Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Full Domain Required for LAN Usage Only?

    DHCP and DNS
    5
    13
    136
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • TangoOversway
      TangoOversway last edited by

      I think I know the answer to this, but I want to check and see if I've got it worked out.

      Say, for my LAN, I'm using rivendell.me for the domain on my LAN and I specify this under General Setup. I have systems on my LAN named elrond, gandalf, and gimli.

      What I'd like to do is to be able to use just the system name within the LAN. For instance:

      host gimli
      ping elrond

      At this point, using pfSense as my DHCP server and as a DNS resolver, I can type "host gimli" and get the IP address for gimli. But if I type "ping gimli," I get a message that the local host name cannot be resolved.

      For just what I have on my LAN, I'd like to be able to use just the system names and not have to append the full domain to a system name when I use it.

      From what I've read, it's incorrect behavior for a DNS resolver to allow usage of just the system name. Therefore, if I want to be able to just type "ping gimli" and have a good result, that's not possible unless I make changes on my system to tell it to automatically append rivendell.me to host names for any searches.

      Is this correct? Or is there some way to specify, within pfSense, to handle this (so I don't have to make changes on each computer on my LAN)?

      I also would like to know why "host gimli" works, but "ping gimli" does not.

      1 Reply Last reply Reply Quote 0
      • kiokoman
        kiokoman LAYER 8 last edited by kiokoman

        afaik if it's windows the dns suffix is automatically added if it is received from the dhcp server

        Scheda LAN wireless Wi-Fi:
        
           Suffisso DNS specifico per connessione: kiokoman.home
           Indirizzo IPv6 locale rispetto al collegamento . : fe80::64ee:8085:95b:32fc%9
           Indirizzo IPv4. . . . . . . . . . . . : 192.168.2.8
           Subnet mask . . . . . . . . . . . . . : 255.255.255.0
           Gateway predefinito . . . . . . . . . : 192.168.2.254
        

        so if i ping (or nslookup) something on my network, ping/nslookup add it automatically

        C:\Users\Amministratore>ping nanto
        
        Esecuzione di Ping nanto.kiokoman.home [172.17.0.100] con 32 byte di dati:
        Risposta da 172.17.0.100: byte=32 durata=6ms TTL=63
        Risposta da 172.17.0.100: byte=32 durata=8ms TTL=63
        Risposta da 172.17.0.100: byte=32 durata=7ms TTL=63
        Risposta da 172.17.0.100: byte=32 durata=7ms TTL=63
        
        C:\Users\Amministratore>nslookup nanto
        Server:  nanto.kiokoman.home
        Address:  172.17.0.100
        

        under my ubuntu machine with a static ip i have inside /etc/network/interfaces

        auto enp1s0
        iface enp1s0 inet static
                address 172.17.0.100
                netmask 255.255.255.0
                gateway 172.17.0.254
                nameserver 127.0.0.1
                broadcast 172.17.0.255
                dns-nameserver 127.0.0.1
                search kiokoman.home          <-------------
                dns-search kiokoman.home   <-------------
        

        so when i ping a machine on my network it is automatically added

        kiokoman@nanto:~$ ping Lenovo730
        PING Lenovo730.kiokoman.home (192.168.2.8) 56(84) bytes of data.
        

        in the end you are right on your assumption and you need this (DHCP server)

        Immagine.jpg

        or you need to specify it on your network interface

        JKnott TangoOversway 2 Replies Last reply Reply Quote 0
        • JKnott
          JKnott @kiokoman last edited by

          @kiokoman

          The DNS server should work with either the host or other command, such as ping. It certainly works that way here.

          1 Reply Last reply Reply Quote 0
          • kiokoman
            kiokoman LAYER 8 last edited by kiokoman

            yes, of course, it was a generic answer to it's latest question. idk why host work and ping not for him.
            but for host, names with fewer dots are interpreted as relative names and will be searched for in the domains listed in the search or domain directive in /etc/resolv.conf

            kiokoman@nanto:~$ cat /etc/resolv.conf
            # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
            #     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
            # 127.0.0.53 is the systemd-resolved stub resolver.
            # run "systemd-resolve --status" to see details about the actual nameservers.
            
            nameserver 127.0.0.1
            search kiokoman.home
            

            so it's possible that he have "search" inside resolv.conf but not "dns-search" in the interface configuration

            1 Reply Last reply Reply Quote 0
            • TangoOversway
              TangoOversway @kiokoman last edited by

              @kiokoman

              So, basically, I do need to tell each separate machine on the LAN to add the domain to a host name when I provide only a host name?

              JKnott 1 Reply Last reply Reply Quote 0
              • kiokoman
                kiokoman LAYER 8 last edited by

                yes, as i said it's automatic if you use dhcp server, otherwise you need to set the suffix
                Immagine.jpg
                there probably is powershell/cmd command to do it but i never had the need for this

                1 Reply Last reply Reply Quote 0
                • Grimeton
                  Grimeton last edited by

                  Be careful here not to confuse domain searching with Windows own SMB/Netbios lookups. Windows tends to lookup via Netbios and then search but returning a result that looks like a domain search has happened and the domain was appended to the hostname.

                  Can cause a lot of headaches.

                  1 Reply Last reply Reply Quote 0
                  • TangoOversway
                    TangoOversway last edited by

                    At this point, I'm using Macs and a few Linux systems, so no Windows systems on the LAN at the moment. I am using my pfSense firewall as the DHCP server and DNS Resolver. Sorry, I should have specified what systems I had on the LAN earlier, but I was thinking, "If there's a solution because of something on pfSense, OS shouldn't matter." My bad.

                    What I find odd is that "ping gimli" doesn't work and "host gimli" does work. I have added rivendell.me as a search domain on my main workstation and things are working okay from there. I was just hoping there was something I could do on pfSense, to either the DHCP server or DNS resolver settings, to make it work for all systems without having to change settings on each system.

                    1 Reply Last reply Reply Quote 0
                    • johnpoz
                      johnpoz LAYER 8 Global Moderator last edited by

                      pfsense will not return an answer to a non qualified query.. A query for dns to resolve needs to be fully qualified, you can hand out the domain clients should use via dhcp... Pretty much all OSes will leverage this..

                      1 Reply Last reply Reply Quote 0
                      • TangoOversway
                        TangoOversway last edited by

                        Okay, that's what I thought, but I figured I'd ask to make sure I have a clear understanding of what's going on. I also figured that if I was wrong, I'd like to know what I could do instead.

                        Thank you, everyone!

                        1 Reply Last reply Reply Quote 0
                        • JKnott
                          JKnott @TangoOversway last edited by

                          @TangoOversway said in Full Domain Required for LAN Usage Only?:

                          @kiokoman

                          So, basically, I do need to tell each separate machine on the LAN to add the domain to a host name when I provide only a host name?

                          Only if you're using static config. With DHCP it should happen automagically. On the DHCP server page, there's a box for the domain name. It's normally left blank so that the default name is used.

                          TangoOversway 1 Reply Last reply Reply Quote 0
                          • TangoOversway
                            TangoOversway @JKnott last edited by

                            @JKnott said in Full Domain Required for LAN Usage Only?:

                            @TangoOversway said in Full Domain Required for LAN Usage Only?:

                            @kiokoman

                            So, basically, I do need to tell each separate machine on the LAN to add the domain to a host name when I provide only a host name?

                            Only if you're using static config. With DHCP it should happen automagically. On the DHCP server page, there's a box for the domain name. It's normally left blank so that the default name is used.

                            This is why I ask questions, even if I think it might be a dumb question. I didn't realize that! I don't know how, but I missed the domain field on the DHCP Server page, so I made the change and tested and it's working fine. (This will also make it easier for my wife to do things like play video and music files off of network shares.)

                            So why is it possible to do this with DHCP, but not with a static config?

                            1 Reply Last reply Reply Quote 0
                            • johnpoz
                              johnpoz LAYER 8 Global Moderator last edited by johnpoz

                              It is possible to do with a static config... You just need to set up the machines actual domain name and or search suffix..

                              A machine should always have a fqdn, not just a host name..

                              Your pfsense machine has a domain name, when you set it up.. defaulted to localdomain most likely.. This is common default..

                              domain.jpg

                              What is in the domain of pfsense is what would be handed out, when you leave it blank in your dhcp settings.

                              1 Reply Last reply Reply Quote 1
                              • First post
                                Last post

                              Products

                              • Platform Overview
                              • TNSR
                              • pfSense Plus
                              • Appliances

                              Services

                              • Training
                              • Professional Services

                              Support

                              • Subscription Plans
                              • Contact Support
                              • Product Lifecycle
                              • Documentation

                              News

                              • Media Coverage
                              • Press
                              • Events

                              Resources

                              • Blog
                              • FAQ
                              • Find a Partner
                              • Resource Library
                              • Security Information

                              Company

                              • About Us
                              • Careers
                              • Partners
                              • Contact Us
                              • Legal
                              Our Mission

                              We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                              Subscribe to our Newsletter

                              Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                              © 2021 Rubicon Communications, LLC | Privacy Policy