bang

If you’ve ever set up DNS forwarding on a Ubiquiti EdgeRouter and have your own internal authoritative DNS servers, then you may have noticed that it doesn’t quite work right. If you look up the hostname of your router via the EdgeRouter, you’ll always get back an address of 127.0.1.1.

WTF?!

The Problem

EdgeOS makes use of dnsmasq for its DNS server needs. For the most part this works well and is very flexible. It allows you to set up a cached DNS forwarder and do all sorts of nifty DNS routing. Unfortunately, the default options are a little wonky.

By default, dnsmasq will read /etc/hosts and use what it finds there to answer DNS queries. While this may be good for some scenarios, it’s terrible in others. For example, the edgerouter adds default hosts entries for the router itself, that look like this:

Due to the dnsmasq options, it picks these up and will always answer queries for the router’s hostname with an unreachable loopback IP address.

Because there’s no place like 127.0.1.1…

The Fix

Dealing with this is thankfully simple. Just turn one option on, and you’re set:

This sets the –no-hosts option on dnsmasq, which prevents it from reading /etc/hosts at all. Now your DNS forwarder will completely ignore anything it finds in there and simply forward the request to your configured DNS servers. It’s also worth noting that the DHCP/DNS integration works through a different mechanism, so that will still work just fine if you choose to use it.

The other suggestions I’ve seen involve setting interface parameters to force a static DNS mapping, but this has the advantage of forwarding the DNS request to your actual nameservers.

Hopefully this will help someone out there. It’s been annoying me for a few days now as I set up my folks’ network…

Many of my basic network services live on Raspberry Pi hosts. DNS, DHCP, my yum repository mirrors, my git server… These useful little machines make excellent utility hosts for simple tasks that don’t require much horsepower.

But if I have so many important things running on them, shouldn’t they be monitored?

In my last post, I discussed using Zabbix to monitor varnish. I said it was easy, and that was mostly true — but it also missed one detail that made the situation a bit more complex. It has nothing to do with Zabbix or Varnish really, but the way in which I run my production servers.

Specifically, I run SELinux in enforcing mode.

Yeah, it was an ugly day today. We got a few inches of rain (complete with wild tunderstorms) in just a couple of hours, and the beautiful river I live on has turned to mud as a result. A perfectly cruddy end to a perfectly cruddy week.

At least I got something accomplished this weekend, though…