Highlighted
Flight Engineer
Flight Engineer
  • 743 Views

RHA Academy DNS Resolve Outside World Failed

Jump to solution

Hello. I want to ask. I'm new on RH Academy Labs. I set up the Labs on my laboratorium, and using

rht-external --configure enp2s0 --noclassroom

It works and the connection can go outside, but the problem is the DNS on the 172.25.254.250, it always respond with fail on certain domain. If it's on f0, I can just add new nameserver on /etc/resolv.conf using default router that's available on my network, but if it's on the student computer (f1-f20), then it's quite problematic to face with.

When I test it using nslookup rhlearn.gilmore.ca, it will return server fail. Server Fail RespondServer Fail Respond

Is there anyway to fix the DNS service or maybe I'm doing something wrong here? Thanks. Any help is appriciated.

(rhlearn.gilmore.ca also affected, so I can't teach team with the web ebook for now)

Teaching RHEL Curicullum on stts.edu/istts.ac.id since 2019! Thanks for RH Academy !
Labels (4)
Tags (4)
1 Solution

Accepted Solutions
Highlighted
Starfighter Starfighter
Starfighter
  • 736 Views

Re: RHA Academy DNS Resolve Outside World Failed

Jump to solution

Hello!

So I would like to introduce you to one of the documents you should have access to called ClassroomTroubleshooting.txt. You should be able to find it in /home/kiosk/ on foundation0, or on your RHTINST USB under docs/.

Depending on the version/generation of RHCIfoundation, the section about this particular problem may be less clear, so let me give you some background.

There are generally two DNS servers (newer classes sneak in a third) in the classroom environment managed by the instructor. One is on foundation0 that locally serves up the DNS domain ".ilt.example.com" while the classroom VM locally serves up ".example.com". The question comes in about what to do with the external domains. The long ago answer was to simply point to the true authority for DNS and point to the root nameservers on the public Internet. This is why you will see references to the zone named "." (yup a dot/period). That is what normally gets the rest of the Internet for us.

As a more recent practical matter, numerous ISPs/companies/institutions are now filtering access to the root nameservers, so we find ourselves needing an laternate solution when that happens. Yes, this is my initial guess as to what is going wrong for your public DNS queries.

To quote a recent rendition of ClassroomTroubleshooting.txt under "DNS CONNECTIVITY ISSUES":

To get around DNS restrictions by the facility, edit /etc/named.conf on
classroom and foundation0 to configure a forwarder to the facility's DNS
server (there is a commented example in the file). Depending on the
facility's DNS server, dnssec options may need adjustment too.

For example:

// forwarders { 172.25.254.254; };

would be changed to comething like (remember to uncomment, remove the leading slashes):

     forwarders { 8.8.8.8; };

You will want to do this on both foundation0 and classroom. Also keep an eye on the dnssec-* options as you may find a need to adjust those too.

On a side note, you may notice this is one area I haven't gotten to yet in the rht-external utility. There are some "FIXME" references to wanting to add DNS update options. One day.... <grin/>

I hope this helps!

--Rob

View solution in original post

Reply
Loading...
2 Replies
Highlighted
Starfighter Starfighter
Starfighter
  • 737 Views

Re: RHA Academy DNS Resolve Outside World Failed

Jump to solution

Hello!

So I would like to introduce you to one of the documents you should have access to called ClassroomTroubleshooting.txt. You should be able to find it in /home/kiosk/ on foundation0, or on your RHTINST USB under docs/.

Depending on the version/generation of RHCIfoundation, the section about this particular problem may be less clear, so let me give you some background.

There are generally two DNS servers (newer classes sneak in a third) in the classroom environment managed by the instructor. One is on foundation0 that locally serves up the DNS domain ".ilt.example.com" while the classroom VM locally serves up ".example.com". The question comes in about what to do with the external domains. The long ago answer was to simply point to the true authority for DNS and point to the root nameservers on the public Internet. This is why you will see references to the zone named "." (yup a dot/period). That is what normally gets the rest of the Internet for us.

As a more recent practical matter, numerous ISPs/companies/institutions are now filtering access to the root nameservers, so we find ourselves needing an laternate solution when that happens. Yes, this is my initial guess as to what is going wrong for your public DNS queries.

To quote a recent rendition of ClassroomTroubleshooting.txt under "DNS CONNECTIVITY ISSUES":

To get around DNS restrictions by the facility, edit /etc/named.conf on
classroom and foundation0 to configure a forwarder to the facility's DNS
server (there is a commented example in the file). Depending on the
facility's DNS server, dnssec options may need adjustment too.

For example:

// forwarders { 172.25.254.254; };

would be changed to comething like (remember to uncomment, remove the leading slashes):

     forwarders { 8.8.8.8; };

You will want to do this on both foundation0 and classroom. Also keep an eye on the dnssec-* options as you may find a need to adjust those too.

On a side note, you may notice this is one area I haven't gotten to yet in the rht-external utility. There are some "FIXME" references to wanting to add DNS update options. One day.... <grin/>

I hope this helps!

--Rob

View solution in original post

Reply
Loading...
Highlighted
Flight Engineer
Flight Engineer
  • 723 Views

Re: RHA Academy DNS Resolve Outside World Failed

Jump to solution

Sir. Thanks you for aproaching me. Yeah I never touch that particular documentation, next time I will read it thoroughly and thank you, now it work as it's !

 

Teaching RHEL Curicullum on stts.edu/istts.ac.id since 2019! Thanks for RH Academy !
Reply
Loading...
Join the discussion
You must log in to join this conversation.