.org
> > > > > > Subject: Re: DNS service on VR not responding
> > > > > >
> > > > > > Hi Santhosh,
> > > > > >
> > > > > > Good day to you, and thank you for your email.
> > > > > >
> > > > > > Traceroute packets seems to be dropped, I think it's by default.
> > See
> > > > > > result
> > > > > > below:
> > > > > >
> > > > > > # traceroute X.X.X.2
> > > > > > traceroute to X.X.X.2 (X.X.X.2), 30 hops max, 60 byte packets
> > > > > > 1 * * *
> > > > > > 2 * * *
> > > > > > 3 * * *
> > > > > >
> > > > > > However, I am able to ping, and there is a response when I tried
> to
> > > > > > telnet to port 53.
> > > > > >
> > > > > > 64 bytes from X.X.X.2: icmp_req=4 ttl=64 time=2.00 ms
> > > > > > 64 bytes from X.X.X.2: icmp_req=5 ttl=64 time=0.291 ms
> > > > > > 64 bytes from X.X.X.2: icmp_req=6 ttl=64 time=0.384 ms ^C
> > > > > > --- X.X.X.2 ping statistics ---
> > > > > > 6 packets transmitted, 6 received, 0% packet loss, time 4999ms
> rtt
> > > > > > min/avg/max/mdev = 0.270/0.603/2.006/0.628 ms
> > > > > >
> > > > > > # telnet X.X.X.2 53
> > > > > > Trying X.X.X.2...
> > > > > > Connected to X.X.X.2.
> > > > > > Escape character is '^]'.
> > > > > >
> > > > > > netstat -a on the VR shows the service is listening on domain
> port
> > > > (53).
> > > > > >
> > > > > > tcp 0 0 r-2606-VM:domain *:*
> > > > > LISTEN
> > > > > >
> > > > > > tcp 0 0 X.X.X.2:domain *:*
> > LISTEN
> > > > > >
> > > > > > udp 156992 0 r-2606-VM:domain *:*
> > > > > >
> > > > > > udp 164032 0 X.X.X.2:domain *:*
> > > > > >
> > > > > > Can you advise if there's anything else I need to check?
> > > > > >
> > > > > > Looking forward to your reply, thank you.
> > > > > >
> > > > > > Cheers.
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > On Mon, Jul 21, 2014 at 1:17 AM, Santhosh Edukulla <
> > > > > > santhosh.edukulla@citrix.com> wrote:
> > > > > >
> > > > > > > Run trace route from guest vms, the result will yield to the
> > point
> > > > > > > where packet drop is happening, could be a network acl rule
> > issue,
> > > > > > > but tracert command can lead to some answers.
> > > > > > >
> > > > > > > List running ports as well on VR, do a telnet to dns port on
> > router
> > > > > > > from guest vm to verify for its response.
> > > > > > >
> > > > > > > Santhosh
> > > > > > > ________________________________________
> > > > > > > From: Indra Pramana [indra@sg.or.id]
> > > > > > > Sent: Sunday, July 20, 2014 1:06 PM
> > > > > > > To: users@cloudstack.apache.org
> > > > > > > Cc: dev@cloudstack.apache.org
> > > > > > > Subject: Re: DNS service on VR not responding
> > > > > > >
> > > > > > > Hi Rafael,
> > > > > > >
> > > > > > > Good day to you, and thank you for your reply.
> > > > > > >
> > > > > > > Can't find anything wrong on dnsmasq.log / daemon.log, just
> some
> > > log
> > > > > > > entries related to DHCP, nothing on DNS. I masked the IP
> > addresses
> > > > > > > since they are public.
> > > > > > >
> > > > > > > ===
> > > > > > > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPDISCOVER(eth0)
> > X.X.X.X
> > > > > > > 06:62:a8:01:13:37
> > > > > > > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPOFFER(eth0)
> X.X.X.X
> > > > > > > 06:62:a8:01:13:37
> > > > > > > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPREQUEST(eth0)
> > X.X.X.X
> > > > > > > 06:62:a8:01:13:37
> > > > > > > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPACK(eth0) X.X.X.X
> > > > > > > 06:62:a8:01:13:37 yyyyyy
> > > > > > > Jul 20 16:23:53 r-2606-VM dnsmasq[3519]: DHCPINFORM(eth0)
> X.X.X.X
> > > > > > > 06:43:4a:01:12:65
> > > > > > > Jul 20 16:23:53 r-2606-VM dnsmasq[3519]: DHCPACK(eth0) X.X.X.X
> > > > > > > 06:43:4a:01:12:65 zzzzzz
> > > > > > > ===
> > > > > > >
> > > > > > > Yes, the guest VMs are having difficulties resolving domains
> into
> > > IP
> > > > > > > addresses because of the problem on the VR's DNS server.
> > > > > > >
> > > > > > > $ host www.google.com X.X.X.X (where X.X.X.X is the IP address
> > of
> > > > > > > the
> > > > > > VR)
> > > > > > > ;; connection timed out; no servers could be reached
> > > > > > >
> > > > > > > However, from within the VR, I am able to resolve domains just
> > > fine.
> > > > > > >
> > > > > > > Any advise where can I start troubleshooting this?
> > > > > > >
> > > > > > > Looking forward to your reply, thank you.
> > > > > > >
> > > > > > > Cheers.
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > On Sun, Jul 20, 2014 at 11:26 PM, Rafael Weingartner <
> > > > > > > rafaelweingartner@gmail.com> wrote:
> > > > > > >
> > > > > > > > Have you taken a look at dnsmasq.log in the VR ?
> > > > > > > > What do you mean with not responding? The addresses are not
> > being
> > > > > > > resolved
> > > > > > > > to ip addresses?
> > > > > > > >
> > > > > > > >
> > > > > > > > On Sun, Jul 20, 2014 at 11:53 AM, Indra Pramana <
> > indra@sg.or.id>
> > > > > > wrote:
> > > > > > > >
> > > > > > > > > Dear all,
> > > > > > > > >
> > > > > > > > > All our guest VMs are having our virtual router (VR)'s IP
> > > > > > > > > address on /etc/resolv.conf. In the past two weeks, I just
> > > > > > > > > realised that the DNS service on the VR is not working, and
> > > > > > > > > doesn't respond to DNS queries
> > > > > > > from
> > > > > > > > > the DNS clients on the guest VM.
> > > > > > > > >
> > > > > > > > > I have tried to stop and start back the VR, but the problem
> > > > > persists.
> > > > > > > > >
> > > > > > > > > DHCP services seems to be running fine, only DNS services
> are
> > > > > > > > > not
> > > > > > > > working.
> > > > > > > > > From what I understand, both services are provided by
> > dnsmasq,
> > > > > > correct?
> > > > > > > > >
> > > > > > > > > Any advice on how can I resolve the problem?
> > > > > > > > >
> > > > > > > > > Looking forward to your reply, thank you.
> > > > > > > > >
> > > > > > > > > Cheers.
> > > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > --
> > > > > > > > Rafael Weingärtner
> > > > > > > >
> > > > > > >
> > > > >
> > > >
> > >
> >
>
Re: DNS service on VR not responding
Posted by Vihar <vi...@gmail.com>.
Hi Indra,
Are you referring to /etc/resolv.conf on the VR itself or on the guest VM?
>> I was referring to the VR itself. I thought there was 3 IP address in VR
itself.
Have you tried stopping and starting the VR if not can you give a try.
Regards
Vihar K
On Jul 21, 2014 3:26 PM, "Indra Pramana" <in...@sg.or.id> wrote:
> Hi Vihar,
>
> Are you referring to /etc/resolv.conf on the VR itself or on the guest VM?
>
> On the VR itself, there are only two entries on /etc/resolv.conf pointing
> to both Google public DNS servers.
>
> On the guest VM, there are 3 entries, one to the VR and two to the Google
> public DNS servers. If I commented out both Google DNS servers and only
> leaving the VR IP there, I cannot resolve anything. If the VR IP is
> commented out and leaving both Google DNS servers there, then I can
> resolve. So the issue is confirmed due to DNS service on the VR.
>
> But I am not too sure why it doesn't respond even though the dnsmasq
> service is running.
>
> Thank you.
>
>
>
>
>
>
> On Mon, Jul 21, 2014 at 1:00 PM, Vihar <vi...@gmail.com> wrote:
>
> > Hi ,
> >
> > I would like you to comment second and third IP address I.e 4.2.2.2 and
> > 8.8.8.8 and uncomment the first IP which is allocated to DNS and try to
> > resolve the internet. It might be resolving the queries from external DNS
> > server.
> >
> > If you are not able to resolve the names from VR, check if the DNS
> service
> > is running properly for the IP which act as a DNS server.
> >
> > Regards
> > Vihar
> > On Jul 21, 2014 10:19 AM, "Indra Pramana" <in...@sg.or.id> wrote:
> >
> > > Hi Sanjeev,
> > >
> > > Good day to you, and thank you for your reply.
> > >
> > > Yes, I can resolve domains without any issues from within the VR
> itself.
> > >
> > > root@r-2606-VM:/etc# ping yahoo.com
> > > PING yahoo.com (98.139.183.24): 56 data bytes
> > > 64 bytes from 98.139.183.24: icmp_seq=0 ttl=47 time=250.473 ms
> > > 64 bytes from 98.139.183.24: icmp_seq=1 ttl=47 time=239.240 ms
> > > 64 bytes from 98.139.183.24: icmp_seq=2 ttl=45 time=247.605 ms
> > > 64 bytes from 98.139.183.24: icmp_seq=3 ttl=45 time=244.913 ms
> > > ^C--- yahoo.com ping statistics ---
> > > 4 packets transmitted, 4 packets received, 0% packet loss
> > > round-trip min/avg/max/stddev = 239.240/245.558/250.473/4.144 ms
> > >
> > > root@r-2606-VM:/etc# ping google.com
> > > PING google.com (74.125.68.102): 56 data bytes
> > > 64 bytes from 74.125.68.102: icmp_seq=0 ttl=52 time=1.353 ms
> > > 64 bytes from 74.125.68.102: icmp_seq=1 ttl=52 time=1.199 ms
> > > 64 bytes from 74.125.68.102: icmp_seq=2 ttl=52 time=1.268 ms
> > > 64 bytes from 74.125.68.102: icmp_seq=3 ttl=52 time=1.287 ms
> > > ^C--- google.com ping statistics ---
> > > 4 packets transmitted, 4 packets received, 0% packet loss
> > > round-trip min/avg/max/stddev = 1.199/1.277/1.353/0.055 ms
> > >
> > > The VR uses 8.8.8.8 and 8.8.4.4 to resolve domains.
> > >
> > > root@r-2606-VM:/etc# cat /etc/resolv.conf
> > > nameserver 8.8.8.8
> > > nameserver 8.8.4.4
> > >
> > > I can ping both name servers without any issues.
> > >
> > > root@r-2606-VM:/etc# ping 8.8.8.8
> > > PING 8.8.8.8 (8.8.8.8): 56 data bytes
> > > 64 bytes from 8.8.8.8: icmp_seq=0 ttl=52 time=4.693 ms
> > > 64 bytes from 8.8.8.8: icmp_seq=1 ttl=52 time=2.390 ms
> > > 64 bytes from 8.8.8.8: icmp_seq=2 ttl=52 time=2.523 ms
> > > 64 bytes from 8.8.8.8: icmp_seq=3 ttl=52 time=2.458 ms
> > > ^C--- 8.8.8.8 ping statistics ---
> > > 4 packets transmitted, 4 packets received, 0% packet loss
> > > round-trip min/avg/max/stddev = 2.390/3.016/4.693/0.969 ms
> > >
> > > root@r-2606-VM:/etc# ping 8.8.4.4
> > > PING 8.8.4.4 (8.8.4.4): 56 data bytes
> > > 64 bytes from 8.8.4.4: icmp_seq=0 ttl=52 time=2.649 ms
> > > 64 bytes from 8.8.4.4: icmp_seq=1 ttl=52 time=2.458 ms
> > > 64 bytes from 8.8.4.4: icmp_seq=2 ttl=52 time=2.436 ms
> > > 64 bytes from 8.8.4.4: icmp_seq=3 ttl=52 time=2.393 ms
> > > ^C--- 8.8.4.4 ping statistics ---
> > > 4 packets transmitted, 4 packets received, 0% packet loss
> > > round-trip min/avg/max/stddev = 2.393/2.484/2.649/0.098 ms
> > >
> > > Looking forward to your reply, thank you.
> > >
> > > Cheers.
> > >
> > >
> > >
> > >
> > > On Mon, Jul 21, 2014 at 12:18 PM, Sanjeev Neelarapu <
> > > sanjeev.neelarapu@citrix.com> wrote:
> > >
> > > > Hi,
> > > >
> > > > Can you check if the VR is able to resolve the domain names by
> pinging
> > > > from VR ?
> > > >
> > > > -Sanjeev
> > > >
> > > > -----Original Message-----
> > > > From: Vihar [mailto:vih1310@gmail.com]
> > > > Sent: Monday, July 21, 2014 5:43 AM
> > > > To: users@cloudstack.apache.org
> > > > Cc: dev@cloudstack.apache.org
> > > > Subject: RE: DNS service on VR not responding
> > > >
> > > > Hi,
> > > >
> > > > Yes, if I remove or comment out the first nameserver entry for the
> VR's
> > > > IP, and only leaving 8.8.8.8 and 8.8.4.4, guest VMs will be running
> > fine
> > > > and will be able to resolve domains properly."
> > > >
> > > > Are you able to ping the first DNS server IP address that you
> commented
> > > > out?
> > > >
> > > > Regards
> > > > Vihar K
> > > > On Jul 20, 2014 11:29 PM, "Santhosh Edukulla" <
> > > > santhosh.edukulla@citrix.com>
> > > > wrote:
> > > >
> > > > > Do a traceroute to an external domain say google.com from guest
> vm,
> > as
> > > > > you mentioned below, both by commenting out vr ip and not, in
> > > > > resolv.conf, you may see the difference.
> > > > >
> > > > > "Yes, if I remove or comment out the first nameserver entry for the
> > > > > VR's IP, and only leaving 8.8.8.8 and 8.8.4.4, guest VMs will be
> > > > > running fine and will be able to resolve domains properly."
> > > > >
> > > > >
> > > > > Santhosh
> > > > > ________________________________________
> > > > > From: Indra Pramana [indra@sg.or.id]
> > > > > Sent: Sunday, July 20, 2014 1:48 PM
> > > > > To: users@cloudstack.apache.org
> > > > > Cc: dev@cloudstack.apache.org
> > > > > Subject: Re: DNS service on VR not responding
> > > > >
> > > > > Hi Santhosh,
> > > > >
> > > > > Good day to you, and thank you for your email.
> > > > >
> > > > > Traceroute packets seems to be dropped, I think it's by default.
> See
> > > > > result
> > > > > below:
> > > > >
> > > > > # traceroute X.X.X.2
> > > > > traceroute to X.X.X.2 (X.X.X.2), 30 hops max, 60 byte packets
> > > > > 1 * * *
> > > > > 2 * * *
> > > > > 3 * * *
> > > > >
> > > > > However, I am able to ping, and there is a response when I tried to
> > > > > telnet to port 53.
> > > > >
> > > > > 64 bytes from X.X.X.2: icmp_req=4 ttl=64 time=2.00 ms
> > > > > 64 bytes from X.X.X.2: icmp_req=5 ttl=64 time=0.291 ms
> > > > > 64 bytes from X.X.X.2: icmp_req=6 ttl=64 time=0.384 ms ^C
> > > > > --- X.X.X.2 ping statistics ---
> > > > > 6 packets transmitted, 6 received, 0% packet loss, time 4999ms rtt
> > > > > min/avg/max/mdev = 0.270/0.603/2.006/0.628 ms
> > > > >
> > > > > # telnet X.X.X.2 53
> > > > > Trying X.X.X.2...
> > > > > Connected to X.X.X.2.
> > > > > Escape character is '^]'.
> > > > >
> > > > > netstat -a on the VR shows the service is listening on domain port
> > > (53).
> > > > >
> > > > > tcp 0 0 r-2606-VM:domain *:*
> > > > LISTEN
> > > > >
> > > > > tcp 0 0 X.X.X.2:domain *:*
> LISTEN
> > > > >
> > > > > udp 156992 0 r-2606-VM:domain *:*
> > > > >
> > > > > udp 164032 0 X.X.X.2:domain *:*
> > > > >
> > > > > Can you advise if there's anything else I need to check?
> > > > >
> > > > > Looking forward to your reply, thank you.
> > > > >
> > > > > Cheers.
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > On Mon, Jul 21, 2014 at 1:17 AM, Santhosh Edukulla <
> > > > > santhosh.edukulla@citrix.com> wrote:
> > > > >
> > > > > > Run trace route from guest vms, the result will yield to the
> point
> > > > > > where packet drop is happening, could be a network acl rule
> issue,
> > > > > > but tracert command can lead to some answers.
> > > > > >
> > > > > > List running ports as well on VR, do a telnet to dns port on
> router
> > > > > > from guest vm to verify for its response.
> > > > > >
> > > > > > Santhosh
> > > > > > ________________________________________
> > > > > > From: Indra Pramana [indra@sg.or.id]
> > > > > > Sent: Sunday, July 20, 2014 1:06 PM
> > > > > > To: users@cloudstack.apache.org
> > > > > > Cc: dev@cloudstack.apache.org
> > > > > > Subject: Re: DNS service on VR not responding
> > > > > >
> > > > > > Hi Rafael,
> > > > > >
> > > > > > Good day to you, and thank you for your reply.
> > > > > >
> > > > > > Can't find anything wrong on dnsmasq.log / daemon.log, just some
> > log
> > > > > > entries related to DHCP, nothing on DNS. I masked the IP
> addresses
> > > > > > since they are public.
> > > > > >
> > > > > > ===
> > > > > > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPDISCOVER(eth0)
> X.X.X.X
> > > > > > 06:62:a8:01:13:37
> > > > > > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPOFFER(eth0) X.X.X.X
> > > > > > 06:62:a8:01:13:37
> > > > > > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPREQUEST(eth0)
> X.X.X.X
> > > > > > 06:62:a8:01:13:37
> > > > > > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPACK(eth0) X.X.X.X
> > > > > > 06:62:a8:01:13:37 yyyyyy
> > > > > > Jul 20 16:23:53 r-2606-VM dnsmasq[3519]: DHCPINFORM(eth0) X.X.X.X
> > > > > > 06:43:4a:01:12:65
> > > > > > Jul 20 16:23:53 r-2606-VM dnsmasq[3519]: DHCPACK(eth0) X.X.X.X
> > > > > > 06:43:4a:01:12:65 zzzzzz
> > > > > > ===
> > > > > >
> > > > > > Yes, the guest VMs are having difficulties resolving domains into
> > IP
> > > > > > addresses because of the problem on the VR's DNS server.
> > > > > >
> > > > > > $ host www.google.com X.X.X.X (where X.X.X.X is the IP address
> of
> > > > > > the
> > > > > VR)
> > > > > > ;; connection timed out; no servers could be reached
> > > > > >
> > > > > > However, from within the VR, I am able to resolve domains just
> > fine.
> > > > > >
> > > > > > Any advise where can I start troubleshooting this?
> > > > > >
> > > > > > Looking forward to your reply, thank you.
> > > > > >
> > > > > > Cheers.
> > > > > >
> > > > > >
> > > > > >
> > > > > > On Sun, Jul 20, 2014 at 11:26 PM, Rafael Weingartner <
> > > > > > rafaelweingartner@gmail.com> wrote:
> > > > > >
> > > > > > > Have you taken a look at dnsmasq.log in the VR ?
> > > > > > > What do you mean with not responding? The addresses are not
> being
> > > > > > resolved
> > > > > > > to ip addresses?
> > > > > > >
> > > > > > >
> > > > > > > On Sun, Jul 20, 2014 at 11:53 AM, Indra Pramana <
> indra@sg.or.id>
> > > > > wrote:
> > > > > > >
> > > > > > > > Dear all,
> > > > > > > >
> > > > > > > > All our guest VMs are having our virtual router (VR)'s IP
> > > > > > > > address on /etc/resolv.conf. In the past two weeks, I just
> > > > > > > > realised that the DNS service on the VR is not working, and
> > > > > > > > doesn't respond to DNS queries
> > > > > > from
> > > > > > > > the DNS clients on the guest VM.
> > > > > > > >
> > > > > > > > I have tried to stop and start back the VR, but the problem
> > > > persists.
> > > > > > > >
> > > > > > > > DHCP services seems to be running fine, only DNS services are
> > > > > > > > not
> > > > > > > working.
> > > > > > > > From what I understand, both services are provided by
> dnsmasq,
> > > > > correct?
> > > > > > > >
> > > > > > > > Any advice on how can I resolve the problem?
> > > > > > > >
> > > > > > > > Looking forward to your reply, thank you.
> > > > > > > >
> > > > > > > > Cheers.
> > > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > --
> > > > > > > Rafael Weingärtner
> > > > > > >
> > > > > >
> > > >
> > >
> >
>
Re: DNS service on VR not responding
Posted by Indra Pramana <in...@sg.or.id>.
Hi Vihar,
Are you referring to /etc/resolv.conf on the VR itself or on the guest VM?
On the VR itself, there are only two entries on /etc/resolv.conf pointing
to both Google public DNS servers.
On the guest VM, there are 3 entries, one to the VR and two to the Google
public DNS servers. If I commented out both Google DNS servers and only
leaving the VR IP there, I cannot resolve anything. If the VR IP is
commented out and leaving both Google DNS servers there, then I can
resolve. So the issue is confirmed due to DNS service on the VR.
But I am not too sure why it doesn't respond even though the dnsmasq
service is running.
Thank you.
On Mon, Jul 21, 2014 at 1:00 PM, Vihar <vi...@gmail.com> wrote:
> Hi ,
>
> I would like you to comment second and third IP address I.e 4.2.2.2 and
> 8.8.8.8 and uncomment the first IP which is allocated to DNS and try to
> resolve the internet. It might be resolving the queries from external DNS
> server.
>
> If you are not able to resolve the names from VR, check if the DNS service
> is running properly for the IP which act as a DNS server.
>
> Regards
> Vihar
> On Jul 21, 2014 10:19 AM, "Indra Pramana" <in...@sg.or.id> wrote:
>
> > Hi Sanjeev,
> >
> > Good day to you, and thank you for your reply.
> >
> > Yes, I can resolve domains without any issues from within the VR itself.
> >
> > root@r-2606-VM:/etc# ping yahoo.com
> > PING yahoo.com (98.139.183.24): 56 data bytes
> > 64 bytes from 98.139.183.24: icmp_seq=0 ttl=47 time=250.473 ms
> > 64 bytes from 98.139.183.24: icmp_seq=1 ttl=47 time=239.240 ms
> > 64 bytes from 98.139.183.24: icmp_seq=2 ttl=45 time=247.605 ms
> > 64 bytes from 98.139.183.24: icmp_seq=3 ttl=45 time=244.913 ms
> > ^C--- yahoo.com ping statistics ---
> > 4 packets transmitted, 4 packets received, 0% packet loss
> > round-trip min/avg/max/stddev = 239.240/245.558/250.473/4.144 ms
> >
> > root@r-2606-VM:/etc# ping google.com
> > PING google.com (74.125.68.102): 56 data bytes
> > 64 bytes from 74.125.68.102: icmp_seq=0 ttl=52 time=1.353 ms
> > 64 bytes from 74.125.68.102: icmp_seq=1 ttl=52 time=1.199 ms
> > 64 bytes from 74.125.68.102: icmp_seq=2 ttl=52 time=1.268 ms
> > 64 bytes from 74.125.68.102: icmp_seq=3 ttl=52 time=1.287 ms
> > ^C--- google.com ping statistics ---
> > 4 packets transmitted, 4 packets received, 0% packet loss
> > round-trip min/avg/max/stddev = 1.199/1.277/1.353/0.055 ms
> >
> > The VR uses 8.8.8.8 and 8.8.4.4 to resolve domains.
> >
> > root@r-2606-VM:/etc# cat /etc/resolv.conf
> > nameserver 8.8.8.8
> > nameserver 8.8.4.4
> >
> > I can ping both name servers without any issues.
> >
> > root@r-2606-VM:/etc# ping 8.8.8.8
> > PING 8.8.8.8 (8.8.8.8): 56 data bytes
> > 64 bytes from 8.8.8.8: icmp_seq=0 ttl=52 time=4.693 ms
> > 64 bytes from 8.8.8.8: icmp_seq=1 ttl=52 time=2.390 ms
> > 64 bytes from 8.8.8.8: icmp_seq=2 ttl=52 time=2.523 ms
> > 64 bytes from 8.8.8.8: icmp_seq=3 ttl=52 time=2.458 ms
> > ^C--- 8.8.8.8 ping statistics ---
> > 4 packets transmitted, 4 packets received, 0% packet loss
> > round-trip min/avg/max/stddev = 2.390/3.016/4.693/0.969 ms
> >
> > root@r-2606-VM:/etc# ping 8.8.4.4
> > PING 8.8.4.4 (8.8.4.4): 56 data bytes
> > 64 bytes from 8.8.4.4: icmp_seq=0 ttl=52 time=2.649 ms
> > 64 bytes from 8.8.4.4: icmp_seq=1 ttl=52 time=2.458 ms
> > 64 bytes from 8.8.4.4: icmp_seq=2 ttl=52 time=2.436 ms
> > 64 bytes from 8.8.4.4: icmp_seq=3 ttl=52 time=2.393 ms
> > ^C--- 8.8.4.4 ping statistics ---
> > 4 packets transmitted, 4 packets received, 0% packet loss
> > round-trip min/avg/max/stddev = 2.393/2.484/2.649/0.098 ms
> >
> > Looking forward to your reply, thank you.
> >
> > Cheers.
> >
> >
> >
> >
> > On Mon, Jul 21, 2014 at 12:18 PM, Sanjeev Neelarapu <
> > sanjeev.neelarapu@citrix.com> wrote:
> >
> > > Hi,
> > >
> > > Can you check if the VR is able to resolve the domain names by pinging
> > > from VR ?
> > >
> > > -Sanjeev
> > >
> > > -----Original Message-----
> > > From: Vihar [mailto:vih1310@gmail.com]
> > > Sent: Monday, July 21, 2014 5:43 AM
> > > To: users@cloudstack.apache.org
> > > Cc: dev@cloudstack.apache.org
> > > Subject: RE: DNS service on VR not responding
> > >
> > > Hi,
> > >
> > > Yes, if I remove or comment out the first nameserver entry for the VR's
> > > IP, and only leaving 8.8.8.8 and 8.8.4.4, guest VMs will be running
> fine
> > > and will be able to resolve domains properly."
> > >
> > > Are you able to ping the first DNS server IP address that you commented
> > > out?
> > >
> > > Regards
> > > Vihar K
> > > On Jul 20, 2014 11:29 PM, "Santhosh Edukulla" <
> > > santhosh.edukulla@citrix.com>
> > > wrote:
> > >
> > > > Do a traceroute to an external domain say google.com from guest vm,
> as
> > > > you mentioned below, both by commenting out vr ip and not, in
> > > > resolv.conf, you may see the difference.
> > > >
> > > > "Yes, if I remove or comment out the first nameserver entry for the
> > > > VR's IP, and only leaving 8.8.8.8 and 8.8.4.4, guest VMs will be
> > > > running fine and will be able to resolve domains properly."
> > > >
> > > >
> > > > Santhosh
> > > > ________________________________________
> > > > From: Indra Pramana [indra@sg.or.id]
> > > > Sent: Sunday, July 20, 2014 1:48 PM
> > > > To: users@cloudstack.apache.org
> > > > Cc: dev@cloudstack.apache.org
> > > > Subject: Re: DNS service on VR not responding
> > > >
> > > > Hi Santhosh,
> > > >
> > > > Good day to you, and thank you for your email.
> > > >
> > > > Traceroute packets seems to be dropped, I think it's by default. See
> > > > result
> > > > below:
> > > >
> > > > # traceroute X.X.X.2
> > > > traceroute to X.X.X.2 (X.X.X.2), 30 hops max, 60 byte packets
> > > > 1 * * *
> > > > 2 * * *
> > > > 3 * * *
> > > >
> > > > However, I am able to ping, and there is a response when I tried to
> > > > telnet to port 53.
> > > >
> > > > 64 bytes from X.X.X.2: icmp_req=4 ttl=64 time=2.00 ms
> > > > 64 bytes from X.X.X.2: icmp_req=5 ttl=64 time=0.291 ms
> > > > 64 bytes from X.X.X.2: icmp_req=6 ttl=64 time=0.384 ms ^C
> > > > --- X.X.X.2 ping statistics ---
> > > > 6 packets transmitted, 6 received, 0% packet loss, time 4999ms rtt
> > > > min/avg/max/mdev = 0.270/0.603/2.006/0.628 ms
> > > >
> > > > # telnet X.X.X.2 53
> > > > Trying X.X.X.2...
> > > > Connected to X.X.X.2.
> > > > Escape character is '^]'.
> > > >
> > > > netstat -a on the VR shows the service is listening on domain port
> > (53).
> > > >
> > > > tcp 0 0 r-2606-VM:domain *:*
> > > LISTEN
> > > >
> > > > tcp 0 0 X.X.X.2:domain *:* LISTEN
> > > >
> > > > udp 156992 0 r-2606-VM:domain *:*
> > > >
> > > > udp 164032 0 X.X.X.2:domain *:*
> > > >
> > > > Can you advise if there's anything else I need to check?
> > > >
> > > > Looking forward to your reply, thank you.
> > > >
> > > > Cheers.
> > > >
> > > >
> > > >
> > > >
> > > > On Mon, Jul 21, 2014 at 1:17 AM, Santhosh Edukulla <
> > > > santhosh.edukulla@citrix.com> wrote:
> > > >
> > > > > Run trace route from guest vms, the result will yield to the point
> > > > > where packet drop is happening, could be a network acl rule issue,
> > > > > but tracert command can lead to some answers.
> > > > >
> > > > > List running ports as well on VR, do a telnet to dns port on router
> > > > > from guest vm to verify for its response.
> > > > >
> > > > > Santhosh
> > > > > ________________________________________
> > > > > From: Indra Pramana [indra@sg.or.id]
> > > > > Sent: Sunday, July 20, 2014 1:06 PM
> > > > > To: users@cloudstack.apache.org
> > > > > Cc: dev@cloudstack.apache.org
> > > > > Subject: Re: DNS service on VR not responding
> > > > >
> > > > > Hi Rafael,
> > > > >
> > > > > Good day to you, and thank you for your reply.
> > > > >
> > > > > Can't find anything wrong on dnsmasq.log / daemon.log, just some
> log
> > > > > entries related to DHCP, nothing on DNS. I masked the IP addresses
> > > > > since they are public.
> > > > >
> > > > > ===
> > > > > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPDISCOVER(eth0) X.X.X.X
> > > > > 06:62:a8:01:13:37
> > > > > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPOFFER(eth0) X.X.X.X
> > > > > 06:62:a8:01:13:37
> > > > > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPREQUEST(eth0) X.X.X.X
> > > > > 06:62:a8:01:13:37
> > > > > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPACK(eth0) X.X.X.X
> > > > > 06:62:a8:01:13:37 yyyyyy
> > > > > Jul 20 16:23:53 r-2606-VM dnsmasq[3519]: DHCPINFORM(eth0) X.X.X.X
> > > > > 06:43:4a:01:12:65
> > > > > Jul 20 16:23:53 r-2606-VM dnsmasq[3519]: DHCPACK(eth0) X.X.X.X
> > > > > 06:43:4a:01:12:65 zzzzzz
> > > > > ===
> > > > >
> > > > > Yes, the guest VMs are having difficulties resolving domains into
> IP
> > > > > addresses because of the problem on the VR's DNS server.
> > > > >
> > > > > $ host www.google.com X.X.X.X (where X.X.X.X is the IP address of
> > > > > the
> > > > VR)
> > > > > ;; connection timed out; no servers could be reached
> > > > >
> > > > > However, from within the VR, I am able to resolve domains just
> fine.
> > > > >
> > > > > Any advise where can I start troubleshooting this?
> > > > >
> > > > > Looking forward to your reply, thank you.
> > > > >
> > > > > Cheers.
> > > > >
> > > > >
> > > > >
> > > > > On Sun, Jul 20, 2014 at 11:26 PM, Rafael Weingartner <
> > > > > rafaelweingartner@gmail.com> wrote:
> > > > >
> > > > > > Have you taken a look at dnsmasq.log in the VR ?
> > > > > > What do you mean with not responding? The addresses are not being
> > > > > resolved
> > > > > > to ip addresses?
> > > > > >
> > > > > >
> > > > > > On Sun, Jul 20, 2014 at 11:53 AM, Indra Pramana <in...@sg.or.id>
> > > > wrote:
> > > > > >
> > > > > > > Dear all,
> > > > > > >
> > > > > > > All our guest VMs are having our virtual router (VR)'s IP
> > > > > > > address on /etc/resolv.conf. In the past two weeks, I just
> > > > > > > realised that the DNS service on the VR is not working, and
> > > > > > > doesn't respond to DNS queries
> > > > > from
> > > > > > > the DNS clients on the guest VM.
> > > > > > >
> > > > > > > I have tried to stop and start back the VR, but the problem
> > > persists.
> > > > > > >
> > > > > > > DHCP services seems to be running fine, only DNS services are
> > > > > > > not
> > > > > > working.
> > > > > > > From what I understand, both services are provided by dnsmasq,
> > > > correct?
> > > > > > >
> > > > > > > Any advice on how can I resolve the problem?
> > > > > > >
> > > > > > > Looking forward to your reply, thank you.
> > > > > > >
> > > > > > > Cheers.
> > > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > --
> > > > > > Rafael Weingärtner
> > > > > >
> > > > >
> > >
> >
>
Re: DNS service on VR not responding
Posted by Indra Pramana <in...@sg.or.id>.
Hi Vihar,
Are you referring to /etc/resolv.conf on the VR itself or on the guest VM?
On the VR itself, there are only two entries on /etc/resolv.conf pointing
to both Google public DNS servers.
On the guest VM, there are 3 entries, one to the VR and two to the Google
public DNS servers. If I commented out both Google DNS servers and only
leaving the VR IP there, I cannot resolve anything. If the VR IP is
commented out and leaving both Google DNS servers there, then I can
resolve. So the issue is confirmed due to DNS service on the VR.
But I am not too sure why it doesn't respond even though the dnsmasq
service is running.
Thank you.
On Mon, Jul 21, 2014 at 1:00 PM, Vihar <vi...@gmail.com> wrote:
> Hi ,
>
> I would like you to comment second and third IP address I.e 4.2.2.2 and
> 8.8.8.8 and uncomment the first IP which is allocated to DNS and try to
> resolve the internet. It might be resolving the queries from external DNS
> server.
>
> If you are not able to resolve the names from VR, check if the DNS service
> is running properly for the IP which act as a DNS server.
>
> Regards
> Vihar
> On Jul 21, 2014 10:19 AM, "Indra Pramana" <in...@sg.or.id> wrote:
>
> > Hi Sanjeev,
> >
> > Good day to you, and thank you for your reply.
> >
> > Yes, I can resolve domains without any issues from within the VR itself.
> >
> > root@r-2606-VM:/etc# ping yahoo.com
> > PING yahoo.com (98.139.183.24): 56 data bytes
> > 64 bytes from 98.139.183.24: icmp_seq=0 ttl=47 time=250.473 ms
> > 64 bytes from 98.139.183.24: icmp_seq=1 ttl=47 time=239.240 ms
> > 64 bytes from 98.139.183.24: icmp_seq=2 ttl=45 time=247.605 ms
> > 64 bytes from 98.139.183.24: icmp_seq=3 ttl=45 time=244.913 ms
> > ^C--- yahoo.com ping statistics ---
> > 4 packets transmitted, 4 packets received, 0% packet loss
> > round-trip min/avg/max/stddev = 239.240/245.558/250.473/4.144 ms
> >
> > root@r-2606-VM:/etc# ping google.com
> > PING google.com (74.125.68.102): 56 data bytes
> > 64 bytes from 74.125.68.102: icmp_seq=0 ttl=52 time=1.353 ms
> > 64 bytes from 74.125.68.102: icmp_seq=1 ttl=52 time=1.199 ms
> > 64 bytes from 74.125.68.102: icmp_seq=2 ttl=52 time=1.268 ms
> > 64 bytes from 74.125.68.102: icmp_seq=3 ttl=52 time=1.287 ms
> > ^C--- google.com ping statistics ---
> > 4 packets transmitted, 4 packets received, 0% packet loss
> > round-trip min/avg/max/stddev = 1.199/1.277/1.353/0.055 ms
> >
> > The VR uses 8.8.8.8 and 8.8.4.4 to resolve domains.
> >
> > root@r-2606-VM:/etc# cat /etc/resolv.conf
> > nameserver 8.8.8.8
> > nameserver 8.8.4.4
> >
> > I can ping both name servers without any issues.
> >
> > root@r-2606-VM:/etc# ping 8.8.8.8
> > PING 8.8.8.8 (8.8.8.8): 56 data bytes
> > 64 bytes from 8.8.8.8: icmp_seq=0 ttl=52 time=4.693 ms
> > 64 bytes from 8.8.8.8: icmp_seq=1 ttl=52 time=2.390 ms
> > 64 bytes from 8.8.8.8: icmp_seq=2 ttl=52 time=2.523 ms
> > 64 bytes from 8.8.8.8: icmp_seq=3 ttl=52 time=2.458 ms
> > ^C--- 8.8.8.8 ping statistics ---
> > 4 packets transmitted, 4 packets received, 0% packet loss
> > round-trip min/avg/max/stddev = 2.390/3.016/4.693/0.969 ms
> >
> > root@r-2606-VM:/etc# ping 8.8.4.4
> > PING 8.8.4.4 (8.8.4.4): 56 data bytes
> > 64 bytes from 8.8.4.4: icmp_seq=0 ttl=52 time=2.649 ms
> > 64 bytes from 8.8.4.4: icmp_seq=1 ttl=52 time=2.458 ms
> > 64 bytes from 8.8.4.4: icmp_seq=2 ttl=52 time=2.436 ms
> > 64 bytes from 8.8.4.4: icmp_seq=3 ttl=52 time=2.393 ms
> > ^C--- 8.8.4.4 ping statistics ---
> > 4 packets transmitted, 4 packets received, 0% packet loss
> > round-trip min/avg/max/stddev = 2.393/2.484/2.649/0.098 ms
> >
> > Looking forward to your reply, thank you.
> >
> > Cheers.
> >
> >
> >
> >
> > On Mon, Jul 21, 2014 at 12:18 PM, Sanjeev Neelarapu <
> > sanjeev.neelarapu@citrix.com> wrote:
> >
> > > Hi,
> > >
> > > Can you check if the VR is able to resolve the domain names by pinging
> > > from VR ?
> > >
> > > -Sanjeev
> > >
> > > -----Original Message-----
> > > From: Vihar [mailto:vih1310@gmail.com]
> > > Sent: Monday, July 21, 2014 5:43 AM
> > > To: users@cloudstack.apache.org
> > > Cc: dev@cloudstack.apache.org
> > > Subject: RE: DNS service on VR not responding
> > >
> > > Hi,
> > >
> > > Yes, if I remove or comment out the first nameserver entry for the VR's
> > > IP, and only leaving 8.8.8.8 and 8.8.4.4, guest VMs will be running
> fine
> > > and will be able to resolve domains properly."
> > >
> > > Are you able to ping the first DNS server IP address that you commented
> > > out?
> > >
> > > Regards
> > > Vihar K
> > > On Jul 20, 2014 11:29 PM, "Santhosh Edukulla" <
> > > santhosh.edukulla@citrix.com>
> > > wrote:
> > >
> > > > Do a traceroute to an external domain say google.com from guest vm,
> as
> > > > you mentioned below, both by commenting out vr ip and not, in
> > > > resolv.conf, you may see the difference.
> > > >
> > > > "Yes, if I remove or comment out the first nameserver entry for the
> > > > VR's IP, and only leaving 8.8.8.8 and 8.8.4.4, guest VMs will be
> > > > running fine and will be able to resolve domains properly."
> > > >
> > > >
> > > > Santhosh
> > > > ________________________________________
> > > > From: Indra Pramana [indra@sg.or.id]
> > > > Sent: Sunday, July 20, 2014 1:48 PM
> > > > To: users@cloudstack.apache.org
> > > > Cc: dev@cloudstack.apache.org
> > > > Subject: Re: DNS service on VR not responding
> > > >
> > > > Hi Santhosh,
> > > >
> > > > Good day to you, and thank you for your email.
> > > >
> > > > Traceroute packets seems to be dropped, I think it's by default. See
> > > > result
> > > > below:
> > > >
> > > > # traceroute X.X.X.2
> > > > traceroute to X.X.X.2 (X.X.X.2), 30 hops max, 60 byte packets
> > > > 1 * * *
> > > > 2 * * *
> > > > 3 * * *
> > > >
> > > > However, I am able to ping, and there is a response when I tried to
> > > > telnet to port 53.
> > > >
> > > > 64 bytes from X.X.X.2: icmp_req=4 ttl=64 time=2.00 ms
> > > > 64 bytes from X.X.X.2: icmp_req=5 ttl=64 time=0.291 ms
> > > > 64 bytes from X.X.X.2: icmp_req=6 ttl=64 time=0.384 ms ^C
> > > > --- X.X.X.2 ping statistics ---
> > > > 6 packets transmitted, 6 received, 0% packet loss, time 4999ms rtt
> > > > min/avg/max/mdev = 0.270/0.603/2.006/0.628 ms
> > > >
> > > > # telnet X.X.X.2 53
> > > > Trying X.X.X.2...
> > > > Connected to X.X.X.2.
> > > > Escape character is '^]'.
> > > >
> > > > netstat -a on the VR shows the service is listening on domain port
> > (53).
> > > >
> > > > tcp 0 0 r-2606-VM:domain *:*
> > > LISTEN
> > > >
> > > > tcp 0 0 X.X.X.2:domain *:* LISTEN
> > > >
> > > > udp 156992 0 r-2606-VM:domain *:*
> > > >
> > > > udp 164032 0 X.X.X.2:domain *:*
> > > >
> > > > Can you advise if there's anything else I need to check?
> > > >
> > > > Looking forward to your reply, thank you.
> > > >
> > > > Cheers.
> > > >
> > > >
> > > >
> > > >
> > > > On Mon, Jul 21, 2014 at 1:17 AM, Santhosh Edukulla <
> > > > santhosh.edukulla@citrix.com> wrote:
> > > >
> > > > > Run trace route from guest vms, the result will yield to the point
> > > > > where packet drop is happening, could be a network acl rule issue,
> > > > > but tracert command can lead to some answers.
> > > > >
> > > > > List running ports as well on VR, do a telnet to dns port on router
> > > > > from guest vm to verify for its response.
> > > > >
> > > > > Santhosh
> > > > > ________________________________________
> > > > > From: Indra Pramana [indra@sg.or.id]
> > > > > Sent: Sunday, July 20, 2014 1:06 PM
> > > > > To: users@cloudstack.apache.org
> > > > > Cc: dev@cloudstack.apache.org
> > > > > Subject: Re: DNS service on VR not responding
> > > > >
> > > > > Hi Rafael,
> > > > >
> > > > > Good day to you, and thank you for your reply.
> > > > >
> > > > > Can't find anything wrong on dnsmasq.log / daemon.log, just some
> log
> > > > > entries related to DHCP, nothing on DNS. I masked the IP addresses
> > > > > since they are public.
> > > > >
> > > > > ===
> > > > > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPDISCOVER(eth0) X.X.X.X
> > > > > 06:62:a8:01:13:37
> > > > > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPOFFER(eth0) X.X.X.X
> > > > > 06:62:a8:01:13:37
> > > > > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPREQUEST(eth0) X.X.X.X
> > > > > 06:62:a8:01:13:37
> > > > > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPACK(eth0) X.X.X.X
> > > > > 06:62:a8:01:13:37 yyyyyy
> > > > > Jul 20 16:23:53 r-2606-VM dnsmasq[3519]: DHCPINFORM(eth0) X.X.X.X
> > > > > 06:43:4a:01:12:65
> > > > > Jul 20 16:23:53 r-2606-VM dnsmasq[3519]: DHCPACK(eth0) X.X.X.X
> > > > > 06:43:4a:01:12:65 zzzzzz
> > > > > ===
> > > > >
> > > > > Yes, the guest VMs are having difficulties resolving domains into
> IP
> > > > > addresses because of the problem on the VR's DNS server.
> > > > >
> > > > > $ host www.google.com X.X.X.X (where X.X.X.X is the IP address of
> > > > > the
> > > > VR)
> > > > > ;; connection timed out; no servers could be reached
> > > > >
> > > > > However, from within the VR, I am able to resolve domains just
> fine.
> > > > >
> > > > > Any advise where can I start troubleshooting this?
> > > > >
> > > > > Looking forward to your reply, thank you.
> > > > >
> > > > > Cheers.
> > > > >
> > > > >
> > > > >
> > > > > On Sun, Jul 20, 2014 at 11:26 PM, Rafael Weingartner <
> > > > > rafaelweingartner@gmail.com> wrote:
> > > > >
> > > > > > Have you taken a look at dnsmasq.log in the VR ?
> > > > > > What do you mean with not responding? The addresses are not being
> > > > > resolved
> > > > > > to ip addresses?
> > > > > >
> > > > > >
> > > > > > On Sun, Jul 20, 2014 at 11:53 AM, Indra Pramana <in...@sg.or.id>
> > > > wrote:
> > > > > >
> > > > > > > Dear all,
> > > > > > >
> > > > > > > All our guest VMs are having our virtual router (VR)'s IP
> > > > > > > address on /etc/resolv.conf. In the past two weeks, I just
> > > > > > > realised that the DNS service on the VR is not working, and
> > > > > > > doesn't respond to DNS queries
> > > > > from
> > > > > > > the DNS clients on the guest VM.
> > > > > > >
> > > > > > > I have tried to stop and start back the VR, but the problem
> > > persists.
> > > > > > >
> > > > > > > DHCP services seems to be running fine, only DNS services are
> > > > > > > not
> > > > > > working.
> > > > > > > From what I understand, both services are provided by dnsmasq,
> > > > correct?
> > > > > > >
> > > > > > > Any advice on how can I resolve the problem?
> > > > > > >
> > > > > > > Looking forward to your reply, thank you.
> > > > > > >
> > > > > > > Cheers.
> > > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > --
> > > > > > Rafael Weingärtner
> > > > > >
> > > > >
> > >
> >
>
Re: DNS service on VR not responding
Posted by Vihar <vi...@gmail.com>.
Hi ,
I would like you to comment second and third IP address I.e 4.2.2.2 and
8.8.8.8 and uncomment the first IP which is allocated to DNS and try to
resolve the internet. It might be resolving the queries from external DNS
server.
If you are not able to resolve the names from VR, check if the DNS service
is running properly for the IP which act as a DNS server.
Regards
Vihar
On Jul 21, 2014 10:19 AM, "Indra Pramana" <in...@sg.or.id> wrote:
> Hi Sanjeev,
>
> Good day to you, and thank you for your reply.
>
> Yes, I can resolve domains without any issues from within the VR itself.
>
> root@r-2606-VM:/etc# ping yahoo.com
> PING yahoo.com (98.139.183.24): 56 data bytes
> 64 bytes from 98.139.183.24: icmp_seq=0 ttl=47 time=250.473 ms
> 64 bytes from 98.139.183.24: icmp_seq=1 ttl=47 time=239.240 ms
> 64 bytes from 98.139.183.24: icmp_seq=2 ttl=45 time=247.605 ms
> 64 bytes from 98.139.183.24: icmp_seq=3 ttl=45 time=244.913 ms
> ^C--- yahoo.com ping statistics ---
> 4 packets transmitted, 4 packets received, 0% packet loss
> round-trip min/avg/max/stddev = 239.240/245.558/250.473/4.144 ms
>
> root@r-2606-VM:/etc# ping google.com
> PING google.com (74.125.68.102): 56 data bytes
> 64 bytes from 74.125.68.102: icmp_seq=0 ttl=52 time=1.353 ms
> 64 bytes from 74.125.68.102: icmp_seq=1 ttl=52 time=1.199 ms
> 64 bytes from 74.125.68.102: icmp_seq=2 ttl=52 time=1.268 ms
> 64 bytes from 74.125.68.102: icmp_seq=3 ttl=52 time=1.287 ms
> ^C--- google.com ping statistics ---
> 4 packets transmitted, 4 packets received, 0% packet loss
> round-trip min/avg/max/stddev = 1.199/1.277/1.353/0.055 ms
>
> The VR uses 8.8.8.8 and 8.8.4.4 to resolve domains.
>
> root@r-2606-VM:/etc# cat /etc/resolv.conf
> nameserver 8.8.8.8
> nameserver 8.8.4.4
>
> I can ping both name servers without any issues.
>
> root@r-2606-VM:/etc# ping 8.8.8.8
> PING 8.8.8.8 (8.8.8.8): 56 data bytes
> 64 bytes from 8.8.8.8: icmp_seq=0 ttl=52 time=4.693 ms
> 64 bytes from 8.8.8.8: icmp_seq=1 ttl=52 time=2.390 ms
> 64 bytes from 8.8.8.8: icmp_seq=2 ttl=52 time=2.523 ms
> 64 bytes from 8.8.8.8: icmp_seq=3 ttl=52 time=2.458 ms
> ^C--- 8.8.8.8 ping statistics ---
> 4 packets transmitted, 4 packets received, 0% packet loss
> round-trip min/avg/max/stddev = 2.390/3.016/4.693/0.969 ms
>
> root@r-2606-VM:/etc# ping 8.8.4.4
> PING 8.8.4.4 (8.8.4.4): 56 data bytes
> 64 bytes from 8.8.4.4: icmp_seq=0 ttl=52 time=2.649 ms
> 64 bytes from 8.8.4.4: icmp_seq=1 ttl=52 time=2.458 ms
> 64 bytes from 8.8.4.4: icmp_seq=2 ttl=52 time=2.436 ms
> 64 bytes from 8.8.4.4: icmp_seq=3 ttl=52 time=2.393 ms
> ^C--- 8.8.4.4 ping statistics ---
> 4 packets transmitted, 4 packets received, 0% packet loss
> round-trip min/avg/max/stddev = 2.393/2.484/2.649/0.098 ms
>
> Looking forward to your reply, thank you.
>
> Cheers.
>
>
>
>
> On Mon, Jul 21, 2014 at 12:18 PM, Sanjeev Neelarapu <
> sanjeev.neelarapu@citrix.com> wrote:
>
> > Hi,
> >
> > Can you check if the VR is able to resolve the domain names by pinging
> > from VR ?
> >
> > -Sanjeev
> >
> > -----Original Message-----
> > From: Vihar [mailto:vih1310@gmail.com]
> > Sent: Monday, July 21, 2014 5:43 AM
> > To: users@cloudstack.apache.org
> > Cc: dev@cloudstack.apache.org
> > Subject: RE: DNS service on VR not responding
> >
> > Hi,
> >
> > Yes, if I remove or comment out the first nameserver entry for the VR's
> > IP, and only leaving 8.8.8.8 and 8.8.4.4, guest VMs will be running fine
> > and will be able to resolve domains properly."
> >
> > Are you able to ping the first DNS server IP address that you commented
> > out?
> >
> > Regards
> > Vihar K
> > On Jul 20, 2014 11:29 PM, "Santhosh Edukulla" <
> > santhosh.edukulla@citrix.com>
> > wrote:
> >
> > > Do a traceroute to an external domain say google.com from guest vm, as
> > > you mentioned below, both by commenting out vr ip and not, in
> > > resolv.conf, you may see the difference.
> > >
> > > "Yes, if I remove or comment out the first nameserver entry for the
> > > VR's IP, and only leaving 8.8.8.8 and 8.8.4.4, guest VMs will be
> > > running fine and will be able to resolve domains properly."
> > >
> > >
> > > Santhosh
> > > ________________________________________
> > > From: Indra Pramana [indra@sg.or.id]
> > > Sent: Sunday, July 20, 2014 1:48 PM
> > > To: users@cloudstack.apache.org
> > > Cc: dev@cloudstack.apache.org
> > > Subject: Re: DNS service on VR not responding
> > >
> > > Hi Santhosh,
> > >
> > > Good day to you, and thank you for your email.
> > >
> > > Traceroute packets seems to be dropped, I think it's by default. See
> > > result
> > > below:
> > >
> > > # traceroute X.X.X.2
> > > traceroute to X.X.X.2 (X.X.X.2), 30 hops max, 60 byte packets
> > > 1 * * *
> > > 2 * * *
> > > 3 * * *
> > >
> > > However, I am able to ping, and there is a response when I tried to
> > > telnet to port 53.
> > >
> > > 64 bytes from X.X.X.2: icmp_req=4 ttl=64 time=2.00 ms
> > > 64 bytes from X.X.X.2: icmp_req=5 ttl=64 time=0.291 ms
> > > 64 bytes from X.X.X.2: icmp_req=6 ttl=64 time=0.384 ms ^C
> > > --- X.X.X.2 ping statistics ---
> > > 6 packets transmitted, 6 received, 0% packet loss, time 4999ms rtt
> > > min/avg/max/mdev = 0.270/0.603/2.006/0.628 ms
> > >
> > > # telnet X.X.X.2 53
> > > Trying X.X.X.2...
> > > Connected to X.X.X.2.
> > > Escape character is '^]'.
> > >
> > > netstat -a on the VR shows the service is listening on domain port
> (53).
> > >
> > > tcp 0 0 r-2606-VM:domain *:*
> > LISTEN
> > >
> > > tcp 0 0 X.X.X.2:domain *:* LISTEN
> > >
> > > udp 156992 0 r-2606-VM:domain *:*
> > >
> > > udp 164032 0 X.X.X.2:domain *:*
> > >
> > > Can you advise if there's anything else I need to check?
> > >
> > > Looking forward to your reply, thank you.
> > >
> > > Cheers.
> > >
> > >
> > >
> > >
> > > On Mon, Jul 21, 2014 at 1:17 AM, Santhosh Edukulla <
> > > santhosh.edukulla@citrix.com> wrote:
> > >
> > > > Run trace route from guest vms, the result will yield to the point
> > > > where packet drop is happening, could be a network acl rule issue,
> > > > but tracert command can lead to some answers.
> > > >
> > > > List running ports as well on VR, do a telnet to dns port on router
> > > > from guest vm to verify for its response.
> > > >
> > > > Santhosh
> > > > ________________________________________
> > > > From: Indra Pramana [indra@sg.or.id]
> > > > Sent: Sunday, July 20, 2014 1:06 PM
> > > > To: users@cloudstack.apache.org
> > > > Cc: dev@cloudstack.apache.org
> > > > Subject: Re: DNS service on VR not responding
> > > >
> > > > Hi Rafael,
> > > >
> > > > Good day to you, and thank you for your reply.
> > > >
> > > > Can't find anything wrong on dnsmasq.log / daemon.log, just some log
> > > > entries related to DHCP, nothing on DNS. I masked the IP addresses
> > > > since they are public.
> > > >
> > > > ===
> > > > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPDISCOVER(eth0) X.X.X.X
> > > > 06:62:a8:01:13:37
> > > > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPOFFER(eth0) X.X.X.X
> > > > 06:62:a8:01:13:37
> > > > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPREQUEST(eth0) X.X.X.X
> > > > 06:62:a8:01:13:37
> > > > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPACK(eth0) X.X.X.X
> > > > 06:62:a8:01:13:37 yyyyyy
> > > > Jul 20 16:23:53 r-2606-VM dnsmasq[3519]: DHCPINFORM(eth0) X.X.X.X
> > > > 06:43:4a:01:12:65
> > > > Jul 20 16:23:53 r-2606-VM dnsmasq[3519]: DHCPACK(eth0) X.X.X.X
> > > > 06:43:4a:01:12:65 zzzzzz
> > > > ===
> > > >
> > > > Yes, the guest VMs are having difficulties resolving domains into IP
> > > > addresses because of the problem on the VR's DNS server.
> > > >
> > > > $ host www.google.com X.X.X.X (where X.X.X.X is the IP address of
> > > > the
> > > VR)
> > > > ;; connection timed out; no servers could be reached
> > > >
> > > > However, from within the VR, I am able to resolve domains just fine.
> > > >
> > > > Any advise where can I start troubleshooting this?
> > > >
> > > > Looking forward to your reply, thank you.
> > > >
> > > > Cheers.
> > > >
> > > >
> > > >
> > > > On Sun, Jul 20, 2014 at 11:26 PM, Rafael Weingartner <
> > > > rafaelweingartner@gmail.com> wrote:
> > > >
> > > > > Have you taken a look at dnsmasq.log in the VR ?
> > > > > What do you mean with not responding? The addresses are not being
> > > > resolved
> > > > > to ip addresses?
> > > > >
> > > > >
> > > > > On Sun, Jul 20, 2014 at 11:53 AM, Indra Pramana <in...@sg.or.id>
> > > wrote:
> > > > >
> > > > > > Dear all,
> > > > > >
> > > > > > All our guest VMs are having our virtual router (VR)'s IP
> > > > > > address on /etc/resolv.conf. In the past two weeks, I just
> > > > > > realised that the DNS service on the VR is not working, and
> > > > > > doesn't respond to DNS queries
> > > > from
> > > > > > the DNS clients on the guest VM.
> > > > > >
> > > > > > I have tried to stop and start back the VR, but the problem
> > persists.
> > > > > >
> > > > > > DHCP services seems to be running fine, only DNS services are
> > > > > > not
> > > > > working.
> > > > > > From what I understand, both services are provided by dnsmasq,
> > > correct?
> > > > > >
> > > > > > Any advice on how can I resolve the problem?
> > > > > >
> > > > > > Looking forward to your reply, thank you.
> > > > > >
> > > > > > Cheers.
> > > > > >
> > > > >
> > > > >
> > > > >
> > > > > --
> > > > > Rafael Weingärtner
> > > > >
> > > >
> >
>
Re: DNS service on VR not responding
Posted by Indra Pramana <in...@sg.or.id>.
Hi Sanjeev,
Good day to you, and thank you for your reply.
Yes, I can resolve domains without any issues from within the VR itself.
root@r-2606-VM:/etc# ping yahoo.com
PING yahoo.com (98.139.183.24): 56 data bytes
64 bytes from 98.139.183.24: icmp_seq=0 ttl=47 time=250.473 ms
64 bytes from 98.139.183.24: icmp_seq=1 ttl=47 time=239.240 ms
64 bytes from 98.139.183.24: icmp_seq=2 ttl=45 time=247.605 ms
64 bytes from 98.139.183.24: icmp_seq=3 ttl=45 time=244.913 ms
^C--- yahoo.com ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max/stddev = 239.240/245.558/250.473/4.144 ms
root@r-2606-VM:/etc# ping google.com
PING google.com (74.125.68.102): 56 data bytes
64 bytes from 74.125.68.102: icmp_seq=0 ttl=52 time=1.353 ms
64 bytes from 74.125.68.102: icmp_seq=1 ttl=52 time=1.199 ms
64 bytes from 74.125.68.102: icmp_seq=2 ttl=52 time=1.268 ms
64 bytes from 74.125.68.102: icmp_seq=3 ttl=52 time=1.287 ms
^C--- google.com ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max/stddev = 1.199/1.277/1.353/0.055 ms
The VR uses 8.8.8.8 and 8.8.4.4 to resolve domains.
root@r-2606-VM:/etc# cat /etc/resolv.conf
nameserver 8.8.8.8
nameserver 8.8.4.4
I can ping both name servers without any issues.
root@r-2606-VM:/etc# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: icmp_seq=0 ttl=52 time=4.693 ms
64 bytes from 8.8.8.8: icmp_seq=1 ttl=52 time=2.390 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=52 time=2.523 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=52 time=2.458 ms
^C--- 8.8.8.8 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max/stddev = 2.390/3.016/4.693/0.969 ms
root@r-2606-VM:/etc# ping 8.8.4.4
PING 8.8.4.4 (8.8.4.4): 56 data bytes
64 bytes from 8.8.4.4: icmp_seq=0 ttl=52 time=2.649 ms
64 bytes from 8.8.4.4: icmp_seq=1 ttl=52 time=2.458 ms
64 bytes from 8.8.4.4: icmp_seq=2 ttl=52 time=2.436 ms
64 bytes from 8.8.4.4: icmp_seq=3 ttl=52 time=2.393 ms
^C--- 8.8.4.4 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max/stddev = 2.393/2.484/2.649/0.098 ms
Looking forward to your reply, thank you.
Cheers.
On Mon, Jul 21, 2014 at 12:18 PM, Sanjeev Neelarapu <
sanjeev.neelarapu@citrix.com> wrote:
> Hi,
>
> Can you check if the VR is able to resolve the domain names by pinging
> from VR ?
>
> -Sanjeev
>
> -----Original Message-----
> From: Vihar [mailto:vih1310@gmail.com]
> Sent: Monday, July 21, 2014 5:43 AM
> To: users@cloudstack.apache.org
> Cc: dev@cloudstack.apache.org
> Subject: RE: DNS service on VR not responding
>
> Hi,
>
> Yes, if I remove or comment out the first nameserver entry for the VR's
> IP, and only leaving 8.8.8.8 and 8.8.4.4, guest VMs will be running fine
> and will be able to resolve domains properly."
>
> Are you able to ping the first DNS server IP address that you commented
> out?
>
> Regards
> Vihar K
> On Jul 20, 2014 11:29 PM, "Santhosh Edukulla" <
> santhosh.edukulla@citrix.com>
> wrote:
>
> > Do a traceroute to an external domain say google.com from guest vm, as
> > you mentioned below, both by commenting out vr ip and not, in
> > resolv.conf, you may see the difference.
> >
> > "Yes, if I remove or comment out the first nameserver entry for the
> > VR's IP, and only leaving 8.8.8.8 and 8.8.4.4, guest VMs will be
> > running fine and will be able to resolve domains properly."
> >
> >
> > Santhosh
> > ________________________________________
> > From: Indra Pramana [indra@sg.or.id]
> > Sent: Sunday, July 20, 2014 1:48 PM
> > To: users@cloudstack.apache.org
> > Cc: dev@cloudstack.apache.org
> > Subject: Re: DNS service on VR not responding
> >
> > Hi Santhosh,
> >
> > Good day to you, and thank you for your email.
> >
> > Traceroute packets seems to be dropped, I think it's by default. See
> > result
> > below:
> >
> > # traceroute X.X.X.2
> > traceroute to X.X.X.2 (X.X.X.2), 30 hops max, 60 byte packets
> > 1 * * *
> > 2 * * *
> > 3 * * *
> >
> > However, I am able to ping, and there is a response when I tried to
> > telnet to port 53.
> >
> > 64 bytes from X.X.X.2: icmp_req=4 ttl=64 time=2.00 ms
> > 64 bytes from X.X.X.2: icmp_req=5 ttl=64 time=0.291 ms
> > 64 bytes from X.X.X.2: icmp_req=6 ttl=64 time=0.384 ms ^C
> > --- X.X.X.2 ping statistics ---
> > 6 packets transmitted, 6 received, 0% packet loss, time 4999ms rtt
> > min/avg/max/mdev = 0.270/0.603/2.006/0.628 ms
> >
> > # telnet X.X.X.2 53
> > Trying X.X.X.2...
> > Connected to X.X.X.2.
> > Escape character is '^]'.
> >
> > netstat -a on the VR shows the service is listening on domain port (53).
> >
> > tcp 0 0 r-2606-VM:domain *:*
> LISTEN
> >
> > tcp 0 0 X.X.X.2:domain *:* LISTEN
> >
> > udp 156992 0 r-2606-VM:domain *:*
> >
> > udp 164032 0 X.X.X.2:domain *:*
> >
> > Can you advise if there's anything else I need to check?
> >
> > Looking forward to your reply, thank you.
> >
> > Cheers.
> >
> >
> >
> >
> > On Mon, Jul 21, 2014 at 1:17 AM, Santhosh Edukulla <
> > santhosh.edukulla@citrix.com> wrote:
> >
> > > Run trace route from guest vms, the result will yield to the point
> > > where packet drop is happening, could be a network acl rule issue,
> > > but tracert command can lead to some answers.
> > >
> > > List running ports as well on VR, do a telnet to dns port on router
> > > from guest vm to verify for its response.
> > >
> > > Santhosh
> > > ________________________________________
> > > From: Indra Pramana [indra@sg.or.id]
> > > Sent: Sunday, July 20, 2014 1:06 PM
> > > To: users@cloudstack.apache.org
> > > Cc: dev@cloudstack.apache.org
> > > Subject: Re: DNS service on VR not responding
> > >
> > > Hi Rafael,
> > >
> > > Good day to you, and thank you for your reply.
> > >
> > > Can't find anything wrong on dnsmasq.log / daemon.log, just some log
> > > entries related to DHCP, nothing on DNS. I masked the IP addresses
> > > since they are public.
> > >
> > > ===
> > > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPDISCOVER(eth0) X.X.X.X
> > > 06:62:a8:01:13:37
> > > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPOFFER(eth0) X.X.X.X
> > > 06:62:a8:01:13:37
> > > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPREQUEST(eth0) X.X.X.X
> > > 06:62:a8:01:13:37
> > > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPACK(eth0) X.X.X.X
> > > 06:62:a8:01:13:37 yyyyyy
> > > Jul 20 16:23:53 r-2606-VM dnsmasq[3519]: DHCPINFORM(eth0) X.X.X.X
> > > 06:43:4a:01:12:65
> > > Jul 20 16:23:53 r-2606-VM dnsmasq[3519]: DHCPACK(eth0) X.X.X.X
> > > 06:43:4a:01:12:65 zzzzzz
> > > ===
> > >
> > > Yes, the guest VMs are having difficulties resolving domains into IP
> > > addresses because of the problem on the VR's DNS server.
> > >
> > > $ host www.google.com X.X.X.X (where X.X.X.X is the IP address of
> > > the
> > VR)
> > > ;; connection timed out; no servers could be reached
> > >
> > > However, from within the VR, I am able to resolve domains just fine.
> > >
> > > Any advise where can I start troubleshooting this?
> > >
> > > Looking forward to your reply, thank you.
> > >
> > > Cheers.
> > >
> > >
> > >
> > > On Sun, Jul 20, 2014 at 11:26 PM, Rafael Weingartner <
> > > rafaelweingartner@gmail.com> wrote:
> > >
> > > > Have you taken a look at dnsmasq.log in the VR ?
> > > > What do you mean with not responding? The addresses are not being
> > > resolved
> > > > to ip addresses?
> > > >
> > > >
> > > > On Sun, Jul 20, 2014 at 11:53 AM, Indra Pramana <in...@sg.or.id>
> > wrote:
> > > >
> > > > > Dear all,
> > > > >
> > > > > All our guest VMs are having our virtual router (VR)'s IP
> > > > > address on /etc/resolv.conf. In the past two weeks, I just
> > > > > realised that the DNS service on the VR is not working, and
> > > > > doesn't respond to DNS queries
> > > from
> > > > > the DNS clients on the guest VM.
> > > > >
> > > > > I have tried to stop and start back the VR, but the problem
> persists.
> > > > >
> > > > > DHCP services seems to be running fine, only DNS services are
> > > > > not
> > > > working.
> > > > > From what I understand, both services are provided by dnsmasq,
> > correct?
> > > > >
> > > > > Any advice on how can I resolve the problem?
> > > > >
> > > > > Looking forward to your reply, thank you.
> > > > >
> > > > > Cheers.
> > > > >
> > > >
> > > >
> > > >
> > > > --
> > > > Rafael Weingärtner
> > > >
> > >
>
Re: DNS service on VR not responding
Posted by Indra Pramana <in...@sg.or.id>.
Hi Sanjeev,
Good day to you, and thank you for your reply.
Yes, I can resolve domains without any issues from within the VR itself.
root@r-2606-VM:/etc# ping yahoo.com
PING yahoo.com (98.139.183.24): 56 data bytes
64 bytes from 98.139.183.24: icmp_seq=0 ttl=47 time=250.473 ms
64 bytes from 98.139.183.24: icmp_seq=1 ttl=47 time=239.240 ms
64 bytes from 98.139.183.24: icmp_seq=2 ttl=45 time=247.605 ms
64 bytes from 98.139.183.24: icmp_seq=3 ttl=45 time=244.913 ms
^C--- yahoo.com ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max/stddev = 239.240/245.558/250.473/4.144 ms
root@r-2606-VM:/etc# ping google.com
PING google.com (74.125.68.102): 56 data bytes
64 bytes from 74.125.68.102: icmp_seq=0 ttl=52 time=1.353 ms
64 bytes from 74.125.68.102: icmp_seq=1 ttl=52 time=1.199 ms
64 bytes from 74.125.68.102: icmp_seq=2 ttl=52 time=1.268 ms
64 bytes from 74.125.68.102: icmp_seq=3 ttl=52 time=1.287 ms
^C--- google.com ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max/stddev = 1.199/1.277/1.353/0.055 ms
The VR uses 8.8.8.8 and 8.8.4.4 to resolve domains.
root@r-2606-VM:/etc# cat /etc/resolv.conf
nameserver 8.8.8.8
nameserver 8.8.4.4
I can ping both name servers without any issues.
root@r-2606-VM:/etc# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: icmp_seq=0 ttl=52 time=4.693 ms
64 bytes from 8.8.8.8: icmp_seq=1 ttl=52 time=2.390 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=52 time=2.523 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=52 time=2.458 ms
^C--- 8.8.8.8 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max/stddev = 2.390/3.016/4.693/0.969 ms
root@r-2606-VM:/etc# ping 8.8.4.4
PING 8.8.4.4 (8.8.4.4): 56 data bytes
64 bytes from 8.8.4.4: icmp_seq=0 ttl=52 time=2.649 ms
64 bytes from 8.8.4.4: icmp_seq=1 ttl=52 time=2.458 ms
64 bytes from 8.8.4.4: icmp_seq=2 ttl=52 time=2.436 ms
64 bytes from 8.8.4.4: icmp_seq=3 ttl=52 time=2.393 ms
^C--- 8.8.4.4 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max/stddev = 2.393/2.484/2.649/0.098 ms
Looking forward to your reply, thank you.
Cheers.
On Mon, Jul 21, 2014 at 12:18 PM, Sanjeev Neelarapu <
sanjeev.neelarapu@citrix.com> wrote:
> Hi,
>
> Can you check if the VR is able to resolve the domain names by pinging
> from VR ?
>
> -Sanjeev
>
> -----Original Message-----
> From: Vihar [mailto:vih1310@gmail.com]
> Sent: Monday, July 21, 2014 5:43 AM
> To: users@cloudstack.apache.org
> Cc: dev@cloudstack.apache.org
> Subject: RE: DNS service on VR not responding
>
> Hi,
>
> Yes, if I remove or comment out the first nameserver entry for the VR's
> IP, and only leaving 8.8.8.8 and 8.8.4.4, guest VMs will be running fine
> and will be able to resolve domains properly."
>
> Are you able to ping the first DNS server IP address that you commented
> out?
>
> Regards
> Vihar K
> On Jul 20, 2014 11:29 PM, "Santhosh Edukulla" <
> santhosh.edukulla@citrix.com>
> wrote:
>
> > Do a traceroute to an external domain say google.com from guest vm, as
> > you mentioned below, both by commenting out vr ip and not, in
> > resolv.conf, you may see the difference.
> >
> > "Yes, if I remove or comment out the first nameserver entry for the
> > VR's IP, and only leaving 8.8.8.8 and 8.8.4.4, guest VMs will be
> > running fine and will be able to resolve domains properly."
> >
> >
> > Santhosh
> > ________________________________________
> > From: Indra Pramana [indra@sg.or.id]
> > Sent: Sunday, July 20, 2014 1:48 PM
> > To: users@cloudstack.apache.org
> > Cc: dev@cloudstack.apache.org
> > Subject: Re: DNS service on VR not responding
> >
> > Hi Santhosh,
> >
> > Good day to you, and thank you for your email.
> >
> > Traceroute packets seems to be dropped, I think it's by default. See
> > result
> > below:
> >
> > # traceroute X.X.X.2
> > traceroute to X.X.X.2 (X.X.X.2), 30 hops max, 60 byte packets
> > 1 * * *
> > 2 * * *
> > 3 * * *
> >
> > However, I am able to ping, and there is a response when I tried to
> > telnet to port 53.
> >
> > 64 bytes from X.X.X.2: icmp_req=4 ttl=64 time=2.00 ms
> > 64 bytes from X.X.X.2: icmp_req=5 ttl=64 time=0.291 ms
> > 64 bytes from X.X.X.2: icmp_req=6 ttl=64 time=0.384 ms ^C
> > --- X.X.X.2 ping statistics ---
> > 6 packets transmitted, 6 received, 0% packet loss, time 4999ms rtt
> > min/avg/max/mdev = 0.270/0.603/2.006/0.628 ms
> >
> > # telnet X.X.X.2 53
> > Trying X.X.X.2...
> > Connected to X.X.X.2.
> > Escape character is '^]'.
> >
> > netstat -a on the VR shows the service is listening on domain port (53).
> >
> > tcp 0 0 r-2606-VM:domain *:*
> LISTEN
> >
> > tcp 0 0 X.X.X.2:domain *:* LISTEN
> >
> > udp 156992 0 r-2606-VM:domain *:*
> >
> > udp 164032 0 X.X.X.2:domain *:*
> >
> > Can you advise if there's anything else I need to check?
> >
> > Looking forward to your reply, thank you.
> >
> > Cheers.
> >
> >
> >
> >
> > On Mon, Jul 21, 2014 at 1:17 AM, Santhosh Edukulla <
> > santhosh.edukulla@citrix.com> wrote:
> >
> > > Run trace route from guest vms, the result will yield to the point
> > > where packet drop is happening, could be a network acl rule issue,
> > > but tracert command can lead to some answers.
> > >
> > > List running ports as well on VR, do a telnet to dns port on router
> > > from guest vm to verify for its response.
> > >
> > > Santhosh
> > > ________________________________________
> > > From: Indra Pramana [indra@sg.or.id]
> > > Sent: Sunday, July 20, 2014 1:06 PM
> > > To: users@cloudstack.apache.org
> > > Cc: dev@cloudstack.apache.org
> > > Subject: Re: DNS service on VR not responding
> > >
> > > Hi Rafael,
> > >
> > > Good day to you, and thank you for your reply.
> > >
> > > Can't find anything wrong on dnsmasq.log / daemon.log, just some log
> > > entries related to DHCP, nothing on DNS. I masked the IP addresses
> > > since they are public.
> > >
> > > ===
> > > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPDISCOVER(eth0) X.X.X.X
> > > 06:62:a8:01:13:37
> > > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPOFFER(eth0) X.X.X.X
> > > 06:62:a8:01:13:37
> > > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPREQUEST(eth0) X.X.X.X
> > > 06:62:a8:01:13:37
> > > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPACK(eth0) X.X.X.X
> > > 06:62:a8:01:13:37 yyyyyy
> > > Jul 20 16:23:53 r-2606-VM dnsmasq[3519]: DHCPINFORM(eth0) X.X.X.X
> > > 06:43:4a:01:12:65
> > > Jul 20 16:23:53 r-2606-VM dnsmasq[3519]: DHCPACK(eth0) X.X.X.X
> > > 06:43:4a:01:12:65 zzzzzz
> > > ===
> > >
> > > Yes, the guest VMs are having difficulties resolving domains into IP
> > > addresses because of the problem on the VR's DNS server.
> > >
> > > $ host www.google.com X.X.X.X (where X.X.X.X is the IP address of
> > > the
> > VR)
> > > ;; connection timed out; no servers could be reached
> > >
> > > However, from within the VR, I am able to resolve domains just fine.
> > >
> > > Any advise where can I start troubleshooting this?
> > >
> > > Looking forward to your reply, thank you.
> > >
> > > Cheers.
> > >
> > >
> > >
> > > On Sun, Jul 20, 2014 at 11:26 PM, Rafael Weingartner <
> > > rafaelweingartner@gmail.com> wrote:
> > >
> > > > Have you taken a look at dnsmasq.log in the VR ?
> > > > What do you mean with not responding? The addresses are not being
> > > resolved
> > > > to ip addresses?
> > > >
> > > >
> > > > On Sun, Jul 20, 2014 at 11:53 AM, Indra Pramana <in...@sg.or.id>
> > wrote:
> > > >
> > > > > Dear all,
> > > > >
> > > > > All our guest VMs are having our virtual router (VR)'s IP
> > > > > address on /etc/resolv.conf. In the past two weeks, I just
> > > > > realised that the DNS service on the VR is not working, and
> > > > > doesn't respond to DNS queries
> > > from
> > > > > the DNS clients on the guest VM.
> > > > >
> > > > > I have tried to stop and start back the VR, but the problem
> persists.
> > > > >
> > > > > DHCP services seems to be running fine, only DNS services are
> > > > > not
> > > > working.
> > > > > From what I understand, both services are provided by dnsmasq,
> > correct?
> > > > >
> > > > > Any advice on how can I resolve the problem?
> > > > >
> > > > > Looking forward to your reply, thank you.
> > > > >
> > > > > Cheers.
> > > > >
> > > >
> > > >
> > > >
> > > > --
> > > > Rafael Weingärtner
> > > >
> > >
>
RE: DNS service on VR not responding
Posted by Sanjeev Neelarapu <sa...@citrix.com>.
Hi,
Can you check if the VR is able to resolve the domain names by pinging from VR ?
-Sanjeev
-----Original Message-----
From: Vihar [mailto:vih1310@gmail.com]
Sent: Monday, July 21, 2014 5:43 AM
To: users@cloudstack.apache.org
Cc: dev@cloudstack.apache.org
Subject: RE: DNS service on VR not responding
Hi,
Yes, if I remove or comment out the first nameserver entry for the VR's IP, and only leaving 8.8.8.8 and 8.8.4.4, guest VMs will be running fine and will be able to resolve domains properly."
Are you able to ping the first DNS server IP address that you commented out?
Regards
Vihar K
On Jul 20, 2014 11:29 PM, "Santhosh Edukulla" <sa...@citrix.com>
wrote:
> Do a traceroute to an external domain say google.com from guest vm, as
> you mentioned below, both by commenting out vr ip and not, in
> resolv.conf, you may see the difference.
>
> "Yes, if I remove or comment out the first nameserver entry for the
> VR's IP, and only leaving 8.8.8.8 and 8.8.4.4, guest VMs will be
> running fine and will be able to resolve domains properly."
>
>
> Santhosh
> ________________________________________
> From: Indra Pramana [indra@sg.or.id]
> Sent: Sunday, July 20, 2014 1:48 PM
> To: users@cloudstack.apache.org
> Cc: dev@cloudstack.apache.org
> Subject: Re: DNS service on VR not responding
>
> Hi Santhosh,
>
> Good day to you, and thank you for your email.
>
> Traceroute packets seems to be dropped, I think it's by default. See
> result
> below:
>
> # traceroute X.X.X.2
> traceroute to X.X.X.2 (X.X.X.2), 30 hops max, 60 byte packets
> 1 * * *
> 2 * * *
> 3 * * *
>
> However, I am able to ping, and there is a response when I tried to
> telnet to port 53.
>
> 64 bytes from X.X.X.2: icmp_req=4 ttl=64 time=2.00 ms
> 64 bytes from X.X.X.2: icmp_req=5 ttl=64 time=0.291 ms
> 64 bytes from X.X.X.2: icmp_req=6 ttl=64 time=0.384 ms ^C
> --- X.X.X.2 ping statistics ---
> 6 packets transmitted, 6 received, 0% packet loss, time 4999ms rtt
> min/avg/max/mdev = 0.270/0.603/2.006/0.628 ms
>
> # telnet X.X.X.2 53
> Trying X.X.X.2...
> Connected to X.X.X.2.
> Escape character is '^]'.
>
> netstat -a on the VR shows the service is listening on domain port (53).
>
> tcp 0 0 r-2606-VM:domain *:* LISTEN
>
> tcp 0 0 X.X.X.2:domain *:* LISTEN
>
> udp 156992 0 r-2606-VM:domain *:*
>
> udp 164032 0 X.X.X.2:domain *:*
>
> Can you advise if there's anything else I need to check?
>
> Looking forward to your reply, thank you.
>
> Cheers.
>
>
>
>
> On Mon, Jul 21, 2014 at 1:17 AM, Santhosh Edukulla <
> santhosh.edukulla@citrix.com> wrote:
>
> > Run trace route from guest vms, the result will yield to the point
> > where packet drop is happening, could be a network acl rule issue,
> > but tracert command can lead to some answers.
> >
> > List running ports as well on VR, do a telnet to dns port on router
> > from guest vm to verify for its response.
> >
> > Santhosh
> > ________________________________________
> > From: Indra Pramana [indra@sg.or.id]
> > Sent: Sunday, July 20, 2014 1:06 PM
> > To: users@cloudstack.apache.org
> > Cc: dev@cloudstack.apache.org
> > Subject: Re: DNS service on VR not responding
> >
> > Hi Rafael,
> >
> > Good day to you, and thank you for your reply.
> >
> > Can't find anything wrong on dnsmasq.log / daemon.log, just some log
> > entries related to DHCP, nothing on DNS. I masked the IP addresses
> > since they are public.
> >
> > ===
> > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPDISCOVER(eth0) X.X.X.X
> > 06:62:a8:01:13:37
> > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPOFFER(eth0) X.X.X.X
> > 06:62:a8:01:13:37
> > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPREQUEST(eth0) X.X.X.X
> > 06:62:a8:01:13:37
> > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPACK(eth0) X.X.X.X
> > 06:62:a8:01:13:37 yyyyyy
> > Jul 20 16:23:53 r-2606-VM dnsmasq[3519]: DHCPINFORM(eth0) X.X.X.X
> > 06:43:4a:01:12:65
> > Jul 20 16:23:53 r-2606-VM dnsmasq[3519]: DHCPACK(eth0) X.X.X.X
> > 06:43:4a:01:12:65 zzzzzz
> > ===
> >
> > Yes, the guest VMs are having difficulties resolving domains into IP
> > addresses because of the problem on the VR's DNS server.
> >
> > $ host www.google.com X.X.X.X (where X.X.X.X is the IP address of
> > the
> VR)
> > ;; connection timed out; no servers could be reached
> >
> > However, from within the VR, I am able to resolve domains just fine.
> >
> > Any advise where can I start troubleshooting this?
> >
> > Looking forward to your reply, thank you.
> >
> > Cheers.
> >
> >
> >
> > On Sun, Jul 20, 2014 at 11:26 PM, Rafael Weingartner <
> > rafaelweingartner@gmail.com> wrote:
> >
> > > Have you taken a look at dnsmasq.log in the VR ?
> > > What do you mean with not responding? The addresses are not being
> > resolved
> > > to ip addresses?
> > >
> > >
> > > On Sun, Jul 20, 2014 at 11:53 AM, Indra Pramana <in...@sg.or.id>
> wrote:
> > >
> > > > Dear all,
> > > >
> > > > All our guest VMs are having our virtual router (VR)'s IP
> > > > address on /etc/resolv.conf. In the past two weeks, I just
> > > > realised that the DNS service on the VR is not working, and
> > > > doesn't respond to DNS queries
> > from
> > > > the DNS clients on the guest VM.
> > > >
> > > > I have tried to stop and start back the VR, but the problem persists.
> > > >
> > > > DHCP services seems to be running fine, only DNS services are
> > > > not
> > > working.
> > > > From what I understand, both services are provided by dnsmasq,
> correct?
> > > >
> > > > Any advice on how can I resolve the problem?
> > > >
> > > > Looking forward to your reply, thank you.
> > > >
> > > > Cheers.
> > > >
> > >
> > >
> > >
> > > --
> > > Rafael Weingärtner
> > >
> >
Re: DNS service on VR not responding
Posted by Indra Pramana <in...@sg.or.id>.
Hi Vihar,
Yes I can.
Looking forward to your reply, thank you.
Cheers.
On Mon, Jul 21, 2014 at 8:13 AM, Vihar <vi...@gmail.com> wrote:
> Hi,
>
> Yes, if I remove or comment out the first nameserver entry for the VR's
> IP, and only leaving 8.8.8.8 and 8.8.4.4, guest VMs will be running fine
> and will be able to resolve domains properly."
>
> Are you able to ping the first DNS server IP address that you commented
> out?
>
> Regards
> Vihar K
> On Jul 20, 2014 11:29 PM, "Santhosh Edukulla" <
> santhosh.edukulla@citrix.com>
> wrote:
>
> > Do a traceroute to an external domain say google.com from guest vm, as
> > you mentioned below, both by commenting out vr ip and not, in
> resolv.conf,
> > you may see the difference.
> >
> > "Yes, if I remove or comment out the first nameserver entry for the VR's
> > IP, and only leaving 8.8.8.8 and 8.8.4.4, guest VMs will be running fine
> > and will be able to resolve domains properly."
> >
> >
> > Santhosh
> > ________________________________________
> > From: Indra Pramana [indra@sg.or.id]
> > Sent: Sunday, July 20, 2014 1:48 PM
> > To: users@cloudstack.apache.org
> > Cc: dev@cloudstack.apache.org
> > Subject: Re: DNS service on VR not responding
> >
> > Hi Santhosh,
> >
> > Good day to you, and thank you for your email.
> >
> > Traceroute packets seems to be dropped, I think it's by default. See
> result
> > below:
> >
> > # traceroute X.X.X.2
> > traceroute to X.X.X.2 (X.X.X.2), 30 hops max, 60 byte packets
> > 1 * * *
> > 2 * * *
> > 3 * * *
> >
> > However, I am able to ping, and there is a response when I tried to
> telnet
> > to port 53.
> >
> > 64 bytes from X.X.X.2: icmp_req=4 ttl=64 time=2.00 ms
> > 64 bytes from X.X.X.2: icmp_req=5 ttl=64 time=0.291 ms
> > 64 bytes from X.X.X.2: icmp_req=6 ttl=64 time=0.384 ms
> > ^C
> > --- X.X.X.2 ping statistics ---
> > 6 packets transmitted, 6 received, 0% packet loss, time 4999ms
> > rtt min/avg/max/mdev = 0.270/0.603/2.006/0.628 ms
> >
> > # telnet X.X.X.2 53
> > Trying X.X.X.2...
> > Connected to X.X.X.2.
> > Escape character is '^]'.
> >
> > netstat -a on the VR shows the service is listening on domain port (53).
> >
> > tcp 0 0 r-2606-VM:domain *:*
> LISTEN
> >
> > tcp 0 0 X.X.X.2:domain *:* LISTEN
> >
> > udp 156992 0 r-2606-VM:domain *:*
> >
> > udp 164032 0 X.X.X.2:domain *:*
> >
> > Can you advise if there's anything else I need to check?
> >
> > Looking forward to your reply, thank you.
> >
> > Cheers.
> >
> >
> >
> >
> > On Mon, Jul 21, 2014 at 1:17 AM, Santhosh Edukulla <
> > santhosh.edukulla@citrix.com> wrote:
> >
> > > Run trace route from guest vms, the result will yield to the point
> where
> > > packet drop is happening, could be a network acl rule issue, but
> tracert
> > > command can lead to some answers.
> > >
> > > List running ports as well on VR, do a telnet to dns port on router
> from
> > > guest vm to verify for its response.
> > >
> > > Santhosh
> > > ________________________________________
> > > From: Indra Pramana [indra@sg.or.id]
> > > Sent: Sunday, July 20, 2014 1:06 PM
> > > To: users@cloudstack.apache.org
> > > Cc: dev@cloudstack.apache.org
> > > Subject: Re: DNS service on VR not responding
> > >
> > > Hi Rafael,
> > >
> > > Good day to you, and thank you for your reply.
> > >
> > > Can't find anything wrong on dnsmasq.log / daemon.log, just some log
> > > entries related to DHCP, nothing on DNS. I masked the IP addresses
> since
> > > they are public.
> > >
> > > ===
> > > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPDISCOVER(eth0) X.X.X.X
> > > 06:62:a8:01:13:37
> > > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPOFFER(eth0) X.X.X.X
> > > 06:62:a8:01:13:37
> > > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPREQUEST(eth0) X.X.X.X
> > > 06:62:a8:01:13:37
> > > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPACK(eth0) X.X.X.X
> > > 06:62:a8:01:13:37 yyyyyy
> > > Jul 20 16:23:53 r-2606-VM dnsmasq[3519]: DHCPINFORM(eth0) X.X.X.X
> > > 06:43:4a:01:12:65
> > > Jul 20 16:23:53 r-2606-VM dnsmasq[3519]: DHCPACK(eth0) X.X.X.X
> > > 06:43:4a:01:12:65 zzzzzz
> > > ===
> > >
> > > Yes, the guest VMs are having difficulties resolving domains into IP
> > > addresses because of the problem on the VR's DNS server.
> > >
> > > $ host www.google.com X.X.X.X (where X.X.X.X is the IP address of the
> > VR)
> > > ;; connection timed out; no servers could be reached
> > >
> > > However, from within the VR, I am able to resolve domains just fine.
> > >
> > > Any advise where can I start troubleshooting this?
> > >
> > > Looking forward to your reply, thank you.
> > >
> > > Cheers.
> > >
> > >
> > >
> > > On Sun, Jul 20, 2014 at 11:26 PM, Rafael Weingartner <
> > > rafaelweingartner@gmail.com> wrote:
> > >
> > > > Have you taken a look at dnsmasq.log in the VR ?
> > > > What do you mean with not responding? The addresses are not being
> > > resolved
> > > > to ip addresses?
> > > >
> > > >
> > > > On Sun, Jul 20, 2014 at 11:53 AM, Indra Pramana <in...@sg.or.id>
> > wrote:
> > > >
> > > > > Dear all,
> > > > >
> > > > > All our guest VMs are having our virtual router (VR)'s IP address
> on
> > > > > /etc/resolv.conf. In the past two weeks, I just realised that the
> DNS
> > > > > service on the VR is not working, and doesn't respond to DNS
> queries
> > > from
> > > > > the DNS clients on the guest VM.
> > > > >
> > > > > I have tried to stop and start back the VR, but the problem
> persists.
> > > > >
> > > > > DHCP services seems to be running fine, only DNS services are not
> > > > working.
> > > > > From what I understand, both services are provided by dnsmasq,
> > correct?
> > > > >
> > > > > Any advice on how can I resolve the problem?
> > > > >
> > > > > Looking forward to your reply, thank you.
> > > > >
> > > > > Cheers.
> > > > >
> > > >
> > > >
> > > >
> > > > --
> > > > Rafael Weingärtner
> > > >
> > >
>
Re: DNS service on VR not responding
Posted by Indra Pramana <in...@sg.or.id>.
Hi Vihar,
Yes I can.
Looking forward to your reply, thank you.
Cheers.
On Mon, Jul 21, 2014 at 8:13 AM, Vihar <vi...@gmail.com> wrote:
> Hi,
>
> Yes, if I remove or comment out the first nameserver entry for the VR's
> IP, and only leaving 8.8.8.8 and 8.8.4.4, guest VMs will be running fine
> and will be able to resolve domains properly."
>
> Are you able to ping the first DNS server IP address that you commented
> out?
>
> Regards
> Vihar K
> On Jul 20, 2014 11:29 PM, "Santhosh Edukulla" <
> santhosh.edukulla@citrix.com>
> wrote:
>
> > Do a traceroute to an external domain say google.com from guest vm, as
> > you mentioned below, both by commenting out vr ip and not, in
> resolv.conf,
> > you may see the difference.
> >
> > "Yes, if I remove or comment out the first nameserver entry for the VR's
> > IP, and only leaving 8.8.8.8 and 8.8.4.4, guest VMs will be running fine
> > and will be able to resolve domains properly."
> >
> >
> > Santhosh
> > ________________________________________
> > From: Indra Pramana [indra@sg.or.id]
> > Sent: Sunday, July 20, 2014 1:48 PM
> > To: users@cloudstack.apache.org
> > Cc: dev@cloudstack.apache.org
> > Subject: Re: DNS service on VR not responding
> >
> > Hi Santhosh,
> >
> > Good day to you, and thank you for your email.
> >
> > Traceroute packets seems to be dropped, I think it's by default. See
> result
> > below:
> >
> > # traceroute X.X.X.2
> > traceroute to X.X.X.2 (X.X.X.2), 30 hops max, 60 byte packets
> > 1 * * *
> > 2 * * *
> > 3 * * *
> >
> > However, I am able to ping, and there is a response when I tried to
> telnet
> > to port 53.
> >
> > 64 bytes from X.X.X.2: icmp_req=4 ttl=64 time=2.00 ms
> > 64 bytes from X.X.X.2: icmp_req=5 ttl=64 time=0.291 ms
> > 64 bytes from X.X.X.2: icmp_req=6 ttl=64 time=0.384 ms
> > ^C
> > --- X.X.X.2 ping statistics ---
> > 6 packets transmitted, 6 received, 0% packet loss, time 4999ms
> > rtt min/avg/max/mdev = 0.270/0.603/2.006/0.628 ms
> >
> > # telnet X.X.X.2 53
> > Trying X.X.X.2...
> > Connected to X.X.X.2.
> > Escape character is '^]'.
> >
> > netstat -a on the VR shows the service is listening on domain port (53).
> >
> > tcp 0 0 r-2606-VM:domain *:*
> LISTEN
> >
> > tcp 0 0 X.X.X.2:domain *:* LISTEN
> >
> > udp 156992 0 r-2606-VM:domain *:*
> >
> > udp 164032 0 X.X.X.2:domain *:*
> >
> > Can you advise if there's anything else I need to check?
> >
> > Looking forward to your reply, thank you.
> >
> > Cheers.
> >
> >
> >
> >
> > On Mon, Jul 21, 2014 at 1:17 AM, Santhosh Edukulla <
> > santhosh.edukulla@citrix.com> wrote:
> >
> > > Run trace route from guest vms, the result will yield to the point
> where
> > > packet drop is happening, could be a network acl rule issue, but
> tracert
> > > command can lead to some answers.
> > >
> > > List running ports as well on VR, do a telnet to dns port on router
> from
> > > guest vm to verify for its response.
> > >
> > > Santhosh
> > > ________________________________________
> > > From: Indra Pramana [indra@sg.or.id]
> > > Sent: Sunday, July 20, 2014 1:06 PM
> > > To: users@cloudstack.apache.org
> > > Cc: dev@cloudstack.apache.org
> > > Subject: Re: DNS service on VR not responding
> > >
> > > Hi Rafael,
> > >
> > > Good day to you, and thank you for your reply.
> > >
> > > Can't find anything wrong on dnsmasq.log / daemon.log, just some log
> > > entries related to DHCP, nothing on DNS. I masked the IP addresses
> since
> > > they are public.
> > >
> > > ===
> > > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPDISCOVER(eth0) X.X.X.X
> > > 06:62:a8:01:13:37
> > > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPOFFER(eth0) X.X.X.X
> > > 06:62:a8:01:13:37
> > > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPREQUEST(eth0) X.X.X.X
> > > 06:62:a8:01:13:37
> > > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPACK(eth0) X.X.X.X
> > > 06:62:a8:01:13:37 yyyyyy
> > > Jul 20 16:23:53 r-2606-VM dnsmasq[3519]: DHCPINFORM(eth0) X.X.X.X
> > > 06:43:4a:01:12:65
> > > Jul 20 16:23:53 r-2606-VM dnsmasq[3519]: DHCPACK(eth0) X.X.X.X
> > > 06:43:4a:01:12:65 zzzzzz
> > > ===
> > >
> > > Yes, the guest VMs are having difficulties resolving domains into IP
> > > addresses because of the problem on the VR's DNS server.
> > >
> > > $ host www.google.com X.X.X.X (where X.X.X.X is the IP address of the
> > VR)
> > > ;; connection timed out; no servers could be reached
> > >
> > > However, from within the VR, I am able to resolve domains just fine.
> > >
> > > Any advise where can I start troubleshooting this?
> > >
> > > Looking forward to your reply, thank you.
> > >
> > > Cheers.
> > >
> > >
> > >
> > > On Sun, Jul 20, 2014 at 11:26 PM, Rafael Weingartner <
> > > rafaelweingartner@gmail.com> wrote:
> > >
> > > > Have you taken a look at dnsmasq.log in the VR ?
> > > > What do you mean with not responding? The addresses are not being
> > > resolved
> > > > to ip addresses?
> > > >
> > > >
> > > > On Sun, Jul 20, 2014 at 11:53 AM, Indra Pramana <in...@sg.or.id>
> > wrote:
> > > >
> > > > > Dear all,
> > > > >
> > > > > All our guest VMs are having our virtual router (VR)'s IP address
> on
> > > > > /etc/resolv.conf. In the past two weeks, I just realised that the
> DNS
> > > > > service on the VR is not working, and doesn't respond to DNS
> queries
> > > from
> > > > > the DNS clients on the guest VM.
> > > > >
> > > > > I have tried to stop and start back the VR, but the problem
> persists.
> > > > >
> > > > > DHCP services seems to be running fine, only DNS services are not
> > > > working.
> > > > > From what I understand, both services are provided by dnsmasq,
> > correct?
> > > > >
> > > > > Any advice on how can I resolve the problem?
> > > > >
> > > > > Looking forward to your reply, thank you.
> > > > >
> > > > > Cheers.
> > > > >
> > > >
> > > >
> > > >
> > > > --
> > > > Rafael Weingärtner
> > > >
> > >
>
RE: DNS service on VR not responding
Posted by Sanjeev Neelarapu <sa...@citrix.com>.
Hi,
Can you check if the VR is able to resolve the domain names by pinging from VR ?
-Sanjeev
-----Original Message-----
From: Vihar [mailto:vih1310@gmail.com]
Sent: Monday, July 21, 2014 5:43 AM
To: users@cloudstack.apache.org
Cc: dev@cloudstack.apache.org
Subject: RE: DNS service on VR not responding
Hi,
Yes, if I remove or comment out the first nameserver entry for the VR's IP, and only leaving 8.8.8.8 and 8.8.4.4, guest VMs will be running fine and will be able to resolve domains properly."
Are you able to ping the first DNS server IP address that you commented out?
Regards
Vihar K
On Jul 20, 2014 11:29 PM, "Santhosh Edukulla" <sa...@citrix.com>
wrote:
> Do a traceroute to an external domain say google.com from guest vm, as
> you mentioned below, both by commenting out vr ip and not, in
> resolv.conf, you may see the difference.
>
> "Yes, if I remove or comment out the first nameserver entry for the
> VR's IP, and only leaving 8.8.8.8 and 8.8.4.4, guest VMs will be
> running fine and will be able to resolve domains properly."
>
>
> Santhosh
> ________________________________________
> From: Indra Pramana [indra@sg.or.id]
> Sent: Sunday, July 20, 2014 1:48 PM
> To: users@cloudstack.apache.org
> Cc: dev@cloudstack.apache.org
> Subject: Re: DNS service on VR not responding
>
> Hi Santhosh,
>
> Good day to you, and thank you for your email.
>
> Traceroute packets seems to be dropped, I think it's by default. See
> result
> below:
>
> # traceroute X.X.X.2
> traceroute to X.X.X.2 (X.X.X.2), 30 hops max, 60 byte packets
> 1 * * *
> 2 * * *
> 3 * * *
>
> However, I am able to ping, and there is a response when I tried to
> telnet to port 53.
>
> 64 bytes from X.X.X.2: icmp_req=4 ttl=64 time=2.00 ms
> 64 bytes from X.X.X.2: icmp_req=5 ttl=64 time=0.291 ms
> 64 bytes from X.X.X.2: icmp_req=6 ttl=64 time=0.384 ms ^C
> --- X.X.X.2 ping statistics ---
> 6 packets transmitted, 6 received, 0% packet loss, time 4999ms rtt
> min/avg/max/mdev = 0.270/0.603/2.006/0.628 ms
>
> # telnet X.X.X.2 53
> Trying X.X.X.2...
> Connected to X.X.X.2.
> Escape character is '^]'.
>
> netstat -a on the VR shows the service is listening on domain port (53).
>
> tcp 0 0 r-2606-VM:domain *:* LISTEN
>
> tcp 0 0 X.X.X.2:domain *:* LISTEN
>
> udp 156992 0 r-2606-VM:domain *:*
>
> udp 164032 0 X.X.X.2:domain *:*
>
> Can you advise if there's anything else I need to check?
>
> Looking forward to your reply, thank you.
>
> Cheers.
>
>
>
>
> On Mon, Jul 21, 2014 at 1:17 AM, Santhosh Edukulla <
> santhosh.edukulla@citrix.com> wrote:
>
> > Run trace route from guest vms, the result will yield to the point
> > where packet drop is happening, could be a network acl rule issue,
> > but tracert command can lead to some answers.
> >
> > List running ports as well on VR, do a telnet to dns port on router
> > from guest vm to verify for its response.
> >
> > Santhosh
> > ________________________________________
> > From: Indra Pramana [indra@sg.or.id]
> > Sent: Sunday, July 20, 2014 1:06 PM
> > To: users@cloudstack.apache.org
> > Cc: dev@cloudstack.apache.org
> > Subject: Re: DNS service on VR not responding
> >
> > Hi Rafael,
> >
> > Good day to you, and thank you for your reply.
> >
> > Can't find anything wrong on dnsmasq.log / daemon.log, just some log
> > entries related to DHCP, nothing on DNS. I masked the IP addresses
> > since they are public.
> >
> > ===
> > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPDISCOVER(eth0) X.X.X.X
> > 06:62:a8:01:13:37
> > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPOFFER(eth0) X.X.X.X
> > 06:62:a8:01:13:37
> > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPREQUEST(eth0) X.X.X.X
> > 06:62:a8:01:13:37
> > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPACK(eth0) X.X.X.X
> > 06:62:a8:01:13:37 yyyyyy
> > Jul 20 16:23:53 r-2606-VM dnsmasq[3519]: DHCPINFORM(eth0) X.X.X.X
> > 06:43:4a:01:12:65
> > Jul 20 16:23:53 r-2606-VM dnsmasq[3519]: DHCPACK(eth0) X.X.X.X
> > 06:43:4a:01:12:65 zzzzzz
> > ===
> >
> > Yes, the guest VMs are having difficulties resolving domains into IP
> > addresses because of the problem on the VR's DNS server.
> >
> > $ host www.google.com X.X.X.X (where X.X.X.X is the IP address of
> > the
> VR)
> > ;; connection timed out; no servers could be reached
> >
> > However, from within the VR, I am able to resolve domains just fine.
> >
> > Any advise where can I start troubleshooting this?
> >
> > Looking forward to your reply, thank you.
> >
> > Cheers.
> >
> >
> >
> > On Sun, Jul 20, 2014 at 11:26 PM, Rafael Weingartner <
> > rafaelweingartner@gmail.com> wrote:
> >
> > > Have you taken a look at dnsmasq.log in the VR ?
> > > What do you mean with not responding? The addresses are not being
> > resolved
> > > to ip addresses?
> > >
> > >
> > > On Sun, Jul 20, 2014 at 11:53 AM, Indra Pramana <in...@sg.or.id>
> wrote:
> > >
> > > > Dear all,
> > > >
> > > > All our guest VMs are having our virtual router (VR)'s IP
> > > > address on /etc/resolv.conf. In the past two weeks, I just
> > > > realised that the DNS service on the VR is not working, and
> > > > doesn't respond to DNS queries
> > from
> > > > the DNS clients on the guest VM.
> > > >
> > > > I have tried to stop and start back the VR, but the problem persists.
> > > >
> > > > DHCP services seems to be running fine, only DNS services are
> > > > not
> > > working.
> > > > From what I understand, both services are provided by dnsmasq,
> correct?
> > > >
> > > > Any advice on how can I resolve the problem?
> > > >
> > > > Looking forward to your reply, thank you.
> > > >
> > > > Cheers.
> > > >
> > >
> > >
> > >
> > > --
> > > Rafael Weingärtner
> > >
> >
RE: DNS service on VR not responding
Posted by Vihar <vi...@gmail.com>.
Hi,
Yes, if I remove or comment out the first nameserver entry for the VR's
IP, and only leaving 8.8.8.8 and 8.8.4.4, guest VMs will be running fine
and will be able to resolve domains properly."
Are you able to ping the first DNS server IP address that you commented out?
Regards
Vihar K
On Jul 20, 2014 11:29 PM, "Santhosh Edukulla" <sa...@citrix.com>
wrote:
> Do a traceroute to an external domain say google.com from guest vm, as
> you mentioned below, both by commenting out vr ip and not, in resolv.conf,
> you may see the difference.
>
> "Yes, if I remove or comment out the first nameserver entry for the VR's
> IP, and only leaving 8.8.8.8 and 8.8.4.4, guest VMs will be running fine
> and will be able to resolve domains properly."
>
>
> Santhosh
> ________________________________________
> From: Indra Pramana [indra@sg.or.id]
> Sent: Sunday, July 20, 2014 1:48 PM
> To: users@cloudstack.apache.org
> Cc: dev@cloudstack.apache.org
> Subject: Re: DNS service on VR not responding
>
> Hi Santhosh,
>
> Good day to you, and thank you for your email.
>
> Traceroute packets seems to be dropped, I think it's by default. See result
> below:
>
> # traceroute X.X.X.2
> traceroute to X.X.X.2 (X.X.X.2), 30 hops max, 60 byte packets
> 1 * * *
> 2 * * *
> 3 * * *
>
> However, I am able to ping, and there is a response when I tried to telnet
> to port 53.
>
> 64 bytes from X.X.X.2: icmp_req=4 ttl=64 time=2.00 ms
> 64 bytes from X.X.X.2: icmp_req=5 ttl=64 time=0.291 ms
> 64 bytes from X.X.X.2: icmp_req=6 ttl=64 time=0.384 ms
> ^C
> --- X.X.X.2 ping statistics ---
> 6 packets transmitted, 6 received, 0% packet loss, time 4999ms
> rtt min/avg/max/mdev = 0.270/0.603/2.006/0.628 ms
>
> # telnet X.X.X.2 53
> Trying X.X.X.2...
> Connected to X.X.X.2.
> Escape character is '^]'.
>
> netstat -a on the VR shows the service is listening on domain port (53).
>
> tcp 0 0 r-2606-VM:domain *:* LISTEN
>
> tcp 0 0 X.X.X.2:domain *:* LISTEN
>
> udp 156992 0 r-2606-VM:domain *:*
>
> udp 164032 0 X.X.X.2:domain *:*
>
> Can you advise if there's anything else I need to check?
>
> Looking forward to your reply, thank you.
>
> Cheers.
>
>
>
>
> On Mon, Jul 21, 2014 at 1:17 AM, Santhosh Edukulla <
> santhosh.edukulla@citrix.com> wrote:
>
> > Run trace route from guest vms, the result will yield to the point where
> > packet drop is happening, could be a network acl rule issue, but tracert
> > command can lead to some answers.
> >
> > List running ports as well on VR, do a telnet to dns port on router from
> > guest vm to verify for its response.
> >
> > Santhosh
> > ________________________________________
> > From: Indra Pramana [indra@sg.or.id]
> > Sent: Sunday, July 20, 2014 1:06 PM
> > To: users@cloudstack.apache.org
> > Cc: dev@cloudstack.apache.org
> > Subject: Re: DNS service on VR not responding
> >
> > Hi Rafael,
> >
> > Good day to you, and thank you for your reply.
> >
> > Can't find anything wrong on dnsmasq.log / daemon.log, just some log
> > entries related to DHCP, nothing on DNS. I masked the IP addresses since
> > they are public.
> >
> > ===
> > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPDISCOVER(eth0) X.X.X.X
> > 06:62:a8:01:13:37
> > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPOFFER(eth0) X.X.X.X
> > 06:62:a8:01:13:37
> > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPREQUEST(eth0) X.X.X.X
> > 06:62:a8:01:13:37
> > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPACK(eth0) X.X.X.X
> > 06:62:a8:01:13:37 yyyyyy
> > Jul 20 16:23:53 r-2606-VM dnsmasq[3519]: DHCPINFORM(eth0) X.X.X.X
> > 06:43:4a:01:12:65
> > Jul 20 16:23:53 r-2606-VM dnsmasq[3519]: DHCPACK(eth0) X.X.X.X
> > 06:43:4a:01:12:65 zzzzzz
> > ===
> >
> > Yes, the guest VMs are having difficulties resolving domains into IP
> > addresses because of the problem on the VR's DNS server.
> >
> > $ host www.google.com X.X.X.X (where X.X.X.X is the IP address of the
> VR)
> > ;; connection timed out; no servers could be reached
> >
> > However, from within the VR, I am able to resolve domains just fine.
> >
> > Any advise where can I start troubleshooting this?
> >
> > Looking forward to your reply, thank you.
> >
> > Cheers.
> >
> >
> >
> > On Sun, Jul 20, 2014 at 11:26 PM, Rafael Weingartner <
> > rafaelweingartner@gmail.com> wrote:
> >
> > > Have you taken a look at dnsmasq.log in the VR ?
> > > What do you mean with not responding? The addresses are not being
> > resolved
> > > to ip addresses?
> > >
> > >
> > > On Sun, Jul 20, 2014 at 11:53 AM, Indra Pramana <in...@sg.or.id>
> wrote:
> > >
> > > > Dear all,
> > > >
> > > > All our guest VMs are having our virtual router (VR)'s IP address on
> > > > /etc/resolv.conf. In the past two weeks, I just realised that the DNS
> > > > service on the VR is not working, and doesn't respond to DNS queries
> > from
> > > > the DNS clients on the guest VM.
> > > >
> > > > I have tried to stop and start back the VR, but the problem persists.
> > > >
> > > > DHCP services seems to be running fine, only DNS services are not
> > > working.
> > > > From what I understand, both services are provided by dnsmasq,
> correct?
> > > >
> > > > Any advice on how can I resolve the problem?
> > > >
> > > > Looking forward to your reply, thank you.
> > > >
> > > > Cheers.
> > > >
> > >
> > >
> > >
> > > --
> > > Rafael Weingärtner
> > >
> >
RE: DNS service on VR not responding
Posted by Santhosh Edukulla <sa...@citrix.com>.
Do a traceroute to an external domain say google.com from guest vm, as you mentioned below, both by commenting out vr ip and not, in resolv.conf, you may see the difference.
"Yes, if I remove or comment out the first nameserver entry for the VR's
IP, and only leaving 8.8.8.8 and 8.8.4.4, guest VMs will be running fine
and will be able to resolve domains properly."
Santhosh
________________________________________
From: Indra Pramana [indra@sg.or.id]
Sent: Sunday, July 20, 2014 1:48 PM
To: users@cloudstack.apache.org
Cc: dev@cloudstack.apache.org
Subject: Re: DNS service on VR not responding
Hi Santhosh,
Good day to you, and thank you for your email.
Traceroute packets seems to be dropped, I think it's by default. See result
below:
# traceroute X.X.X.2
traceroute to X.X.X.2 (X.X.X.2), 30 hops max, 60 byte packets
1 * * *
2 * * *
3 * * *
However, I am able to ping, and there is a response when I tried to telnet
to port 53.
64 bytes from X.X.X.2: icmp_req=4 ttl=64 time=2.00 ms
64 bytes from X.X.X.2: icmp_req=5 ttl=64 time=0.291 ms
64 bytes from X.X.X.2: icmp_req=6 ttl=64 time=0.384 ms
^C
--- X.X.X.2 ping statistics ---
6 packets transmitted, 6 received, 0% packet loss, time 4999ms
rtt min/avg/max/mdev = 0.270/0.603/2.006/0.628 ms
# telnet X.X.X.2 53
Trying X.X.X.2...
Connected to X.X.X.2.
Escape character is '^]'.
netstat -a on the VR shows the service is listening on domain port (53).
tcp 0 0 r-2606-VM:domain *:* LISTEN
tcp 0 0 X.X.X.2:domain *:* LISTEN
udp 156992 0 r-2606-VM:domain *:*
udp 164032 0 X.X.X.2:domain *:*
Can you advise if there's anything else I need to check?
Looking forward to your reply, thank you.
Cheers.
On Mon, Jul 21, 2014 at 1:17 AM, Santhosh Edukulla <
santhosh.edukulla@citrix.com> wrote:
> Run trace route from guest vms, the result will yield to the point where
> packet drop is happening, could be a network acl rule issue, but tracert
> command can lead to some answers.
>
> List running ports as well on VR, do a telnet to dns port on router from
> guest vm to verify for its response.
>
> Santhosh
> ________________________________________
> From: Indra Pramana [indra@sg.or.id]
> Sent: Sunday, July 20, 2014 1:06 PM
> To: users@cloudstack.apache.org
> Cc: dev@cloudstack.apache.org
> Subject: Re: DNS service on VR not responding
>
> Hi Rafael,
>
> Good day to you, and thank you for your reply.
>
> Can't find anything wrong on dnsmasq.log / daemon.log, just some log
> entries related to DHCP, nothing on DNS. I masked the IP addresses since
> they are public.
>
> ===
> Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPDISCOVER(eth0) X.X.X.X
> 06:62:a8:01:13:37
> Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPOFFER(eth0) X.X.X.X
> 06:62:a8:01:13:37
> Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPREQUEST(eth0) X.X.X.X
> 06:62:a8:01:13:37
> Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPACK(eth0) X.X.X.X
> 06:62:a8:01:13:37 yyyyyy
> Jul 20 16:23:53 r-2606-VM dnsmasq[3519]: DHCPINFORM(eth0) X.X.X.X
> 06:43:4a:01:12:65
> Jul 20 16:23:53 r-2606-VM dnsmasq[3519]: DHCPACK(eth0) X.X.X.X
> 06:43:4a:01:12:65 zzzzzz
> ===
>
> Yes, the guest VMs are having difficulties resolving domains into IP
> addresses because of the problem on the VR's DNS server.
>
> $ host www.google.com X.X.X.X (where X.X.X.X is the IP address of the VR)
> ;; connection timed out; no servers could be reached
>
> However, from within the VR, I am able to resolve domains just fine.
>
> Any advise where can I start troubleshooting this?
>
> Looking forward to your reply, thank you.
>
> Cheers.
>
>
>
> On Sun, Jul 20, 2014 at 11:26 PM, Rafael Weingartner <
> rafaelweingartner@gmail.com> wrote:
>
> > Have you taken a look at dnsmasq.log in the VR ?
> > What do you mean with not responding? The addresses are not being
> resolved
> > to ip addresses?
> >
> >
> > On Sun, Jul 20, 2014 at 11:53 AM, Indra Pramana <in...@sg.or.id> wrote:
> >
> > > Dear all,
> > >
> > > All our guest VMs are having our virtual router (VR)'s IP address on
> > > /etc/resolv.conf. In the past two weeks, I just realised that the DNS
> > > service on the VR is not working, and doesn't respond to DNS queries
> from
> > > the DNS clients on the guest VM.
> > >
> > > I have tried to stop and start back the VR, but the problem persists.
> > >
> > > DHCP services seems to be running fine, only DNS services are not
> > working.
> > > From what I understand, both services are provided by dnsmasq, correct?
> > >
> > > Any advice on how can I resolve the problem?
> > >
> > > Looking forward to your reply, thank you.
> > >
> > > Cheers.
> > >
> >
> >
> >
> > --
> > Rafael Weingärtner
> >
>
Re: DNS service on VR not responding
Posted by Rafael Weingartner <ra...@gmail.com>.
A think there is another ano,
I will take a look here.
enable this option, a try to use your VR as a DNS server, take a look at
the dnsmasq.log a see if it is trying so resolve the queries.
On Mon, Jul 21, 2014 at 1:46 AM, Indra Pramana <in...@sg.or.id> wrote:
> Hi Rafael,
>
> Can I confirm it's this one?
>
> # For debugging purposes, log each DNS query as it passes through
> # dnsmasq.
> #log-queries
>
> Looking forward to your reply, thank you.
>
> Cheers.
>
>
>
> On Mon, Jul 21, 2014 at 1:59 AM, Rafael Weingartner <
> rafaelweingartner@gmail.com> wrote:
>
> > 4. May I know how to enable the dnsmasq debug? Any documentation / steps
> on
> > how to do it? I believe I have to do it on the VR itself?
> > Sure you have to do that on VR itself.
> > You should edit the file /etc/dnsmasq.conf
> >
> > Now I am not able to access my VR to see which property you should
> enable.
> > But, if you log into the VR and open the /etc/dnsmasq.conf, you should be
> > able to see a debug option commented.
> >
> > You just need to uncomment it and restart the service.
> >
> >
> > On Sun, Jul 20, 2014 at 2:48 PM, Indra Pramana <in...@sg.or.id> wrote:
> >
> > > Hi Santhosh,
> > >
> > > Good day to you, and thank you for your email.
> > >
> > > Traceroute packets seems to be dropped, I think it's by default. See
> > result
> > > below:
> > >
> > > # traceroute X.X.X.2
> > > traceroute to X.X.X.2 (X.X.X.2), 30 hops max, 60 byte packets
> > > 1 * * *
> > > 2 * * *
> > > 3 * * *
> > >
> > > However, I am able to ping, and there is a response when I tried to
> > telnet
> > > to port 53.
> > >
> > > 64 bytes from X.X.X.2: icmp_req=4 ttl=64 time=2.00 ms
> > > 64 bytes from X.X.X.2: icmp_req=5 ttl=64 time=0.291 ms
> > > 64 bytes from X.X.X.2: icmp_req=6 ttl=64 time=0.384 ms
> > > ^C
> > > --- X.X.X.2 ping statistics ---
> > > 6 packets transmitted, 6 received, 0% packet loss, time 4999ms
> > > rtt min/avg/max/mdev = 0.270/0.603/2.006/0.628 ms
> > >
> > > # telnet X.X.X.2 53
> > > Trying X.X.X.2...
> > > Connected to X.X.X.2.
> > > Escape character is '^]'.
> > >
> > > netstat -a on the VR shows the service is listening on domain port
> (53).
> > >
> > > tcp 0 0 r-2606-VM:domain *:*
> > LISTEN
> > >
> > > tcp 0 0 X.X.X.2:domain *:* LISTEN
> > >
> > > udp 156992 0 r-2606-VM:domain *:*
> > >
> > > udp 164032 0 X.X.X.2:domain *:*
> > >
> > > Can you advise if there's anything else I need to check?
> > >
> > > Looking forward to your reply, thank you.
> > >
> > > Cheers.
> > >
> > >
> > >
> > >
> > > On Mon, Jul 21, 2014 at 1:17 AM, Santhosh Edukulla <
> > > santhosh.edukulla@citrix.com> wrote:
> > >
> > > > Run trace route from guest vms, the result will yield to the point
> > where
> > > > packet drop is happening, could be a network acl rule issue, but
> > tracert
> > > > command can lead to some answers.
> > > >
> > > > List running ports as well on VR, do a telnet to dns port on router
> > from
> > > > guest vm to verify for its response.
> > > >
> > > > Santhosh
> > > > ________________________________________
> > > > From: Indra Pramana [indra@sg.or.id]
> > > > Sent: Sunday, July 20, 2014 1:06 PM
> > > > To: users@cloudstack.apache.org
> > > > Cc: dev@cloudstack.apache.org
> > > > Subject: Re: DNS service on VR not responding
> > > >
> > > > Hi Rafael,
> > > >
> > > > Good day to you, and thank you for your reply.
> > > >
> > > > Can't find anything wrong on dnsmasq.log / daemon.log, just some log
> > > > entries related to DHCP, nothing on DNS. I masked the IP addresses
> > since
> > > > they are public.
> > > >
> > > > ===
> > > > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPDISCOVER(eth0) X.X.X.X
> > > > 06:62:a8:01:13:37
> > > > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPOFFER(eth0) X.X.X.X
> > > > 06:62:a8:01:13:37
> > > > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPREQUEST(eth0) X.X.X.X
> > > > 06:62:a8:01:13:37
> > > > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPACK(eth0) X.X.X.X
> > > > 06:62:a8:01:13:37 yyyyyy
> > > > Jul 20 16:23:53 r-2606-VM dnsmasq[3519]: DHCPINFORM(eth0) X.X.X.X
> > > > 06:43:4a:01:12:65
> > > > Jul 20 16:23:53 r-2606-VM dnsmasq[3519]: DHCPACK(eth0) X.X.X.X
> > > > 06:43:4a:01:12:65 zzzzzz
> > > > ===
> > > >
> > > > Yes, the guest VMs are having difficulties resolving domains into IP
> > > > addresses because of the problem on the VR's DNS server.
> > > >
> > > > $ host www.google.com X.X.X.X (where X.X.X.X is the IP address of
> the
> > > VR)
> > > > ;; connection timed out; no servers could be reached
> > > >
> > > > However, from within the VR, I am able to resolve domains just fine.
> > > >
> > > > Any advise where can I start troubleshooting this?
> > > >
> > > > Looking forward to your reply, thank you.
> > > >
> > > > Cheers.
> > > >
> > > >
> > > >
> > > > On Sun, Jul 20, 2014 at 11:26 PM, Rafael Weingartner <
> > > > rafaelweingartner@gmail.com> wrote:
> > > >
> > > > > Have you taken a look at dnsmasq.log in the VR ?
> > > > > What do you mean with not responding? The addresses are not being
> > > > resolved
> > > > > to ip addresses?
> > > > >
> > > > >
> > > > > On Sun, Jul 20, 2014 at 11:53 AM, Indra Pramana <in...@sg.or.id>
> > > wrote:
> > > > >
> > > > > > Dear all,
> > > > > >
> > > > > > All our guest VMs are having our virtual router (VR)'s IP address
> > on
> > > > > > /etc/resolv.conf. In the past two weeks, I just realised that the
> > DNS
> > > > > > service on the VR is not working, and doesn't respond to DNS
> > queries
> > > > from
> > > > > > the DNS clients on the guest VM.
> > > > > >
> > > > > > I have tried to stop and start back the VR, but the problem
> > persists.
> > > > > >
> > > > > > DHCP services seems to be running fine, only DNS services are not
> > > > > working.
> > > > > > From what I understand, both services are provided by dnsmasq,
> > > correct?
> > > > > >
> > > > > > Any advice on how can I resolve the problem?
> > > > > >
> > > > > > Looking forward to your reply, thank you.
> > > > > >
> > > > > > Cheers.
> > > > > >
> > > > >
> > > > >
> > > > >
> > > > > --
> > > > > Rafael Weingärtner
> > > > >
> > > >
> > >
> >
> >
> >
> > --
> > Rafael Weingärtner
> >
>
--
Rafael Weingärtner
Re: DNS service on VR not responding
Posted by Indra Pramana <in...@sg.or.id>.
Hi Rafael,
Can I confirm it's this one?
# For debugging purposes, log each DNS query as it passes through
# dnsmasq.
#log-queries
Looking forward to your reply, thank you.
Cheers.
On Mon, Jul 21, 2014 at 1:59 AM, Rafael Weingartner <
rafaelweingartner@gmail.com> wrote:
> 4. May I know how to enable the dnsmasq debug? Any documentation / steps on
> how to do it? I believe I have to do it on the VR itself?
> Sure you have to do that on VR itself.
> You should edit the file /etc/dnsmasq.conf
>
> Now I am not able to access my VR to see which property you should enable.
> But, if you log into the VR and open the /etc/dnsmasq.conf, you should be
> able to see a debug option commented.
>
> You just need to uncomment it and restart the service.
>
>
> On Sun, Jul 20, 2014 at 2:48 PM, Indra Pramana <in...@sg.or.id> wrote:
>
> > Hi Santhosh,
> >
> > Good day to you, and thank you for your email.
> >
> > Traceroute packets seems to be dropped, I think it's by default. See
> result
> > below:
> >
> > # traceroute X.X.X.2
> > traceroute to X.X.X.2 (X.X.X.2), 30 hops max, 60 byte packets
> > 1 * * *
> > 2 * * *
> > 3 * * *
> >
> > However, I am able to ping, and there is a response when I tried to
> telnet
> > to port 53.
> >
> > 64 bytes from X.X.X.2: icmp_req=4 ttl=64 time=2.00 ms
> > 64 bytes from X.X.X.2: icmp_req=5 ttl=64 time=0.291 ms
> > 64 bytes from X.X.X.2: icmp_req=6 ttl=64 time=0.384 ms
> > ^C
> > --- X.X.X.2 ping statistics ---
> > 6 packets transmitted, 6 received, 0% packet loss, time 4999ms
> > rtt min/avg/max/mdev = 0.270/0.603/2.006/0.628 ms
> >
> > # telnet X.X.X.2 53
> > Trying X.X.X.2...
> > Connected to X.X.X.2.
> > Escape character is '^]'.
> >
> > netstat -a on the VR shows the service is listening on domain port (53).
> >
> > tcp 0 0 r-2606-VM:domain *:*
> LISTEN
> >
> > tcp 0 0 X.X.X.2:domain *:* LISTEN
> >
> > udp 156992 0 r-2606-VM:domain *:*
> >
> > udp 164032 0 X.X.X.2:domain *:*
> >
> > Can you advise if there's anything else I need to check?
> >
> > Looking forward to your reply, thank you.
> >
> > Cheers.
> >
> >
> >
> >
> > On Mon, Jul 21, 2014 at 1:17 AM, Santhosh Edukulla <
> > santhosh.edukulla@citrix.com> wrote:
> >
> > > Run trace route from guest vms, the result will yield to the point
> where
> > > packet drop is happening, could be a network acl rule issue, but
> tracert
> > > command can lead to some answers.
> > >
> > > List running ports as well on VR, do a telnet to dns port on router
> from
> > > guest vm to verify for its response.
> > >
> > > Santhosh
> > > ________________________________________
> > > From: Indra Pramana [indra@sg.or.id]
> > > Sent: Sunday, July 20, 2014 1:06 PM
> > > To: users@cloudstack.apache.org
> > > Cc: dev@cloudstack.apache.org
> > > Subject: Re: DNS service on VR not responding
> > >
> > > Hi Rafael,
> > >
> > > Good day to you, and thank you for your reply.
> > >
> > > Can't find anything wrong on dnsmasq.log / daemon.log, just some log
> > > entries related to DHCP, nothing on DNS. I masked the IP addresses
> since
> > > they are public.
> > >
> > > ===
> > > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPDISCOVER(eth0) X.X.X.X
> > > 06:62:a8:01:13:37
> > > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPOFFER(eth0) X.X.X.X
> > > 06:62:a8:01:13:37
> > > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPREQUEST(eth0) X.X.X.X
> > > 06:62:a8:01:13:37
> > > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPACK(eth0) X.X.X.X
> > > 06:62:a8:01:13:37 yyyyyy
> > > Jul 20 16:23:53 r-2606-VM dnsmasq[3519]: DHCPINFORM(eth0) X.X.X.X
> > > 06:43:4a:01:12:65
> > > Jul 20 16:23:53 r-2606-VM dnsmasq[3519]: DHCPACK(eth0) X.X.X.X
> > > 06:43:4a:01:12:65 zzzzzz
> > > ===
> > >
> > > Yes, the guest VMs are having difficulties resolving domains into IP
> > > addresses because of the problem on the VR's DNS server.
> > >
> > > $ host www.google.com X.X.X.X (where X.X.X.X is the IP address of the
> > VR)
> > > ;; connection timed out; no servers could be reached
> > >
> > > However, from within the VR, I am able to resolve domains just fine.
> > >
> > > Any advise where can I start troubleshooting this?
> > >
> > > Looking forward to your reply, thank you.
> > >
> > > Cheers.
> > >
> > >
> > >
> > > On Sun, Jul 20, 2014 at 11:26 PM, Rafael Weingartner <
> > > rafaelweingartner@gmail.com> wrote:
> > >
> > > > Have you taken a look at dnsmasq.log in the VR ?
> > > > What do you mean with not responding? The addresses are not being
> > > resolved
> > > > to ip addresses?
> > > >
> > > >
> > > > On Sun, Jul 20, 2014 at 11:53 AM, Indra Pramana <in...@sg.or.id>
> > wrote:
> > > >
> > > > > Dear all,
> > > > >
> > > > > All our guest VMs are having our virtual router (VR)'s IP address
> on
> > > > > /etc/resolv.conf. In the past two weeks, I just realised that the
> DNS
> > > > > service on the VR is not working, and doesn't respond to DNS
> queries
> > > from
> > > > > the DNS clients on the guest VM.
> > > > >
> > > > > I have tried to stop and start back the VR, but the problem
> persists.
> > > > >
> > > > > DHCP services seems to be running fine, only DNS services are not
> > > > working.
> > > > > From what I understand, both services are provided by dnsmasq,
> > correct?
> > > > >
> > > > > Any advice on how can I resolve the problem?
> > > > >
> > > > > Looking forward to your reply, thank you.
> > > > >
> > > > > Cheers.
> > > > >
> > > >
> > > >
> > > >
> > > > --
> > > > Rafael Weingärtner
> > > >
> > >
> >
>
>
>
> --
> Rafael Weingärtner
>
Re: DNS service on VR not responding
Posted by Rafael Weingartner <ra...@gmail.com>.
4. May I know how to enable the dnsmasq debug? Any documentation / steps on
how to do it? I believe I have to do it on the VR itself?
Sure you have to do that on VR itself.
You should edit the file /etc/dnsmasq.conf
Now I am not able to access my VR to see which property you should enable.
But, if you log into the VR and open the /etc/dnsmasq.conf, you should be
able to see a debug option commented.
You just need to uncomment it and restart the service.
On Sun, Jul 20, 2014 at 2:48 PM, Indra Pramana <in...@sg.or.id> wrote:
> Hi Santhosh,
>
> Good day to you, and thank you for your email.
>
> Traceroute packets seems to be dropped, I think it's by default. See result
> below:
>
> # traceroute X.X.X.2
> traceroute to X.X.X.2 (X.X.X.2), 30 hops max, 60 byte packets
> 1 * * *
> 2 * * *
> 3 * * *
>
> However, I am able to ping, and there is a response when I tried to telnet
> to port 53.
>
> 64 bytes from X.X.X.2: icmp_req=4 ttl=64 time=2.00 ms
> 64 bytes from X.X.X.2: icmp_req=5 ttl=64 time=0.291 ms
> 64 bytes from X.X.X.2: icmp_req=6 ttl=64 time=0.384 ms
> ^C
> --- X.X.X.2 ping statistics ---
> 6 packets transmitted, 6 received, 0% packet loss, time 4999ms
> rtt min/avg/max/mdev = 0.270/0.603/2.006/0.628 ms
>
> # telnet X.X.X.2 53
> Trying X.X.X.2...
> Connected to X.X.X.2.
> Escape character is '^]'.
>
> netstat -a on the VR shows the service is listening on domain port (53).
>
> tcp 0 0 r-2606-VM:domain *:* LISTEN
>
> tcp 0 0 X.X.X.2:domain *:* LISTEN
>
> udp 156992 0 r-2606-VM:domain *:*
>
> udp 164032 0 X.X.X.2:domain *:*
>
> Can you advise if there's anything else I need to check?
>
> Looking forward to your reply, thank you.
>
> Cheers.
>
>
>
>
> On Mon, Jul 21, 2014 at 1:17 AM, Santhosh Edukulla <
> santhosh.edukulla@citrix.com> wrote:
>
> > Run trace route from guest vms, the result will yield to the point where
> > packet drop is happening, could be a network acl rule issue, but tracert
> > command can lead to some answers.
> >
> > List running ports as well on VR, do a telnet to dns port on router from
> > guest vm to verify for its response.
> >
> > Santhosh
> > ________________________________________
> > From: Indra Pramana [indra@sg.or.id]
> > Sent: Sunday, July 20, 2014 1:06 PM
> > To: users@cloudstack.apache.org
> > Cc: dev@cloudstack.apache.org
> > Subject: Re: DNS service on VR not responding
> >
> > Hi Rafael,
> >
> > Good day to you, and thank you for your reply.
> >
> > Can't find anything wrong on dnsmasq.log / daemon.log, just some log
> > entries related to DHCP, nothing on DNS. I masked the IP addresses since
> > they are public.
> >
> > ===
> > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPDISCOVER(eth0) X.X.X.X
> > 06:62:a8:01:13:37
> > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPOFFER(eth0) X.X.X.X
> > 06:62:a8:01:13:37
> > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPREQUEST(eth0) X.X.X.X
> > 06:62:a8:01:13:37
> > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPACK(eth0) X.X.X.X
> > 06:62:a8:01:13:37 yyyyyy
> > Jul 20 16:23:53 r-2606-VM dnsmasq[3519]: DHCPINFORM(eth0) X.X.X.X
> > 06:43:4a:01:12:65
> > Jul 20 16:23:53 r-2606-VM dnsmasq[3519]: DHCPACK(eth0) X.X.X.X
> > 06:43:4a:01:12:65 zzzzzz
> > ===
> >
> > Yes, the guest VMs are having difficulties resolving domains into IP
> > addresses because of the problem on the VR's DNS server.
> >
> > $ host www.google.com X.X.X.X (where X.X.X.X is the IP address of the
> VR)
> > ;; connection timed out; no servers could be reached
> >
> > However, from within the VR, I am able to resolve domains just fine.
> >
> > Any advise where can I start troubleshooting this?
> >
> > Looking forward to your reply, thank you.
> >
> > Cheers.
> >
> >
> >
> > On Sun, Jul 20, 2014 at 11:26 PM, Rafael Weingartner <
> > rafaelweingartner@gmail.com> wrote:
> >
> > > Have you taken a look at dnsmasq.log in the VR ?
> > > What do you mean with not responding? The addresses are not being
> > resolved
> > > to ip addresses?
> > >
> > >
> > > On Sun, Jul 20, 2014 at 11:53 AM, Indra Pramana <in...@sg.or.id>
> wrote:
> > >
> > > > Dear all,
> > > >
> > > > All our guest VMs are having our virtual router (VR)'s IP address on
> > > > /etc/resolv.conf. In the past two weeks, I just realised that the DNS
> > > > service on the VR is not working, and doesn't respond to DNS queries
> > from
> > > > the DNS clients on the guest VM.
> > > >
> > > > I have tried to stop and start back the VR, but the problem persists.
> > > >
> > > > DHCP services seems to be running fine, only DNS services are not
> > > working.
> > > > From what I understand, both services are provided by dnsmasq,
> correct?
> > > >
> > > > Any advice on how can I resolve the problem?
> > > >
> > > > Looking forward to your reply, thank you.
> > > >
> > > > Cheers.
> > > >
> > >
> > >
> > >
> > > --
> > > Rafael Weingärtner
> > >
> >
>
--
Rafael Weingärtner
RE: DNS service on VR not responding
Posted by Santhosh Edukulla <sa...@citrix.com>.
Do a traceroute to an external domain say google.com from guest vm, as you mentioned below, both by commenting out vr ip and not, in resolv.conf, you may see the difference.
"Yes, if I remove or comment out the first nameserver entry for the VR's
IP, and only leaving 8.8.8.8 and 8.8.4.4, guest VMs will be running fine
and will be able to resolve domains properly."
Santhosh
________________________________________
From: Indra Pramana [indra@sg.or.id]
Sent: Sunday, July 20, 2014 1:48 PM
To: users@cloudstack.apache.org
Cc: dev@cloudstack.apache.org
Subject: Re: DNS service on VR not responding
Hi Santhosh,
Good day to you, and thank you for your email.
Traceroute packets seems to be dropped, I think it's by default. See result
below:
# traceroute X.X.X.2
traceroute to X.X.X.2 (X.X.X.2), 30 hops max, 60 byte packets
1 * * *
2 * * *
3 * * *
However, I am able to ping, and there is a response when I tried to telnet
to port 53.
64 bytes from X.X.X.2: icmp_req=4 ttl=64 time=2.00 ms
64 bytes from X.X.X.2: icmp_req=5 ttl=64 time=0.291 ms
64 bytes from X.X.X.2: icmp_req=6 ttl=64 time=0.384 ms
^C
--- X.X.X.2 ping statistics ---
6 packets transmitted, 6 received, 0% packet loss, time 4999ms
rtt min/avg/max/mdev = 0.270/0.603/2.006/0.628 ms
# telnet X.X.X.2 53
Trying X.X.X.2...
Connected to X.X.X.2.
Escape character is '^]'.
netstat -a on the VR shows the service is listening on domain port (53).
tcp 0 0 r-2606-VM:domain *:* LISTEN
tcp 0 0 X.X.X.2:domain *:* LISTEN
udp 156992 0 r-2606-VM:domain *:*
udp 164032 0 X.X.X.2:domain *:*
Can you advise if there's anything else I need to check?
Looking forward to your reply, thank you.
Cheers.
On Mon, Jul 21, 2014 at 1:17 AM, Santhosh Edukulla <
santhosh.edukulla@citrix.com> wrote:
> Run trace route from guest vms, the result will yield to the point where
> packet drop is happening, could be a network acl rule issue, but tracert
> command can lead to some answers.
>
> List running ports as well on VR, do a telnet to dns port on router from
> guest vm to verify for its response.
>
> Santhosh
> ________________________________________
> From: Indra Pramana [indra@sg.or.id]
> Sent: Sunday, July 20, 2014 1:06 PM
> To: users@cloudstack.apache.org
> Cc: dev@cloudstack.apache.org
> Subject: Re: DNS service on VR not responding
>
> Hi Rafael,
>
> Good day to you, and thank you for your reply.
>
> Can't find anything wrong on dnsmasq.log / daemon.log, just some log
> entries related to DHCP, nothing on DNS. I masked the IP addresses since
> they are public.
>
> ===
> Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPDISCOVER(eth0) X.X.X.X
> 06:62:a8:01:13:37
> Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPOFFER(eth0) X.X.X.X
> 06:62:a8:01:13:37
> Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPREQUEST(eth0) X.X.X.X
> 06:62:a8:01:13:37
> Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPACK(eth0) X.X.X.X
> 06:62:a8:01:13:37 yyyyyy
> Jul 20 16:23:53 r-2606-VM dnsmasq[3519]: DHCPINFORM(eth0) X.X.X.X
> 06:43:4a:01:12:65
> Jul 20 16:23:53 r-2606-VM dnsmasq[3519]: DHCPACK(eth0) X.X.X.X
> 06:43:4a:01:12:65 zzzzzz
> ===
>
> Yes, the guest VMs are having difficulties resolving domains into IP
> addresses because of the problem on the VR's DNS server.
>
> $ host www.google.com X.X.X.X (where X.X.X.X is the IP address of the VR)
> ;; connection timed out; no servers could be reached
>
> However, from within the VR, I am able to resolve domains just fine.
>
> Any advise where can I start troubleshooting this?
>
> Looking forward to your reply, thank you.
>
> Cheers.
>
>
>
> On Sun, Jul 20, 2014 at 11:26 PM, Rafael Weingartner <
> rafaelweingartner@gmail.com> wrote:
>
> > Have you taken a look at dnsmasq.log in the VR ?
> > What do you mean with not responding? The addresses are not being
> resolved
> > to ip addresses?
> >
> >
> > On Sun, Jul 20, 2014 at 11:53 AM, Indra Pramana <in...@sg.or.id> wrote:
> >
> > > Dear all,
> > >
> > > All our guest VMs are having our virtual router (VR)'s IP address on
> > > /etc/resolv.conf. In the past two weeks, I just realised that the DNS
> > > service on the VR is not working, and doesn't respond to DNS queries
> from
> > > the DNS clients on the guest VM.
> > >
> > > I have tried to stop and start back the VR, but the problem persists.
> > >
> > > DHCP services seems to be running fine, only DNS services are not
> > working.
> > > From what I understand, both services are provided by dnsmasq, correct?
> > >
> > > Any advice on how can I resolve the problem?
> > >
> > > Looking forward to your reply, thank you.
> > >
> > > Cheers.
> > >
> >
> >
> >
> > --
> > Rafael Weingärtner
> >
>
Re: DNS service on VR not responding
Posted by Indra Pramana <in...@sg.or.id>.
Hi Santhosh,
Good day to you, and thank you for your email.
Traceroute packets seems to be dropped, I think it's by default. See result
below:
# traceroute X.X.X.2
traceroute to X.X.X.2 (X.X.X.2), 30 hops max, 60 byte packets
1 * * *
2 * * *
3 * * *
However, I am able to ping, and there is a response when I tried to telnet
to port 53.
64 bytes from X.X.X.2: icmp_req=4 ttl=64 time=2.00 ms
64 bytes from X.X.X.2: icmp_req=5 ttl=64 time=0.291 ms
64 bytes from X.X.X.2: icmp_req=6 ttl=64 time=0.384 ms
^C
--- X.X.X.2 ping statistics ---
6 packets transmitted, 6 received, 0% packet loss, time 4999ms
rtt min/avg/max/mdev = 0.270/0.603/2.006/0.628 ms
# telnet X.X.X.2 53
Trying X.X.X.2...
Connected to X.X.X.2.
Escape character is '^]'.
netstat -a on the VR shows the service is listening on domain port (53).
tcp 0 0 r-2606-VM:domain *:* LISTEN
tcp 0 0 X.X.X.2:domain *:* LISTEN
udp 156992 0 r-2606-VM:domain *:*
udp 164032 0 X.X.X.2:domain *:*
Can you advise if there's anything else I need to check?
Looking forward to your reply, thank you.
Cheers.
On Mon, Jul 21, 2014 at 1:17 AM, Santhosh Edukulla <
santhosh.edukulla@citrix.com> wrote:
> Run trace route from guest vms, the result will yield to the point where
> packet drop is happening, could be a network acl rule issue, but tracert
> command can lead to some answers.
>
> List running ports as well on VR, do a telnet to dns port on router from
> guest vm to verify for its response.
>
> Santhosh
> ________________________________________
> From: Indra Pramana [indra@sg.or.id]
> Sent: Sunday, July 20, 2014 1:06 PM
> To: users@cloudstack.apache.org
> Cc: dev@cloudstack.apache.org
> Subject: Re: DNS service on VR not responding
>
> Hi Rafael,
>
> Good day to you, and thank you for your reply.
>
> Can't find anything wrong on dnsmasq.log / daemon.log, just some log
> entries related to DHCP, nothing on DNS. I masked the IP addresses since
> they are public.
>
> ===
> Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPDISCOVER(eth0) X.X.X.X
> 06:62:a8:01:13:37
> Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPOFFER(eth0) X.X.X.X
> 06:62:a8:01:13:37
> Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPREQUEST(eth0) X.X.X.X
> 06:62:a8:01:13:37
> Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPACK(eth0) X.X.X.X
> 06:62:a8:01:13:37 yyyyyy
> Jul 20 16:23:53 r-2606-VM dnsmasq[3519]: DHCPINFORM(eth0) X.X.X.X
> 06:43:4a:01:12:65
> Jul 20 16:23:53 r-2606-VM dnsmasq[3519]: DHCPACK(eth0) X.X.X.X
> 06:43:4a:01:12:65 zzzzzz
> ===
>
> Yes, the guest VMs are having difficulties resolving domains into IP
> addresses because of the problem on the VR's DNS server.
>
> $ host www.google.com X.X.X.X (where X.X.X.X is the IP address of the VR)
> ;; connection timed out; no servers could be reached
>
> However, from within the VR, I am able to resolve domains just fine.
>
> Any advise where can I start troubleshooting this?
>
> Looking forward to your reply, thank you.
>
> Cheers.
>
>
>
> On Sun, Jul 20, 2014 at 11:26 PM, Rafael Weingartner <
> rafaelweingartner@gmail.com> wrote:
>
> > Have you taken a look at dnsmasq.log in the VR ?
> > What do you mean with not responding? The addresses are not being
> resolved
> > to ip addresses?
> >
> >
> > On Sun, Jul 20, 2014 at 11:53 AM, Indra Pramana <in...@sg.or.id> wrote:
> >
> > > Dear all,
> > >
> > > All our guest VMs are having our virtual router (VR)'s IP address on
> > > /etc/resolv.conf. In the past two weeks, I just realised that the DNS
> > > service on the VR is not working, and doesn't respond to DNS queries
> from
> > > the DNS clients on the guest VM.
> > >
> > > I have tried to stop and start back the VR, but the problem persists.
> > >
> > > DHCP services seems to be running fine, only DNS services are not
> > working.
> > > From what I understand, both services are provided by dnsmasq, correct?
> > >
> > > Any advice on how can I resolve the problem?
> > >
> > > Looking forward to your reply, thank you.
> > >
> > > Cheers.
> > >
> >
> >
> >
> > --
> > Rafael Weingärtner
> >
>
Re: DNS service on VR not responding
Posted by Indra Pramana <in...@sg.or.id>.
Hi Santhosh,
Good day to you, and thank you for your email.
Traceroute packets seems to be dropped, I think it's by default. See result
below:
# traceroute X.X.X.2
traceroute to X.X.X.2 (X.X.X.2), 30 hops max, 60 byte packets
1 * * *
2 * * *
3 * * *
However, I am able to ping, and there is a response when I tried to telnet
to port 53.
64 bytes from X.X.X.2: icmp_req=4 ttl=64 time=2.00 ms
64 bytes from X.X.X.2: icmp_req=5 ttl=64 time=0.291 ms
64 bytes from X.X.X.2: icmp_req=6 ttl=64 time=0.384 ms
^C
--- X.X.X.2 ping statistics ---
6 packets transmitted, 6 received, 0% packet loss, time 4999ms
rtt min/avg/max/mdev = 0.270/0.603/2.006/0.628 ms
# telnet X.X.X.2 53
Trying X.X.X.2...
Connected to X.X.X.2.
Escape character is '^]'.
netstat -a on the VR shows the service is listening on domain port (53).
tcp 0 0 r-2606-VM:domain *:* LISTEN
tcp 0 0 X.X.X.2:domain *:* LISTEN
udp 156992 0 r-2606-VM:domain *:*
udp 164032 0 X.X.X.2:domain *:*
Can you advise if there's anything else I need to check?
Looking forward to your reply, thank you.
Cheers.
On Mon, Jul 21, 2014 at 1:17 AM, Santhosh Edukulla <
santhosh.edukulla@citrix.com> wrote:
> Run trace route from guest vms, the result will yield to the point where
> packet drop is happening, could be a network acl rule issue, but tracert
> command can lead to some answers.
>
> List running ports as well on VR, do a telnet to dns port on router from
> guest vm to verify for its response.
>
> Santhosh
> ________________________________________
> From: Indra Pramana [indra@sg.or.id]
> Sent: Sunday, July 20, 2014 1:06 PM
> To: users@cloudstack.apache.org
> Cc: dev@cloudstack.apache.org
> Subject: Re: DNS service on VR not responding
>
> Hi Rafael,
>
> Good day to you, and thank you for your reply.
>
> Can't find anything wrong on dnsmasq.log / daemon.log, just some log
> entries related to DHCP, nothing on DNS. I masked the IP addresses since
> they are public.
>
> ===
> Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPDISCOVER(eth0) X.X.X.X
> 06:62:a8:01:13:37
> Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPOFFER(eth0) X.X.X.X
> 06:62:a8:01:13:37
> Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPREQUEST(eth0) X.X.X.X
> 06:62:a8:01:13:37
> Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPACK(eth0) X.X.X.X
> 06:62:a8:01:13:37 yyyyyy
> Jul 20 16:23:53 r-2606-VM dnsmasq[3519]: DHCPINFORM(eth0) X.X.X.X
> 06:43:4a:01:12:65
> Jul 20 16:23:53 r-2606-VM dnsmasq[3519]: DHCPACK(eth0) X.X.X.X
> 06:43:4a:01:12:65 zzzzzz
> ===
>
> Yes, the guest VMs are having difficulties resolving domains into IP
> addresses because of the problem on the VR's DNS server.
>
> $ host www.google.com X.X.X.X (where X.X.X.X is the IP address of the VR)
> ;; connection timed out; no servers could be reached
>
> However, from within the VR, I am able to resolve domains just fine.
>
> Any advise where can I start troubleshooting this?
>
> Looking forward to your reply, thank you.
>
> Cheers.
>
>
>
> On Sun, Jul 20, 2014 at 11:26 PM, Rafael Weingartner <
> rafaelweingartner@gmail.com> wrote:
>
> > Have you taken a look at dnsmasq.log in the VR ?
> > What do you mean with not responding? The addresses are not being
> resolved
> > to ip addresses?
> >
> >
> > On Sun, Jul 20, 2014 at 11:53 AM, Indra Pramana <in...@sg.or.id> wrote:
> >
> > > Dear all,
> > >
> > > All our guest VMs are having our virtual router (VR)'s IP address on
> > > /etc/resolv.conf. In the past two weeks, I just realised that the DNS
> > > service on the VR is not working, and doesn't respond to DNS queries
> from
> > > the DNS clients on the guest VM.
> > >
> > > I have tried to stop and start back the VR, but the problem persists.
> > >
> > > DHCP services seems to be running fine, only DNS services are not
> > working.
> > > From what I understand, both services are provided by dnsmasq, correct?
> > >
> > > Any advice on how can I resolve the problem?
> > >
> > > Looking forward to your reply, thank you.
> > >
> > > Cheers.
> > >
> >
> >
> >
> > --
> > Rafael Weingärtner
> >
>
RE: DNS service on VR not responding
Posted by Santhosh Edukulla <sa...@citrix.com>.
Run trace route from guest vms, the result will yield to the point where packet drop is happening, could be a network acl rule issue, but tracert command can lead to some answers.
List running ports as well on VR, do a telnet to dns port on router from guest vm to verify for its response.
Santhosh
________________________________________
From: Indra Pramana [indra@sg.or.id]
Sent: Sunday, July 20, 2014 1:06 PM
To: users@cloudstack.apache.org
Cc: dev@cloudstack.apache.org
Subject: Re: DNS service on VR not responding
Hi Rafael,
Good day to you, and thank you for your reply.
Can't find anything wrong on dnsmasq.log / daemon.log, just some log
entries related to DHCP, nothing on DNS. I masked the IP addresses since
they are public.
===
Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPDISCOVER(eth0) X.X.X.X
06:62:a8:01:13:37
Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPOFFER(eth0) X.X.X.X
06:62:a8:01:13:37
Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPREQUEST(eth0) X.X.X.X
06:62:a8:01:13:37
Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPACK(eth0) X.X.X.X
06:62:a8:01:13:37 yyyyyy
Jul 20 16:23:53 r-2606-VM dnsmasq[3519]: DHCPINFORM(eth0) X.X.X.X
06:43:4a:01:12:65
Jul 20 16:23:53 r-2606-VM dnsmasq[3519]: DHCPACK(eth0) X.X.X.X
06:43:4a:01:12:65 zzzzzz
===
Yes, the guest VMs are having difficulties resolving domains into IP
addresses because of the problem on the VR's DNS server.
$ host www.google.com X.X.X.X (where X.X.X.X is the IP address of the VR)
;; connection timed out; no servers could be reached
However, from within the VR, I am able to resolve domains just fine.
Any advise where can I start troubleshooting this?
Looking forward to your reply, thank you.
Cheers.
On Sun, Jul 20, 2014 at 11:26 PM, Rafael Weingartner <
rafaelweingartner@gmail.com> wrote:
> Have you taken a look at dnsmasq.log in the VR ?
> What do you mean with not responding? The addresses are not being resolved
> to ip addresses?
>
>
> On Sun, Jul 20, 2014 at 11:53 AM, Indra Pramana <in...@sg.or.id> wrote:
>
> > Dear all,
> >
> > All our guest VMs are having our virtual router (VR)'s IP address on
> > /etc/resolv.conf. In the past two weeks, I just realised that the DNS
> > service on the VR is not working, and doesn't respond to DNS queries from
> > the DNS clients on the guest VM.
> >
> > I have tried to stop and start back the VR, but the problem persists.
> >
> > DHCP services seems to be running fine, only DNS services are not
> working.
> > From what I understand, both services are provided by dnsmasq, correct?
> >
> > Any advice on how can I resolve the problem?
> >
> > Looking forward to your reply, thank you.
> >
> > Cheers.
> >
>
>
>
> --
> Rafael Weingärtner
>
Re: DNS service on VR not responding
Posted by Indra Pramana <in...@sg.or.id>.
Hi Rafael,
Good day to you, and thank you for your reply.
1. Yes, the guest VMs can reach the VR. Able to ping.
64 bytes from X.X.X.2: icmp_req=4 ttl=64 time=2.00 ms
64 bytes from X.X.X.2: icmp_req=5 ttl=64 time=0.291 ms
64 bytes from X.X.X.2: icmp_req=6 ttl=64 time=0.384 ms
^C
--- X.X.X.2 ping statistics ---
6 packets transmitted, 6 received, 0% packet loss, time 4999ms
rtt min/avg/max/mdev = 0.270/0.603/2.006/0.628 ms
2. Yes, the VMs are really configured to use VR as the DNS server,
according to /etc/resolv.conf, together with 8.8.8.8 and 8.8.4.4
/etc/resolv.conf on guest VMs:
===
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by
resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver X.X.X.2 (the VR's IP)
nameserver 8.8.8.8
nameserver 8.8.4.4
search cs1cloud.internal
===
3. Yes, if I remove or comment out the first nameserver entry for the VR's
IP, and only leaving 8.8.8.8 and 8.8.4.4, guest VMs will be running fine
and will be able to resolve domains properly.
4. May I know how to enable the dnsmasq debug? Any documentation / steps on
how to do it? I believe I have to do it on the VR itself?
Looking forward to your reply, thank you.
Cheers.
On Mon, Jul 21, 2014 at 1:17 AM, Rafael Weingartner <
rafaelweingartner@gmail.com> wrote:
> Good day to you too,
> Sure I guess I point a way, so you can start troubleshooting.
>
>
> 1. Check if the VMs can reach the VR.
> 2. Check if the VMs are really configured to use VR as the DNS server.
> 3. Change the DNS server to be any other such as 8.8.8.8 and 8.8.4.4
> (just to see if there is nothing blocking the way), the name resolution
> should work with those servers.
> 4. Enable the dnsmasq debug, and try to see if something interesting
> appears in dnsmasq.log.
>
>
>
>
> On Sun, Jul 20, 2014 at 2:06 PM, Indra Pramana <in...@sg.or.id> wrote:
>
> > Hi Rafael,
> >
> > Good day to you, and thank you for your reply.
> >
> > Can't find anything wrong on dnsmasq.log / daemon.log, just some log
> > entries related to DHCP, nothing on DNS. I masked the IP addresses since
> > they are public.
> >
> > ===
> > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPDISCOVER(eth0) X.X.X.X
> > 06:62:a8:01:13:37
> > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPOFFER(eth0) X.X.X.X
> > 06:62:a8:01:13:37
> > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPREQUEST(eth0) X.X.X.X
> > 06:62:a8:01:13:37
> > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPACK(eth0) X.X.X.X
> > 06:62:a8:01:13:37 yyyyyy
> > Jul 20 16:23:53 r-2606-VM dnsmasq[3519]: DHCPINFORM(eth0) X.X.X.X
> > 06:43:4a:01:12:65
> > Jul 20 16:23:53 r-2606-VM dnsmasq[3519]: DHCPACK(eth0) X.X.X.X
> > 06:43:4a:01:12:65 zzzzzz
> > ===
> >
> > Yes, the guest VMs are having difficulties resolving domains into IP
> > addresses because of the problem on the VR's DNS server.
> >
> > $ host www.google.com X.X.X.X (where X.X.X.X is the IP address of the
> VR)
> > ;; connection timed out; no servers could be reached
> >
> > However, from within the VR, I am able to resolve domains just fine.
> >
> > Any advise where can I start troubleshooting this?
> >
> > Looking forward to your reply, thank you.
> >
> > Cheers.
> >
> >
> >
> > On Sun, Jul 20, 2014 at 11:26 PM, Rafael Weingartner <
> > rafaelweingartner@gmail.com> wrote:
> >
> > > Have you taken a look at dnsmasq.log in the VR ?
> > > What do you mean with not responding? The addresses are not being
> > resolved
> > > to ip addresses?
> > >
> > >
> > > On Sun, Jul 20, 2014 at 11:53 AM, Indra Pramana <in...@sg.or.id>
> wrote:
> > >
> > > > Dear all,
> > > >
> > > > All our guest VMs are having our virtual router (VR)'s IP address on
> > > > /etc/resolv.conf. In the past two weeks, I just realised that the DNS
> > > > service on the VR is not working, and doesn't respond to DNS queries
> > from
> > > > the DNS clients on the guest VM.
> > > >
> > > > I have tried to stop and start back the VR, but the problem persists.
> > > >
> > > > DHCP services seems to be running fine, only DNS services are not
> > > working.
> > > > From what I understand, both services are provided by dnsmasq,
> correct?
> > > >
> > > > Any advice on how can I resolve the problem?
> > > >
> > > > Looking forward to your reply, thank you.
> > > >
> > > > Cheers.
> > > >
> > >
> > >
> > >
> > > --
> > > Rafael Weingärtner
> > >
> >
>
>
>
> --
> Rafael Weingärtner
>
Re: DNS service on VR not responding
Posted by Indra Pramana <in...@sg.or.id>.
Hi Rafael,
Good day to you, and thank you for your reply.
1. Yes, the guest VMs can reach the VR. Able to ping.
64 bytes from X.X.X.2: icmp_req=4 ttl=64 time=2.00 ms
64 bytes from X.X.X.2: icmp_req=5 ttl=64 time=0.291 ms
64 bytes from X.X.X.2: icmp_req=6 ttl=64 time=0.384 ms
^C
--- X.X.X.2 ping statistics ---
6 packets transmitted, 6 received, 0% packet loss, time 4999ms
rtt min/avg/max/mdev = 0.270/0.603/2.006/0.628 ms
2. Yes, the VMs are really configured to use VR as the DNS server,
according to /etc/resolv.conf, together with 8.8.8.8 and 8.8.4.4
/etc/resolv.conf on guest VMs:
===
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by
resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver X.X.X.2 (the VR's IP)
nameserver 8.8.8.8
nameserver 8.8.4.4
search cs1cloud.internal
===
3. Yes, if I remove or comment out the first nameserver entry for the VR's
IP, and only leaving 8.8.8.8 and 8.8.4.4, guest VMs will be running fine
and will be able to resolve domains properly.
4. May I know how to enable the dnsmasq debug? Any documentation / steps on
how to do it? I believe I have to do it on the VR itself?
Looking forward to your reply, thank you.
Cheers.
On Mon, Jul 21, 2014 at 1:17 AM, Rafael Weingartner <
rafaelweingartner@gmail.com> wrote:
> Good day to you too,
> Sure I guess I point a way, so you can start troubleshooting.
>
>
> 1. Check if the VMs can reach the VR.
> 2. Check if the VMs are really configured to use VR as the DNS server.
> 3. Change the DNS server to be any other such as 8.8.8.8 and 8.8.4.4
> (just to see if there is nothing blocking the way), the name resolution
> should work with those servers.
> 4. Enable the dnsmasq debug, and try to see if something interesting
> appears in dnsmasq.log.
>
>
>
>
> On Sun, Jul 20, 2014 at 2:06 PM, Indra Pramana <in...@sg.or.id> wrote:
>
> > Hi Rafael,
> >
> > Good day to you, and thank you for your reply.
> >
> > Can't find anything wrong on dnsmasq.log / daemon.log, just some log
> > entries related to DHCP, nothing on DNS. I masked the IP addresses since
> > they are public.
> >
> > ===
> > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPDISCOVER(eth0) X.X.X.X
> > 06:62:a8:01:13:37
> > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPOFFER(eth0) X.X.X.X
> > 06:62:a8:01:13:37
> > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPREQUEST(eth0) X.X.X.X
> > 06:62:a8:01:13:37
> > Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPACK(eth0) X.X.X.X
> > 06:62:a8:01:13:37 yyyyyy
> > Jul 20 16:23:53 r-2606-VM dnsmasq[3519]: DHCPINFORM(eth0) X.X.X.X
> > 06:43:4a:01:12:65
> > Jul 20 16:23:53 r-2606-VM dnsmasq[3519]: DHCPACK(eth0) X.X.X.X
> > 06:43:4a:01:12:65 zzzzzz
> > ===
> >
> > Yes, the guest VMs are having difficulties resolving domains into IP
> > addresses because of the problem on the VR's DNS server.
> >
> > $ host www.google.com X.X.X.X (where X.X.X.X is the IP address of the
> VR)
> > ;; connection timed out; no servers could be reached
> >
> > However, from within the VR, I am able to resolve domains just fine.
> >
> > Any advise where can I start troubleshooting this?
> >
> > Looking forward to your reply, thank you.
> >
> > Cheers.
> >
> >
> >
> > On Sun, Jul 20, 2014 at 11:26 PM, Rafael Weingartner <
> > rafaelweingartner@gmail.com> wrote:
> >
> > > Have you taken a look at dnsmasq.log in the VR ?
> > > What do you mean with not responding? The addresses are not being
> > resolved
> > > to ip addresses?
> > >
> > >
> > > On Sun, Jul 20, 2014 at 11:53 AM, Indra Pramana <in...@sg.or.id>
> wrote:
> > >
> > > > Dear all,
> > > >
> > > > All our guest VMs are having our virtual router (VR)'s IP address on
> > > > /etc/resolv.conf. In the past two weeks, I just realised that the DNS
> > > > service on the VR is not working, and doesn't respond to DNS queries
> > from
> > > > the DNS clients on the guest VM.
> > > >
> > > > I have tried to stop and start back the VR, but the problem persists.
> > > >
> > > > DHCP services seems to be running fine, only DNS services are not
> > > working.
> > > > From what I understand, both services are provided by dnsmasq,
> correct?
> > > >
> > > > Any advice on how can I resolve the problem?
> > > >
> > > > Looking forward to your reply, thank you.
> > > >
> > > > Cheers.
> > > >
> > >
> > >
> > >
> > > --
> > > Rafael Weingärtner
> > >
> >
>
>
>
> --
> Rafael Weingärtner
>
Re: DNS service on VR not responding
Posted by Rafael Weingartner <ra...@gmail.com>.
Good day to you too,
Sure I guess I point a way, so you can start troubleshooting.
1. Check if the VMs can reach the VR.
2. Check if the VMs are really configured to use VR as the DNS server.
3. Change the DNS server to be any other such as 8.8.8.8 and 8.8.4.4
(just to see if there is nothing blocking the way), the name resolution
should work with those servers.
4. Enable the dnsmasq debug, and try to see if something interesting
appears in dnsmasq.log.
On Sun, Jul 20, 2014 at 2:06 PM, Indra Pramana <in...@sg.or.id> wrote:
> Hi Rafael,
>
> Good day to you, and thank you for your reply.
>
> Can't find anything wrong on dnsmasq.log / daemon.log, just some log
> entries related to DHCP, nothing on DNS. I masked the IP addresses since
> they are public.
>
> ===
> Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPDISCOVER(eth0) X.X.X.X
> 06:62:a8:01:13:37
> Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPOFFER(eth0) X.X.X.X
> 06:62:a8:01:13:37
> Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPREQUEST(eth0) X.X.X.X
> 06:62:a8:01:13:37
> Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPACK(eth0) X.X.X.X
> 06:62:a8:01:13:37 yyyyyy
> Jul 20 16:23:53 r-2606-VM dnsmasq[3519]: DHCPINFORM(eth0) X.X.X.X
> 06:43:4a:01:12:65
> Jul 20 16:23:53 r-2606-VM dnsmasq[3519]: DHCPACK(eth0) X.X.X.X
> 06:43:4a:01:12:65 zzzzzz
> ===
>
> Yes, the guest VMs are having difficulties resolving domains into IP
> addresses because of the problem on the VR's DNS server.
>
> $ host www.google.com X.X.X.X (where X.X.X.X is the IP address of the VR)
> ;; connection timed out; no servers could be reached
>
> However, from within the VR, I am able to resolve domains just fine.
>
> Any advise where can I start troubleshooting this?
>
> Looking forward to your reply, thank you.
>
> Cheers.
>
>
>
> On Sun, Jul 20, 2014 at 11:26 PM, Rafael Weingartner <
> rafaelweingartner@gmail.com> wrote:
>
> > Have you taken a look at dnsmasq.log in the VR ?
> > What do you mean with not responding? The addresses are not being
> resolved
> > to ip addresses?
> >
> >
> > On Sun, Jul 20, 2014 at 11:53 AM, Indra Pramana <in...@sg.or.id> wrote:
> >
> > > Dear all,
> > >
> > > All our guest VMs are having our virtual router (VR)'s IP address on
> > > /etc/resolv.conf. In the past two weeks, I just realised that the DNS
> > > service on the VR is not working, and doesn't respond to DNS queries
> from
> > > the DNS clients on the guest VM.
> > >
> > > I have tried to stop and start back the VR, but the problem persists.
> > >
> > > DHCP services seems to be running fine, only DNS services are not
> > working.
> > > From what I understand, both services are provided by dnsmasq, correct?
> > >
> > > Any advice on how can I resolve the problem?
> > >
> > > Looking forward to your reply, thank you.
> > >
> > > Cheers.
> > >
> >
> >
> >
> > --
> > Rafael Weingärtner
> >
>
--
Rafael Weingärtner
RE: DNS service on VR not responding
Posted by Santhosh Edukulla <sa...@citrix.com>.
Run trace route from guest vms, the result will yield to the point where packet drop is happening, could be a network acl rule issue, but tracert command can lead to some answers.
List running ports as well on VR, do a telnet to dns port on router from guest vm to verify for its response.
Santhosh
________________________________________
From: Indra Pramana [indra@sg.or.id]
Sent: Sunday, July 20, 2014 1:06 PM
To: users@cloudstack.apache.org
Cc: dev@cloudstack.apache.org
Subject: Re: DNS service on VR not responding
Hi Rafael,
Good day to you, and thank you for your reply.
Can't find anything wrong on dnsmasq.log / daemon.log, just some log
entries related to DHCP, nothing on DNS. I masked the IP addresses since
they are public.
===
Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPDISCOVER(eth0) X.X.X.X
06:62:a8:01:13:37
Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPOFFER(eth0) X.X.X.X
06:62:a8:01:13:37
Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPREQUEST(eth0) X.X.X.X
06:62:a8:01:13:37
Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPACK(eth0) X.X.X.X
06:62:a8:01:13:37 yyyyyy
Jul 20 16:23:53 r-2606-VM dnsmasq[3519]: DHCPINFORM(eth0) X.X.X.X
06:43:4a:01:12:65
Jul 20 16:23:53 r-2606-VM dnsmasq[3519]: DHCPACK(eth0) X.X.X.X
06:43:4a:01:12:65 zzzzzz
===
Yes, the guest VMs are having difficulties resolving domains into IP
addresses because of the problem on the VR's DNS server.
$ host www.google.com X.X.X.X (where X.X.X.X is the IP address of the VR)
;; connection timed out; no servers could be reached
However, from within the VR, I am able to resolve domains just fine.
Any advise where can I start troubleshooting this?
Looking forward to your reply, thank you.
Cheers.
On Sun, Jul 20, 2014 at 11:26 PM, Rafael Weingartner <
rafaelweingartner@gmail.com> wrote:
> Have you taken a look at dnsmasq.log in the VR ?
> What do you mean with not responding? The addresses are not being resolved
> to ip addresses?
>
>
> On Sun, Jul 20, 2014 at 11:53 AM, Indra Pramana <in...@sg.or.id> wrote:
>
> > Dear all,
> >
> > All our guest VMs are having our virtual router (VR)'s IP address on
> > /etc/resolv.conf. In the past two weeks, I just realised that the DNS
> > service on the VR is not working, and doesn't respond to DNS queries from
> > the DNS clients on the guest VM.
> >
> > I have tried to stop and start back the VR, but the problem persists.
> >
> > DHCP services seems to be running fine, only DNS services are not
> working.
> > From what I understand, both services are provided by dnsmasq, correct?
> >
> > Any advice on how can I resolve the problem?
> >
> > Looking forward to your reply, thank you.
> >
> > Cheers.
> >
>
>
>
> --
> Rafael Weingärtner
>
Re: DNS service on VR not responding
Posted by Rafael Weingartner <ra...@gmail.com>.
Good day to you too,
Sure I guess I point a way, so you can start troubleshooting.
1. Check if the VMs can reach the VR.
2. Check if the VMs are really configured to use VR as the DNS server.
3. Change the DNS server to be any other such as 8.8.8.8 and 8.8.4.4
(just to see if there is nothing blocking the way), the name resolution
should work with those servers.
4. Enable the dnsmasq debug, and try to see if something interesting
appears in dnsmasq.log.
On Sun, Jul 20, 2014 at 2:06 PM, Indra Pramana <in...@sg.or.id> wrote:
> Hi Rafael,
>
> Good day to you, and thank you for your reply.
>
> Can't find anything wrong on dnsmasq.log / daemon.log, just some log
> entries related to DHCP, nothing on DNS. I masked the IP addresses since
> they are public.
>
> ===
> Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPDISCOVER(eth0) X.X.X.X
> 06:62:a8:01:13:37
> Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPOFFER(eth0) X.X.X.X
> 06:62:a8:01:13:37
> Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPREQUEST(eth0) X.X.X.X
> 06:62:a8:01:13:37
> Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPACK(eth0) X.X.X.X
> 06:62:a8:01:13:37 yyyyyy
> Jul 20 16:23:53 r-2606-VM dnsmasq[3519]: DHCPINFORM(eth0) X.X.X.X
> 06:43:4a:01:12:65
> Jul 20 16:23:53 r-2606-VM dnsmasq[3519]: DHCPACK(eth0) X.X.X.X
> 06:43:4a:01:12:65 zzzzzz
> ===
>
> Yes, the guest VMs are having difficulties resolving domains into IP
> addresses because of the problem on the VR's DNS server.
>
> $ host www.google.com X.X.X.X (where X.X.X.X is the IP address of the VR)
> ;; connection timed out; no servers could be reached
>
> However, from within the VR, I am able to resolve domains just fine.
>
> Any advise where can I start troubleshooting this?
>
> Looking forward to your reply, thank you.
>
> Cheers.
>
>
>
> On Sun, Jul 20, 2014 at 11:26 PM, Rafael Weingartner <
> rafaelweingartner@gmail.com> wrote:
>
> > Have you taken a look at dnsmasq.log in the VR ?
> > What do you mean with not responding? The addresses are not being
> resolved
> > to ip addresses?
> >
> >
> > On Sun, Jul 20, 2014 at 11:53 AM, Indra Pramana <in...@sg.or.id> wrote:
> >
> > > Dear all,
> > >
> > > All our guest VMs are having our virtual router (VR)'s IP address on
> > > /etc/resolv.conf. In the past two weeks, I just realised that the DNS
> > > service on the VR is not working, and doesn't respond to DNS queries
> from
> > > the DNS clients on the guest VM.
> > >
> > > I have tried to stop and start back the VR, but the problem persists.
> > >
> > > DHCP services seems to be running fine, only DNS services are not
> > working.
> > > From what I understand, both services are provided by dnsmasq, correct?
> > >
> > > Any advice on how can I resolve the problem?
> > >
> > > Looking forward to your reply, thank you.
> > >
> > > Cheers.
> > >
> >
> >
> >
> > --
> > Rafael Weingärtner
> >
>
--
Rafael Weingärtner
Re: DNS service on VR not responding
Posted by Indra Pramana <in...@sg.or.id>.
Hi Rafael,
Good day to you, and thank you for your reply.
Can't find anything wrong on dnsmasq.log / daemon.log, just some log
entries related to DHCP, nothing on DNS. I masked the IP addresses since
they are public.
===
Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPDISCOVER(eth0) X.X.X.X
06:62:a8:01:13:37
Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPOFFER(eth0) X.X.X.X
06:62:a8:01:13:37
Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPREQUEST(eth0) X.X.X.X
06:62:a8:01:13:37
Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPACK(eth0) X.X.X.X
06:62:a8:01:13:37 yyyyyy
Jul 20 16:23:53 r-2606-VM dnsmasq[3519]: DHCPINFORM(eth0) X.X.X.X
06:43:4a:01:12:65
Jul 20 16:23:53 r-2606-VM dnsmasq[3519]: DHCPACK(eth0) X.X.X.X
06:43:4a:01:12:65 zzzzzz
===
Yes, the guest VMs are having difficulties resolving domains into IP
addresses because of the problem on the VR's DNS server.
$ host www.google.com X.X.X.X (where X.X.X.X is the IP address of the VR)
;; connection timed out; no servers could be reached
However, from within the VR, I am able to resolve domains just fine.
Any advise where can I start troubleshooting this?
Looking forward to your reply, thank you.
Cheers.
On Sun, Jul 20, 2014 at 11:26 PM, Rafael Weingartner <
rafaelweingartner@gmail.com> wrote:
> Have you taken a look at dnsmasq.log in the VR ?
> What do you mean with not responding? The addresses are not being resolved
> to ip addresses?
>
>
> On Sun, Jul 20, 2014 at 11:53 AM, Indra Pramana <in...@sg.or.id> wrote:
>
> > Dear all,
> >
> > All our guest VMs are having our virtual router (VR)'s IP address on
> > /etc/resolv.conf. In the past two weeks, I just realised that the DNS
> > service on the VR is not working, and doesn't respond to DNS queries from
> > the DNS clients on the guest VM.
> >
> > I have tried to stop and start back the VR, but the problem persists.
> >
> > DHCP services seems to be running fine, only DNS services are not
> working.
> > From what I understand, both services are provided by dnsmasq, correct?
> >
> > Any advice on how can I resolve the problem?
> >
> > Looking forward to your reply, thank you.
> >
> > Cheers.
> >
>
>
>
> --
> Rafael Weingärtner
>
Re: DNS service on VR not responding
Posted by Indra Pramana <in...@sg.or.id>.
Hi Rafael,
Good day to you, and thank you for your reply.
Can't find anything wrong on dnsmasq.log / daemon.log, just some log
entries related to DHCP, nothing on DNS. I masked the IP addresses since
they are public.
===
Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPDISCOVER(eth0) X.X.X.X
06:62:a8:01:13:37
Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPOFFER(eth0) X.X.X.X
06:62:a8:01:13:37
Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPREQUEST(eth0) X.X.X.X
06:62:a8:01:13:37
Jul 20 16:21:51 r-2606-VM dnsmasq[3519]: DHCPACK(eth0) X.X.X.X
06:62:a8:01:13:37 yyyyyy
Jul 20 16:23:53 r-2606-VM dnsmasq[3519]: DHCPINFORM(eth0) X.X.X.X
06:43:4a:01:12:65
Jul 20 16:23:53 r-2606-VM dnsmasq[3519]: DHCPACK(eth0) X.X.X.X
06:43:4a:01:12:65 zzzzzz
===
Yes, the guest VMs are having difficulties resolving domains into IP
addresses because of the problem on the VR's DNS server.
$ host www.google.com X.X.X.X (where X.X.X.X is the IP address of the VR)
;; connection timed out; no servers could be reached
However, from within the VR, I am able to resolve domains just fine.
Any advise where can I start troubleshooting this?
Looking forward to your reply, thank you.
Cheers.
On Sun, Jul 20, 2014 at 11:26 PM, Rafael Weingartner <
rafaelweingartner@gmail.com> wrote:
> Have you taken a look at dnsmasq.log in the VR ?
> What do you mean with not responding? The addresses are not being resolved
> to ip addresses?
>
>
> On Sun, Jul 20, 2014 at 11:53 AM, Indra Pramana <in...@sg.or.id> wrote:
>
> > Dear all,
> >
> > All our guest VMs are having our virtual router (VR)'s IP address on
> > /etc/resolv.conf. In the past two weeks, I just realised that the DNS
> > service on the VR is not working, and doesn't respond to DNS queries from
> > the DNS clients on the guest VM.
> >
> > I have tried to stop and start back the VR, but the problem persists.
> >
> > DHCP services seems to be running fine, only DNS services are not
> working.
> > From what I understand, both services are provided by dnsmasq, correct?
> >
> > Any advice on how can I resolve the problem?
> >
> > Looking forward to your reply, thank you.
> >
> > Cheers.
> >
>
>
>
> --
> Rafael Weingärtner
>
Re: DNS service on VR not responding
Posted by Rafael Weingartner <ra...@gmail.com>.
Have you taken a look at dnsmasq.log in the VR ?
What do you mean with not responding? The addresses are not being resolved
to ip addresses?
On Sun, Jul 20, 2014 at 11:53 AM, Indra Pramana <in...@sg.or.id> wrote:
> Dear all,
>
> All our guest VMs are having our virtual router (VR)'s IP address on
> /etc/resolv.conf. In the past two weeks, I just realised that the DNS
> service on the VR is not working, and doesn't respond to DNS queries from
> the DNS clients on the guest VM.
>
> I have tried to stop and start back the VR, but the problem persists.
>
> DHCP services seems to be running fine, only DNS services are not working.
> From what I understand, both services are provided by dnsmasq, correct?
>
> Any advice on how can I resolve the problem?
>
> Looking forward to your reply, thank you.
>
> Cheers.
>
--
Rafael Weingärtner
Re: DNS service on VR not responding
Posted by Rafael Weingartner <ra...@gmail.com>.
Have you taken a look at dnsmasq.log in the VR ?
What do you mean with not responding? The addresses are not being resolved
to ip addresses?
On Sun, Jul 20, 2014 at 11:53 AM, Indra Pramana <in...@sg.or.id> wrote:
> Dear all,
>
> All our guest VMs are having our virtual router (VR)'s IP address on
> /etc/resolv.conf. In the past two weeks, I just realised that the DNS
> service on the VR is not working, and doesn't respond to DNS queries from
> the DNS clients on the guest VM.
>
> I have tried to stop and start back the VR, but the problem persists.
>
> DHCP services seems to be running fine, only DNS services are not working.
> From what I understand, both services are provided by dnsmasq, correct?
>
> Any advice on how can I resolve the problem?
>
> Looking forward to your reply, thank you.
>
> Cheers.
>
--
Rafael Weingärtner