DNS across VLANS
-
I'm having trouble reaching a server via its hostname from a different vlan.
I can ping "tower" from LAN, and "tower.local.lan" from vlan10 (for example), but only if I add it as a Host Override .
- Is it possible to reach "tower" from vlan10?
- Do I have to add a Host Override for each device?
-
Hi,
Resolver or Forwarder ?
Your tower obtains a IP (and mask, gateway, DNS) how ? DHCP ? Static ?
If you use DHCP, did you set (one, or both - according how you set things up ) :
If you assign static IP (etc ..) then yes, you have to use Host Overrides.
-
Hi,
Using Resolver.
Tower is static IPOK, will use Host Overrides, but does this mean I can only access tower via tower.local.lan, or can I somehow get to it via tower?
-
@angdigi said in DNS across VLANS:
Tower is static IP
and in that case the Resolver doesn't know anything about that device.
So, nothing in his cache, so his name can't be resolved by no-body - not on LAN, not on any OPTx interface neither.I advise you to never touch the Interface settings on a device that you buy (PC, tablet, server, door-bell, coffee machine, whatever). Leave DHCP-client on.
If you want a device to have always the same IP (gateway, etc); go edit the device that hands over IP's : our pfSens and Static-DHCP map all these devices.
Check also "Static DHCP" on the Resolver settings page.
Done - and everything is manged centralized - with big bonus : DNS (Resolving) works right away.IPv6 ? same thing !!
-
I see.
So I have Static DHCP checked on the Resolver settings page.
Are you referring to DHCP Server -> DHCP Static Mappings for this Interface?
Is the attached image correct?
-
Exact.
Do this for every host on every LAN (DHCP server instance) for which you want a "fixed" IP. -
Will do.
What about situations where there is no MAC address, i.e docker containers?
-
@angdigi said in DNS across VLANS:
docker containers?
Is a "docker" a piece of hardware with a NIC and thus a MAC ?
Does a "docker" asks for a IP ? ;) -
a docker is like a VM so to speak, normally behind a nat to be honest where there is like a port forward a port into the IP the docker is running on.
All depends on how they setup their docker networking..
Anything that you are setting up an IP or behind some other IP that you want to resolve to a fqdn - just use a host override.
-
It does ask for an IP but I believe from its own built-in dhcp server...
Not sure how to answer the first question...mostly in fear of sounding stupid.EDIT: sorry @johnpoz didn't see your response as I had the reply window open
-
Be default your prob going to get an IP in the 172.17/16 range
https://docs.docker.com/network/network-tutorial-standalone/
Yes they will have MAC addresses - but normally out of the box they behind a nat..
You can view your details.. Here is a couple running on my nas
sh-4.3# docker network inspect bridge [ { "Name": "bridge", "Id": "7be1221de1c3abee70e138ed0651a44986e105bba3031cab7f2c4f3eac945fb8", "Created": "2018-09-27T13:15:49.356329988-05:00", "Scope": "local", "Driver": "bridge", "EnableIPv6": false, "IPAM": { "Driver": "default", "Options": null, "Config": [ { "Subnet": "172.17.0.0/16", "Gateway": "172.17.0.1" } ] }, "Internal": false, "Attachable": false, "Ingress": false, "Containers": { "72ac978be5bbd94d6a2d018fbb730664eb96e18913603c4b2952397739de8324": { "Name": "ninthwalker-nowshowing1", "EndpointID": "b154b1170d53b75c517e9181977ee5869fe328ae8838ac030161ecf5ab3d6421", "MacAddress": "02:42:ac:11:00:03", "IPv4Address": "172.17.0.3/16", "IPv6Address": "" }, "99fdcb2f1e965566e80f12b460d40d2454e0adf7461e8b185268bc17feae943a": { "Name": "tautulli-tautulli1", "EndpointID": "a0342da5a95109d801546e5d653c312c75cad5dac16a58c1e40d27930188a2c7", "MacAddress": "02:42:ac:11:00:02", "IPv4Address": "172.17.0.2/16", "IPv6Address": "" } }, "Options": { "com.docker.network.bridge.default_bridge": "true", "com.docker.network.bridge.enable_icc": "true", "com.docker.network.bridge.enable_ip_masquerade": "true", "com.docker.network.bridge.host_binding_ipv4": "0.0.0.0", "com.docker.network.bridge.name": "docker0", "com.docker.network.driver.mtu": "1500" }, "Labels": {} } ] sh-4.3#As you see the different containers have their own mac - but they also have an IP that is on the 172.17/16 network..
-
Thanks. Much better understanding now.
So for dockers, I'll add a host override. For VMs, PCs, tablets, cameras, etc...I'll add the DHCP static mapping.
I added a VM to VL20 and assigned a static mapping. Back to question 2 of the first post, is it possible to reach the device (in LAN) without using "local.lan"?
-
That would depend on what your client uses for a search suffix.. If your too lazy to use a FQDN.. But dns doesn't answer unless its a FQDN..
but for example I use local lan and it is the default search suffix so sure I can resolve stuff by just putting in the host name..
C:>ping nas
Pinging nas.local.lan [192.168.9.10] with 32 bytes of data:
Reply from 192.168.9.10: bytes=32 time<1ms TTL=64
Reply from 192.168.9.10: bytes=32 time<1ms TTL=64
Reply from 192.168.9.10: bytes=32 time<1ms TTL=64
Reply from 192.168.9.10: bytes=32 time<1ms TTL=64Ping statistics for 192.168.9.10:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0msC:>
-
I see.
So my LAN is the default search suffix as well
My VL20 is vpn.local.lan (I actually took your advice from another thread and added "vpn" to keep all VLANs organized)Since I changed vl20 from the default, I won't be able to just use the hostname, correct? Its not a problem if I can't..just want to know expected behavior and best practice.
-
you can query them by just host name if you add more search suffix, you can have more than 1 and put them in order.. Your box will just do multiple queries with each suffix.
