DNS rookie question

[Justy]

OK - I am quite familiar with the major principles for using DNS and DHCP - and I have no AD, etc. in my domain (missing the skills to set it up properly.)

So the clients are using Untangle as primary DNS (that is referring to the ISP DNS in the Untangle setup.)

BUT it seems that I am actually missing out on understanding the DNS functionality in Untangle...

My understanding/setup:

I am using DHCP with static entries for most of my devices - so the dynamic usage/addresses are limited to "newly discovered" devices and thereby easy to catch (range 240-250)

BUT I have some devices that do not get a proper name and some that are not within the DHCP range, e.g., the router to the internet. So I believe that I some years ago added those to the DNS tab and thereby they were also accessable by the clients.

Example: I am using the 10.X... for DHCP - and the external router is 192.168.0.1
So I have put the router = 192.168.0.1 into the DNS table.

Thereby I would expect that: http://router
...works but it do not!
I get this error code in the browser: DNS_PROBE_FINISHED_NXDOMAIN

What have I missed/misunderstood?

[sky-knight]

Short names, and suffixes, and search orders OH MY!

DNS 101 time!

No DNS resolver anywhere, running anything will ever resolve a short name. IE, router

DNS resolvers require a FQDN or Fully Qualified Domain Name to resolve anything. An example FQDN in this case would be router.example.local.

DNS resolves from the right to the left. And if you're resolving router alone, there's a suffix that must be applied to make it a FQDN before DNS can resolve. The error you're getting, NXDomain means nonexistent domain. Which is literal in this case... you don't have one!

On Untangle, under Config -> Networking -> Hostname There are two boxes up there, one for hostname, and the other for domain name. These details configure not only the name that Untangle will use to reference itself, but also the domain name it uses. The rub here is behind the scenes it also uses this domain name for the DNS Search Suffixes passed out to your workstations via DHCP.

So if you open up a command prompt on your windows box, and do ipconfig /all, you're going to see the full IP configuration of every network interface in the system. Find the block of text referring to the network interface you're using behind Untangle and look for line item that says "Connection-specific DNS Suffix", you'll notice it matches what's in Untangle's Domain Name field above.

If your device is statically configured, slap yourself for making extra work for yourself and go manually configure that value to match! Remember where you manually configure the IP address? Click the advance button at the bottom go to the DNS tab and fill in the DNS Suffix for this connection box at the bottom.

Once that's done, ipconfig /all again to verify that the Connection-specific DNS Suffix matches what's in Untangle's Domain box on the hostname tab.

Now, if you have a DNS record in Untangle for router.example.local, and you have example.local in the domain box OR have manually configured the interface in question to use example.local as the DNS Suffix. That one device can then resolve "router" alone, because it will automatically attempt router.example.local.

And that's how short name resolution works, it's horrifically simple. Unless you insist on statically configuring everything. Do yourself a favor and let DHCP do the lifting. That way if you want to change this stuff you update the DHCP service, reboot the devices, and everyone comes along for the ride. Static configurations are how you make typos that cause problems, not to mention it's a device by device change to fix an error.

[Justy]

I really appreciate your time/effort, sky-knight,
...and I have read it a couple of days to see if I can get a better grip of the explanation but somehow, I get lost...
(Having a M.Sc. in Computer Science - something is missing in my DNS comprehension and I guess that really takes a lot of time so hope you have time for another 101 quest...)

Short names, and suffixes, and search orders OH MY!

DNS 101 time!

No DNS resolver anywhere, running anything will ever resolve a short name. IE, router

DNS resolvers require a FQDN or Fully Qualified Domain Name to resolve anything. An example FQDN in this case would be router.example.local.

DNS resolves from the right to the left. And if you're resolving router alone, there's a suffix that must be applied to make it a FQDN before DNS can resolve. The error you're getting, NXDomain means nonexistent domain. Which is literal in this case... you don't have one!

On Untangle, under Config -> Networking -> Hostname There are two boxes up there, one for hostname, and the other for domain name. These details configure not only the name that Untangle will use to reference itself, but also the domain name it uses. The rub here is behind the scenes it also uses this domain name for the DNS Search Suffixes passed out to your workstations via DHCP.

So if you open up a command prompt on your windows box, and do ipconfig /all, you're going to see the full IP configuration of every network interface in the system. Find the block of text referring to the network interface you're using behind Untangle and look for line item that says "Connection-specific DNS Suffix", you'll notice it matches what's in Untangle's Domain Name field above.

So far so good; This is logically OK - and the hostname/domain name work exactly as expected (and seen in ipconfig.)

Short names, and suffixes, and search orders OH MY!

If your device is statically configured, slap yourself for making extra work for yourself and go manually configure that value to match! Remember where you manually configure the IP address? Click the advance button at the bottom go to the DNS tab and fill in the DNS Suffix for this connection box at the bottom.

Once that's done, ipconfig /all again to verify that the Connection-specific DNS Suffix matches what's in Untangle's Domain box on the hostname tab.

This is the first place where I get lost; I am using the DHCP to configure static addresses for most of the devices.
I do this by getting the dynamic assignment via DHCP - and then using + (on the right) to move it to the left and put it in the designated IP adresse range (e.g., for IP cameras.)

So I am not sure where this "manual configuration" takes place - and thereby the advance button/DNS path...
But I am slapping myself for not figuring out what you mean

Short names, and suffixes, and search orders OH MY!

Now, if you have a DNS record in Untangle for router.example.local, and you have example.local in the domain box OR have manually configured the interface in question to use example.local as the DNS Suffix. That one device can then resolve "router" alone, because it will automatically attempt router.example.local.

This also escapes me - just likely due to the same DNS confusion (even though I thought I had understood the local previously in the cases where I have used it.)
I tried to put in the FQDN in the static DNS table but that was so far I could interpret it - and it does not work.

Short names, and suffixes, and search orders OH MY!

And that's how short name resolution works, it's horrifically simple. Unless you insist on statically configuring everything. Do yourself a favor and let DHCP do the lifting. That way if you want to change this stuff you update the DHCP service, reboot the devices, and everyone comes along for the ride. Static configurations are how you make typos that cause problems, not to mention it's a device by device change to fix an error.

Oooh, simple but not to me when I cannot make it work.
As usual, the simpler the harder it can be to debug/understand it - until you find the culprit/the key that unlocks the door.

I DON'T want to make is hard - quite the opposite.

So let me describe the problem/challenge that I try to solve.

I am using DHCP for "all devices" that somehow can provide their hostname, etc. so it simply fits without further action. And yes, then I make it static to avoid the devices to move around so I can use the same IP and collect statistics, etc.

BUT then some devices, like simple printers and IoT like devices, that DO NOT allow the configuration of their hostname in their setup. This most often shows as * in the DHCP dynamic table - and sometimes some generic + MAC name that I cannot use/type for any real purpose.

SO I would simply like "HDHR-14103970" to be TVBOX3 - and for that purpose, I had thought the DNS static table could be used.

Similarly instead of typing the router internal IP (192.168.0.1), I would like to type "fiberrouter" (or router) in the browser and then get immediately to that.

FINALLY the UT box does not even allow that - I have previously been able to just type the hostname but that also no longer works so I have really F&%¤&% up the routing... I works OK when I type the IP no so UT works OK

Thanks in advance

[sky-knight]

IP Reservations in DHCP are not static assignments! These are two very different things. The difference is subtle but fundamental!

This is one of the things in the Untangle UI that drives me absolutely up a wall, but Untangle isn't the source of this confusion the industry is. It's very similar to the confusion that lies between the differences of an IP network, and a VLAN. The terms are NOT interchangeable... but they've become so in many circumstances.

When you add a DHCP Lease to the Static DHCP Entries in Untangle, you're defining a DHCP reservation. This IS NOT a static IP configuration! A static IP configuration is when you manually configure each device to have an IP configuration on each device itself. If you've ever labbed a network without a router at all to have two devices talk to each other, you had to do this! Some people choose to do this on everything because they think it's more secure... it isn't... just a ton more work! The only benefit here is a network that doesn't need a DHCP server to function. Which does have value, but not in most networks these days.

But all that's irrelevant, you aren't doing that... you're using the DHCP server! I do too... this is where sane people work! Specific devices get their "static" IP address, but the DHCP server still must be there to tell them what to do when they connect to the network. That way you don't have to worry about manually going to each endpoint to change things later, you just update the DHCP server and reboot everything.

So now that I know you're using what Untangle referse to as a "Static DHCP entry", for all your hard set things. I know that those devices are getting the DNS suffix as defined in the domain tab on the hostname tab.

So if you want to make a DNS entry to match, what you need to do is make a DNS entry for the router that says router.whateverisinthedomain.box, and aim it at the IP address of the router.

You can then test with nslookup on your windows station, try router.whateverisinthedomain.box and it should pull back an IP address. Then try just router, it should also work. Once nslookup is happy, your browser will come along for the ride. UNLESS it's Firefox or Opera... those two can get stupid because of DoH.

[donhwyo]

If you are only worried about it working on your machine you can add router to the hosts file on the windows machine. Google can tell you how to do that.

[sky-knight]

Hosts file on Windows is often ignored, and hopefully will be completely ignored in the future.

[Justy]

IP Reservations in DHCP are not static assignments! These are two very different things. The difference is subtle but fundamental!

...

So if you want to make a DNS entry to match, what you need to do is make a DNS entry for the router that says router.whateverisinthedomain.box, and aim it at the IP address of the router.

You can then test with nslookup on your windows station, try router.whateverisinthedomain.box and it should pull back an IP address. Then try just router, it should also work. Once nslookup is happy, your browser will come along for the ride. UNLESS it's Firefox or Opera... those two can get stupid because of DoH.

THANKS, Rob,

..and yes, it is an IP Reservation in DHCP that I am using - now your explanation makes perfectly sense!

Most surprisingly, the DNS tab with the FQDNs are actually OK - which I have checked with the nslookup. You're right, that IS the way to check it - and it works!

GLAD that I am back on track and understand quite a bit more than before - building on top of that I (already) thought I knew.

SO now it remains how to convince my Chrome to use this name (like router) to look up the IP address instead of simply searching...
That I will google and change some setting...
Thanks, again - you have helped me a lot in the past and this time you helped me back on the track again :-)

[Justy]

If you are only worried about it working on your machine you can add router to the hosts file on the windows machine. Google can tell you how to do that.

Thanks for you input/suggestion - that is a interim method for setting IP but it does not "fix" globally...

I also used it "in the ol' days" but this is tedious to maintain and distribute across the network - and it was (AFAIK) introduced as some kind of interim fix for Linux/network compatibility (Windows: "we can also to that" :-)) but it never got integrated/supported in a "smart way."

[sky-knight]

THANKS, Rob,

..and yes, it is an IP Reservation in DHCP that I am using - now your explanation makes perfectly sense!

Most surprisingly, the DNS tab with the FQDNs are actually OK - which I have checked with the nslookup. You're right, that IS the way to check it - and it works!

GLAD that I am back on track and understand quite a bit more than before - building on top of that I (already) thought I knew.

SO now it remains how to convince my Chrome to use this name (like router) to look up the IP address instead of simply searching...
That I will google and change some setting...
Thanks, again - you have helped me a lot in the past and this time you helped me back on the track again :-)

Chrome will take a word and assume it's a search phrase. You need to feed it a link! https://router or http://router custom ports become https://router:444 or whatever port you're using.

This is the primary reason why I use Firefox and have it configured to have a dedicated search box to pull that functionality into a dedicated input box, and don't fuse my address bar with a search box.