DNS Resolution Issues #25
Comments
|
Hi @benalexau thank you for this great high-quality issue report. I actually never tried a configuration with 2 ethernet interfaces.
I do not think it should be a problem. Requests to DNS should be handled the same way as any other IP endpoint. Any non-subnet IP packets should be routed to the default gateway.
Having inactive ethernet ports is definitely an issue for the booster network init code. Currently booster listens for udev events and once it receives ADD event for a Booster should have a way to specify active interface(s). The other interfaces should be ignored. Note that in your case the systems sees so called predictable network name while booster sees raw interface names (before the systemd rename). A quick test/fix for this part would be modifying booster's udevListener() loop and filter out the inactive interface ( I am travelling next week and my response will be slow. Feel free to modify the sources as mentioned above. Otherwise I will try it once I am back to my workstation. |
|
One way to debug the issue and make sure that it will not come back is to have an integration test to cover this use-case. Is there a way to reproduce the setup you have (2 ethernet ports + DNS outside of subnet) with QEMU? |
|
Actually reading booster's DHCP handing code I realized that this codepath does not set the gateway. So yeah it is an issue with having DNS outside of the subnet. And it should be fixed. Here is how the default route initialized with static configuration. defaultRoute := netlink.Route{Gw: gw}
if err := netlink.RouteAdd(&defaultRoute); err != nil {
return err
} |
If DNS/Tang server is in subnet that differs from the the interface IP then default gateway is required. Static network configuration was able to configure the gateway but DHCP codepath missed it. Issue #25
|
@benalexau the first issue (DNS outside of subnet) should be fixed now. PTAL. I do not have an integration test for this use-case unfortunately. I need qemu to create 2 network interfaces with DHCP and DNS outside of subnet. If you or someone else knows how to do it please share your knowledge. As of the second issue (handling multiple network interfaces) I need to think how to implement it correctly. booster needs a config option that specifies what interfaces should be enabled. One caveat with it is that Linux can rename interface names so we need a reliable way to identify interfaces. Note that network MAC address might be changed as well. |
|
I just ran a test as follows:
So we have Booster receiving a DHCP address on one subnet, talking to a DNS server on a different subnet, and then communicating with a Tang server on a third subnet. This all worked fine! Thanks @anatol! |
If a machine contains multiple network interfaces it is desirable to specify which one can be used at boot (e.g. for network binding). And disable the rest of the networks to avoid messing with network initialization. Add property 'interfaces:' that tells booster which network interface to enable. Closes #25
|
It sounds great @benalexau The second part of the issues (handling multiple conflicting interfaces) should be resolved now a well. Please take a look and let me know if you see any issues. |
|
@anatol I tested AUR:booster-git 0.3.r20.g764b6ab-1 on the above server and it did not give any errors or unusual messages during boot. I think it's working well. |
|
Great to hear it. Thank you for testing. |
Thanks for adding support for unlocking using a Tang server specified using a DNS-resolvable hostname address (issue #19).
I have now tested this with a newly-built server as follows:
eno1enp1s0http://the.dns.nameto a Tang server on same subnethttp://the.dns.nameaddress (ie hostname, not numeric IP)The
/etc/booster.yamlcontains two lines:A forced rebuilt was performed using
booster -force -output /boot/booster-linux.img.The boot failed with the following:
I attempted to provide a static network configuration as follows (and of course rebuilt the image):
On this occasion I receive:
The above caused some minutes of blocking the boot waiting for the I/O timeouts to pass. It might be desirable to use a different timeout approach (eg abandon after 30 seconds).
Thinking it is perhaps an issue that the DNS server is on a different subnet than the server's IP address, I enabled DNS resolution on 192.168.110.1 and set DHCP to return that. After booting I confirmed:
I then verified the internal DNS address of the Tang server resolves correctly via a ping. This was done to rule out any firewall, routing or DNS server issues.
I then edited the
dns_servers:to192.168.110.1(ie maintaining a static IP configuration), rebuilt and rebooted:As shown it still didn't work despite a completely static network configuration in
booster.yamland the DNS server being on the same subnet.I then switched Booster back to the minimal
/etc/booster.yaml:The server then booted without a problem (ie DHCP assignment of a DNS server on the same subnet).
I then modified the DHCP server to return DNS server 192.168.250.1 (like we started with) and rebooted. This failed with the same messages as seen originally. When I changed the DHCP server to again return DNS server 192.168.110.1 and rebooted, the server booted fine once again.
In conclusion DNS resolution currently appears require two conditions:
/etc/booster.yaml)I'm happy to help with testing an updated package if you wish.
The text was updated successfully, but these errors were encountered: