I can telnet to the dns servers on port 53 from other hosts on the 131.243.78 subnet so I don’t think that’s the problem.
I will attempt to do a packet trace as per Justin’s suggestion and get back to the list.
Thanks, Scott
On Apr 25, 2019, at 1:09 PM, tmac tmacmd@gmail.com wrote:
So, not going to explain how to here.... But if you know how, unlock the diag user and set a password. Open a systemshell to a node try: telnet 131.243.5.1 53
My example: (fails) home-01% telnet 192.168.1.208 53 Trying 192.168.1.208... telnet: connect to address 192.168.1.208 http://192.168.1.208/: Connection refused telnet: Unable to connect to remote host (works) home-01% telnet 192.168.1.159 53 Trying 192.168.1.159... Connected to homeauto.ddns.net http://homeauto.ddns.net/. ^CConnection closed by foreign host. (fails) home-01% telnet 192.168.1.155 53 Trying 192.168.1.155... telnet: connect to address 192.168.1.155 http://192.168.1.155/: Connection refused telnet: Unable to connect to remote host home-01% exit
The failures are what happens when the port is either blocked or not communicating on port 53 (dns)
--tmac
Tim McCarthy, Principal Consultant Proud Member of the #NetAppATeam https://twitter.com/NetAppATeam I Blog at TMACsRack https://tmacsrack.wordpress.com/
On Thu, Apr 25, 2019 at 3:53 PM Scott Classen <sclassen@lbl.gov mailto:sclassen@lbl.gov> wrote: sibyls2::*> dns modify -vserver als-enable-ds1 -domains als.lbl.gov http://als.lbl.gov/,lbl.gov http://lbl.gov/ -name-servers 131.243.5.2 -timeout 10
Error: "10" is an invalid value for field "-timeout <1..5>"
sibyls2::*> dns modify -vserver als-enable-ds1 -domains bl1231.als.lbl.gov http://bl1231.als.lbl.gov/,als.lbl.gov http://als.lbl.gov/,lbl.gov http://lbl.gov/ -name-servers 131.243.5.2 -timeout 5
Error: Failed to verify the specified DNS configuration. 131.243.5.2 http://131.243.5.2/: Operation timed out. command failed: Verify that the network configuration is correct and that DNS servers are available. Specify "-skip-config-validation" to skip the configuration validation.
sibyls2::*> dns modify -vserver als-enable-ds1 -domains bl1231.als.lbl.gov http://bl1231.als.lbl.gov/,als.lbl.gov http://als.lbl.gov/,lbl.gov http://lbl.gov/ -name-servers 131.243.5.2 -timeout 5 -skip-config-validation
sibyls2::*> dns check -vserver als-enable-ds1 Name Server Vserver Name Server Status Status Details
als-enable-ds1 down Operation timed out. 131.243.5.2
sibyls2::*> vserver services name-service getxxbyyy gethostbyname -node sibyls2-03 -vserver als-enable-ds1 -hostname nsals.lbl.gov http://nsals.lbl.gov/ Host name: nsals.lbl.gov http://nsals.lbl.gov/ Canonical name: nsals.lbl.gov http://nsals.lbl.gov/ IPv4: 131.243.5.2
Seems odd that a gethostbyname of the name server (nsals.lbl.gov http://nsals.lbl.gov/) works but dns check doesn’t
S
On Apr 25, 2019, at 12:39 PM, Parisi, Justin <Justin.Parisi@netapp.com mailto:Justin.Parisi@netapp.com> wrote:
So, ping and traceroute won't really check what you need to check for DNS connectivity; that's access to the IP over port 53.
DNS check will test round trip time to the DNS server by doing a simple DNS lookup of example.domain.com http://example.domain.com/ and reports the time it took for that request.
"Operation timed out" means either that the DNS query couldn't be made or it took longer than the DNS timeout you have set. Try increasing the timeout from 2 seconds to 10 seconds and retry the check. A packet trace will also be useful to see why/how the requests are failing.
-----Original Message----- From: toasters-bounces@teaparty.net mailto:toasters-bounces@teaparty.net <toasters-bounces@teaparty.net mailto:toasters-bounces@teaparty.net> On Behalf Of Scott Classen Sent: Thursday, April 25, 2019 2:48 PM To: toasters@teaparty.net mailto:toasters@teaparty.net Subject: DNS woes
NetApp Security WARNING: This is an external email. Do not click links or open attachments unless you recognize the sender and know the content is safe.
Hello,
Can anyone help me with this before I open a case with NetApp?
dns check on one of my sververs fails (see below where I get an “Operation timed out” error), but I can ping and traceroute from the vserver to the gateway and the DNS servers.
sibyls2::*> dns show -vserver als-enable-ds1
Vserver: als-enable-ds1 Domains: als.lbl.gov <http://als.lbl.gov/>, lbl.gov <http://lbl.gov/> Name Servers: 131.243.5.1, 131.243.5.2 Timeout (secs): 2 Maximum Attempts: 1 Is TLD Query Enabled?: true Require Source and Reply IPs to Match: true Require Packet Queries to Match: true
sibyls2::*> dns check -vserver als-enable-ds1 Name Server Vserver Name Server Status Status Details
als-enable-ds1 down Operation timed out. 131.243.5.1 als-enable-ds1 down Operation timed out. 131.243.5.2 2 entries were displayed.
sibyls2::*> ping -node sibyls2-03 -destination 131.243.78.1 -vserver als-enable-ds1 -wait-response 2000 -count 3 131.243.78.1 is alive
sibyls2::*> ping -node sibyls2-03 -destination 131.243.5.1 -vserver als-enable-ds1 -wait-response 2000 -count 3 131.243.5.1 is alive
sibyls2::*> ping -node sibyls2-03 -destination 131.243.5.2 -vserver als-enable-ds1 -wait-response 2000 -count 3 131.243.5.2 is alive
sibyls2::*> ping -node sibyls2-04 -destination 131.243.78.1 -vserver als-enable-ds1 -wait-response 2000 -count 3 131.243.78.1 is alive
sibyls2::*> ping -node sibyls2-04 -destination 131.243.5.1 -vserver als-enable-ds1 -wait-response 2000 -count 3 131.243.5.1 is alive
sibyls2::*> ping -node sibyls2-04 -destination 131.243.5.2 -vserver als-enable-ds1 -wait-response 2000 -count 3 131.243.5.2 is alive
sibyls2::*> traceroute -node sibyls2-03 -vserver als-enable-ds1 -destination 131.243.78.1 traceroute to 131.243.78.1 (131.243.78.1), 64 hops max, 40 byte packets 1 vlan3078.irals.lbl.gov http://vlan3078.irals.lbl.gov/ (131.243.78.1) 0.521 ms * 0.484 ms
sibyls2::*> traceroute -node sibyls2-03 -vserver als-enable-ds1 -destination 131.243.5.1 traceroute to 131.243.5.1 (131.243.5.1), 64 hops max, 40 byte packets 1 vlan3078.irals.lbl.gov http://vlan3078.irals.lbl.gov/ (131.243.78.1) 0.478 ms 0.369 ms 0.376 ms 2 xe-2-2-1.er1-n1.lbl.gov http://xe-2-2-1.er1-n1.lbl.gov/ (131.243.244.140) 0.411 ms 0.391 ms 0.330 ms 3 t5-4.ir1-n1.lbl.gov http://t5-4.ir1-n1.lbl.gov/ (131.243.244.131) 0.796 ms 1.365 ms 0.524 ms 4 ns.lbl.gov http://ns.lbl.gov/ (131.243.5.1) 0.402 ms 0.765 ms 0.936 ms
sibyls2::*> traceroute -node sibyls2-03 -vserver als-enable-ds1 -destination 131.243.5.2 traceroute to 131.243.5.2 (131.243.5.2), 64 hops max, 40 byte packets 1 vlan3078.irals.lbl.gov http://vlan3078.irals.lbl.gov/ (131.243.78.1) 0.446 ms 0.409 ms 0.375 ms 2 nsals.lbl.gov http://nsals.lbl.gov/ (131.243.5.2) 0.649 ms 1.047 ms 1.080 ms
sibyls2::*> traceroute -node sibyls2-04 -vserver als-enable-ds1 -destination 131.243.78.1 traceroute to 131.243.78.1 (131.243.78.1), 64 hops max, 40 byte packets 1 vlan3078.irals.lbl.gov http://vlan3078.irals.lbl.gov/ (131.243.78.1) 0.443 ms * 0.502 ms
sibyls2::*> traceroute -node sibyls2-04 -vserver als-enable-ds1 -destination 131.243.5.1 traceroute to 131.243.5.1 (131.243.5.1), 64 hops max, 40 byte packets 1 vlan3078.irals.lbl.gov http://vlan3078.irals.lbl.gov/ (131.243.78.1) 0.515 ms 0.402 ms 0.388 ms 2 xe-2-2-1.er1-n1.lbl.gov http://xe-2-2-1.er1-n1.lbl.gov/ (131.243.244.140) 0.513 ms 0.344 ms 0.326 ms 3 t5-4.ir3-n2.lbl.gov http://t5-4.ir3-n2.lbl.gov/ (131.243.244.129) 1.737 ms 1.618 ms t5-4.ir4-n3.lbl.gov http://t5-4.ir4-n3.lbl.gov/ (131.243.244.133) 0.582 ms 4 ns.lbl.gov http://ns.lbl.gov/ (131.243.5.1) 0.898 ms 1.213 ms 0.517 ms
sibyls2::*> traceroute -node sibyls2-04 -vserver als-enable-ds1 -destination 131.243.5.2 traceroute to 131.243.5.2 (131.243.5.2), 64 hops max, 40 byte packets 1 vlan3078.irals.lbl.gov http://vlan3078.irals.lbl.gov/ (131.243.78.1) 2.075 ms 1.451 ms 0.403 ms 2 nsals.lbl.gov http://nsals.lbl.gov/ (131.243.5.2) 1.198 ms 0.410 ms 0.911 ms _______________________________________________ Toasters mailing list Toasters@teaparty.net mailto:Toasters@teaparty.net http://www.teaparty.net/mailman/listinfo/toasters http://www.teaparty.net/mailman/listinfo/toasters
Toasters mailing list Toasters@teaparty.net mailto:Toasters@teaparty.net http://www.teaparty.net/mailman/listinfo/toasters http://www.teaparty.net/mailman/listinfo/toasters