Can get host address, can't ping device

TangoOversway

I don't know if this is a DHCP server issue or is something elsewhere in my network.

My network uses 172.16.xxx.xxx/22, so it uses 172.16.4.0 through 172.16.7.255 for address space. added a new device today, at 172.16.4.198, configured to use palantir-02. (On this LAN, the FQDN would be palantir-02.arda.ea.) My desktop, a Mac, is at 172.16.7.7. The subnet mask on the Mac (which it gets from pfSense's DHCP, right?) is 255.255.252.0. (I've checked that with a mask calculator to be sure.) For instance, I can ping a device at 172.16.5.50. But when I try to deal with this new device at 172.16.4.198, I get this:

So I can get the IP address, I can ping the IP address, but I cannot ping by the registered name, using just the name or the FQDN. (I have my Mac configured to add ".arda.ea" to a name if it isn't a FQDN.) I also cannot reach it with Chrome on my Mac.

I can ping it using LibTerm on my iPhone, using ping palantir-02.arda.ea without issue.

What's going on with this and how do I fix it?

---

Addendum: I also tried this device at 172.16.7.198 - putting it in the same 24 bit mask as my Mac and got the same results. I do have devices detecting it, so it's "live," but unreachable on my Mac.

johnpoz

@TangoOversway said in Can get host address, can't ping device:

I can ping it using LibTerm on my iPhone, using ping palantir-02.arda.ea without issue.

if you can ping it via fqdn using your phone.. Why would you think this is a pfsense issue? And not whatever device you are having issue with problem?

Is your phone using different dns than whatever other machine your trying to resolve from.

Do a simple dig to palantir-02.arda.ea - so we can see what your actually doing a query for, and that you actually get back as response, be it nx, etc.. Or use host -v palantir-02.arda.ea

This would give you some output with actual details.

example

host -v nas.home.arpa
Trying "nas.home.arpa"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32004
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;nas.home.arpa.                 IN      A

;; ANSWER SECTION:
nas.home.arpa.          1294    IN      A       192.168.9.10

Received 47 bytes from 192.168.3.10#53 in 4 ms
Trying "nas.home.arpa"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12259
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;nas.home.arpa.                 IN      AAAA

Received 31 bytes from 192.168.3.10#53 in 6 ms
Trying "nas.home.arpa"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18498
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;nas.home.arpa.                 IN      MX

Received 31 bytes from 192.168.3.10#53 in 6 ms

Or just do it with your specific query for the A record

C:\Users\Budman>host -v -t A nas.home.arpa
Trying "nas.home.arpa"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45470
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;nas.home.arpa.                 IN      A

;; ANSWER SECTION:
nas.home.arpa.          1070    IN      A       192.168.9.10

Received 47 bytes from 192.168.3.10#53 in 4 ms

TangoOversway

@johnpoz

@johnpoz said in Can get host address, can't ping device:

if you can ping it via fqdn using your phone.. Why would you think this is a pfsense issue?

I've done some networking work, but only for myself and in a limited capacity. So I don't know just where it is and this is a start of the troubleshooting process.

@johnpoz said in Can get host address, can't ping device:

Is your phone using different dns than whatever other machine your trying to resolve from.

It's using the same DNS, which is on my pfSense firewall. (My firewall does the firewall stuff, DNS, and DHCP.)

Did two of the commands you talked about:

I'm not clear - the last command, host -v -t A nas.home.arpa is way out of my understanding. I just get that nas.home.arpa is not found.

johnpoz

@TangoOversway so clearly dns server at 172.16.7.1 is answering.. Why your machine can not resolve it via ping is on the machine.

As to -v and -t A, -v is verbose out - ie you can see exactly was ask for, and who answered it, etc. The -t A is saying only ask for the A record.. Notice in your host -v its also asking for AAAA and MX records. which you have none.

Where do you see that nas.home.arpa was not found - its IP is 192.168.9.10, which was returned for the A record, it has no AAAA or MX record, etc.

A record is your normal IPv4 address for a resource - ie your palantir-02.arda.ea

AAAA would be the IPv6 address if there is one.

MX is the mail record, ie what mail server to send email to for this domain - again you wouldn't have one normally setup on home network domain.

If I was having the issue, I would sniff on your machine (packet capture) and when I ping for the fqdn of something that should resolve - see what it is actually doing.. Maybe it is only doing a mdns query, or a lanman type broadcast. Which yeah isn't going to work most likely, unless the thing your trying to find actually answers and is on the same network... Which from its ip 172.16.4 I would assume is a different network? If you client your trying to ping from is on the same network as the 7.1 you are asking for dns.

TangoOversway

Update: I can now do reach this in Chrome on my Mac, so that tells me it's something with the terminal commands. I can reach it using the IP address or just http://palantir-02.

@johnpoz said in Can get host address, can't ping device:

Where do you see that nas.home.arpa was not found

I didn't copy and paste that command and the result in, since it just simply failed. My bad. Here's where it came up as not found:

I'm using just the DNS and DHCP on pfSense (and I have that DNS forward requests for non-local to an internet DNS). Everything in the LAN is one network, from 172.16.4.0 to 172.16.7.255. I think we can be sure, at this point, it has NOTHING to do with pfSense. That was just my first step in the process. I'm now finding it odd that I can access it through my browser on this machine, but can't access it from the command line. So, yeah, I'm going to have to experiment. I'm also wondering if this could be a caching issue or something on my Mac that's not getting updated and that a reboot might help - gotta go now, but I'll be trying a reboot when I get home this evening.

(TL;DR: I know this is a wide range for a LAN. I have two buildings, the house and barn. The barn is a workshop and I use Pis and ESP32s and other systems and have a number of IoT things in the house, too. It's easier for me to handle, mentally, by breaking things into groups. I have ranges broken down into different types of devices. (Like home automation is in one range, which has multiple subranges, like home entertainment being separated from lights and thermostats. 3D printing devices (including the printers and Pis that run them) have another range, which is a subrange of the machinery in my workshop. It was a pain adding some devices and having to extend a range for something I thought was enough, so I finally just changed things and created a space that allows me to set the ranges in a way that makes sense to my picky brain.)

johnpoz

@TangoOversway why would you think you could resolve a resource local to my network, pardon my french ;) but no shit you wouldn't be able to resolve nas.home.arpa ;) home.arpa is a special use domain for local use.. That record is unique to my network..

I just used it as an example of what you should see in the commands. Because your fqdn sure isn't going to resolve on my network, or the public internet. Since you clearly just pulled that domain out of thin air.. I mean that works.. But home.arpa is meant to be used for your local stuff, a soon to be approved .internal tld is also viable for local use

TangoOversway

@johnpoz

@johnpoz said in Can get host address, can't ping device:

@TangoOversway why would you think you could resolve a resource local to my network, pardon my french ;) but no shit you wouldn't be able to resolve nas.home.arpa ;) home.arpa is a special use domain for local use.. That record is unique to my network..

Yeah, maybe I misunderstood what you were saying, because I saw that and thought, "What the heck? Why would he want me to resolve something I don't have on my LAN?" But then I thought, "Hmmm... Maybe there's some kind of reserved name built into DNS, like the 127.0.0.1 is built in for local and the way some subnets are masked off. Could be? Doubt it, but let's see." To be honest, sometimes I read something and, well, it's not dyslexia, but I still get the words a bit jumbled, even after going through it a few times. So, okay, an example. Wasn't sure and thought it best to just try it just in case.

johnpoz

@TangoOversway have you figured out the issue yet? I really would suggest a packet capture. Because you don't actually know what ping is doing when you put in the full name.

I am not up to speed what your mac might doing natively.. which is what ping would use, vs an application like host or dig.

but there are other methods of resolving vs dns, there mdns, there is llmnr, if your browser can not resolve it - it could be using doh and not even using your local dns.

If it was happening to me - I would do a simple packet capture on your machine.. Then do your ping - what is it doing, anything? What should happen is you should see the query to your local dns IP, and the response. but maybe it only sends out a mdns, or llmnr query? For those to work the device your wanting to find by name has to respond, that is not a query to your name server. Which we know works because it resolves via host and dig.

Maybe it sends out nothing? Can you resolve say www.google.com from your ping command?

TangoOversway

@johnpoz

It's working fine now, which makes me think it's some kind of caching issue. I find it weird that Chrome could connect to palantir-02 yesterday, immediately, and the command line tools could not. I use iTerm2, which is a 3rd party terminal program that, so far, as exceeded the functionality of Apple's Term program, but I can't help but thinking that there might be some DNS caching being done somewhere that impacts the term programs and that Chrome doesn't deal with.

I have several learning disabilities and it's an attention span thing. It takes me longer to dig into something than it does for most people. There's a line and when I cross it, and dive deep into something, I can get a clear understanding of everything in it, but six months later, if I haven't kept working with that material, I can forget it all - unless I do another deep dive. So I've dealt with this kind of stuff before, but long enough ago, that I've forgotten all that's involved.

I probably should have looked up the command to clear the Mac's networking cache, but didn't think of it yesterday, when it would have helped. I did consider just rebooting, but didn't have the time while I was at the computer. (I figured that'd clear any DNS caching it may have done.)

I have been able to resolve anything with ping in the past - never an issue. I'm in a rural setting, so there are times I lose internet. I have a simple alias:

alias icheck='ping -c 5 8.8.8.8;echo;ping -c 5 www.google.com;echo;echo'

or something close to that, you get the idea. When I seem to be having connectivity issues, I always run that to see if our internet is down. I did run it just as a quick check (yesterday, when the issue was happening) and it did work.