Hello,
Can anyone help me with this before I open a case with NetApp?
dns check on one of my sververs fails (see below where I get an “Operation timed out” error), but I can ping and traceroute from the vserver to the gateway and the DNS servers.
sibyls2::*> dns show -vserver als-enable-ds1
Vserver: als-enable-ds1 Domains: als.lbl.gov, lbl.gov Name Servers: 131.243.5.1, 131.243.5.2 Timeout (secs): 2 Maximum Attempts: 1 Is TLD Query Enabled?: true Require Source and Reply IPs to Match: true Require Packet Queries to Match: true
sibyls2::*> dns check -vserver als-enable-ds1 Name Server Vserver Name Server Status Status Details ------------- --------------- ------------ -------------------------- als-enable-ds1 down Operation timed out. 131.243.5.1 als-enable-ds1 down Operation timed out. 131.243.5.2 2 entries were displayed.
sibyls2::*> ping -node sibyls2-03 -destination 131.243.78.1 -vserver als-enable-ds1 -wait-response 2000 -count 3 131.243.78.1 is alive
sibyls2::*> ping -node sibyls2-03 -destination 131.243.5.1 -vserver als-enable-ds1 -wait-response 2000 -count 3 131.243.5.1 is alive
sibyls2::*> ping -node sibyls2-03 -destination 131.243.5.2 -vserver als-enable-ds1 -wait-response 2000 -count 3 131.243.5.2 is alive
sibyls2::*> ping -node sibyls2-04 -destination 131.243.78.1 -vserver als-enable-ds1 -wait-response 2000 -count 3 131.243.78.1 is alive
sibyls2::*> ping -node sibyls2-04 -destination 131.243.5.1 -vserver als-enable-ds1 -wait-response 2000 -count 3 131.243.5.1 is alive
sibyls2::*> ping -node sibyls2-04 -destination 131.243.5.2 -vserver als-enable-ds1 -wait-response 2000 -count 3 131.243.5.2 is alive
sibyls2::*> traceroute -node sibyls2-03 -vserver als-enable-ds1 -destination 131.243.78.1 traceroute to 131.243.78.1 (131.243.78.1), 64 hops max, 40 byte packets 1 vlan3078.irals.lbl.gov (131.243.78.1) 0.521 ms * 0.484 ms
sibyls2::*> traceroute -node sibyls2-03 -vserver als-enable-ds1 -destination 131.243.5.1 traceroute to 131.243.5.1 (131.243.5.1), 64 hops max, 40 byte packets 1 vlan3078.irals.lbl.gov (131.243.78.1) 0.478 ms 0.369 ms 0.376 ms 2 xe-2-2-1.er1-n1.lbl.gov (131.243.244.140) 0.411 ms 0.391 ms 0.330 ms 3 t5-4.ir1-n1.lbl.gov (131.243.244.131) 0.796 ms 1.365 ms 0.524 ms 4 ns.lbl.gov (131.243.5.1) 0.402 ms 0.765 ms 0.936 ms
sibyls2::*> traceroute -node sibyls2-03 -vserver als-enable-ds1 -destination 131.243.5.2 traceroute to 131.243.5.2 (131.243.5.2), 64 hops max, 40 byte packets 1 vlan3078.irals.lbl.gov (131.243.78.1) 0.446 ms 0.409 ms 0.375 ms 2 nsals.lbl.gov (131.243.5.2) 0.649 ms 1.047 ms 1.080 ms
sibyls2::*> traceroute -node sibyls2-04 -vserver als-enable-ds1 -destination 131.243.78.1 traceroute to 131.243.78.1 (131.243.78.1), 64 hops max, 40 byte packets 1 vlan3078.irals.lbl.gov (131.243.78.1) 0.443 ms * 0.502 ms
sibyls2::*> traceroute -node sibyls2-04 -vserver als-enable-ds1 -destination 131.243.5.1 traceroute to 131.243.5.1 (131.243.5.1), 64 hops max, 40 byte packets 1 vlan3078.irals.lbl.gov (131.243.78.1) 0.515 ms 0.402 ms 0.388 ms 2 xe-2-2-1.er1-n1.lbl.gov (131.243.244.140) 0.513 ms 0.344 ms 0.326 ms 3 t5-4.ir3-n2.lbl.gov (131.243.244.129) 1.737 ms 1.618 ms t5-4.ir4-n3.lbl.gov (131.243.244.133) 0.582 ms 4 ns.lbl.gov (131.243.5.1) 0.898 ms 1.213 ms 0.517 ms
sibyls2::*> traceroute -node sibyls2-04 -vserver als-enable-ds1 -destination 131.243.5.2 traceroute to 131.243.5.2 (131.243.5.2), 64 hops max, 40 byte packets 1 vlan3078.irals.lbl.gov (131.243.78.1) 2.075 ms 1.451 ms 0.403 ms 2 nsals.lbl.gov (131.243.5.2) 1.198 ms 0.410 ms 0.911 ms
what about a "net int show -fields vserver, role,data-protocol, firewall-policy"
--tmac
*Tim McCarthy, **Principal Consultant*
*Proud Member of the #NetAppATeam https://twitter.com/NetAppATeam*
*I Blog at TMACsRack https://tmacsrack.wordpress.com/*
On Thu, Apr 25, 2019 at 2:52 PM Scott Classen sclassen@lbl.gov wrote:
Hello,
Can anyone help me with this before I open a case with NetApp?
dns check on one of my sververs fails (see below where I get an “Operation timed out” error), but I can ping and traceroute from the vserver to the gateway and the DNS servers.
sibyls2::*> dns show -vserver als-enable-ds1
Vserver: als-enable-ds1 Domains: als.lbl.gov, lbl.gov Name Servers: 131.243.5.1, 131.243.5.2 Timeout (secs): 2 Maximum Attempts: 1 Is TLD Query Enabled?: true
Require Source and Reply IPs to Match: true Require Packet Queries to Match: true
sibyls2::*> dns check -vserver als-enable-ds1 Name Server Vserver Name Server Status Status Details
als-enable-ds1 down Operation timed out. 131.243.5.1 als-enable-ds1 down Operation timed out. 131.243.5.2 2 entries were displayed.
sibyls2::*> ping -node sibyls2-03 -destination 131.243.78.1 -vserver als-enable-ds1 -wait-response 2000 -count 3 131.243.78.1 is alive
sibyls2::*> ping -node sibyls2-03 -destination 131.243.5.1 -vserver als-enable-ds1 -wait-response 2000 -count 3 131.243.5.1 is alive
sibyls2::*> ping -node sibyls2-03 -destination 131.243.5.2 -vserver als-enable-ds1 -wait-response 2000 -count 3 131.243.5.2 is alive
sibyls2::*> ping -node sibyls2-04 -destination 131.243.78.1 -vserver als-enable-ds1 -wait-response 2000 -count 3 131.243.78.1 is alive
sibyls2::*> ping -node sibyls2-04 -destination 131.243.5.1 -vserver als-enable-ds1 -wait-response 2000 -count 3 131.243.5.1 is alive
sibyls2::*> ping -node sibyls2-04 -destination 131.243.5.2 -vserver als-enable-ds1 -wait-response 2000 -count 3 131.243.5.2 is alive
sibyls2::*> traceroute -node sibyls2-03 -vserver als-enable-ds1 -destination 131.243.78.1 traceroute to 131.243.78.1 (131.243.78.1), 64 hops max, 40 byte packets 1 vlan3078.irals.lbl.gov (131.243.78.1) 0.521 ms * 0.484 ms
sibyls2::*> traceroute -node sibyls2-03 -vserver als-enable-ds1 -destination 131.243.5.1 traceroute to 131.243.5.1 (131.243.5.1), 64 hops max, 40 byte packets 1 vlan3078.irals.lbl.gov (131.243.78.1) 0.478 ms 0.369 ms 0.376 ms 2 xe-2-2-1.er1-n1.lbl.gov (131.243.244.140) 0.411 ms 0.391 ms 0.330 ms 3 t5-4.ir1-n1.lbl.gov (131.243.244.131) 0.796 ms 1.365 ms 0.524 ms 4 ns.lbl.gov (131.243.5.1) 0.402 ms 0.765 ms 0.936 ms
sibyls2::*> traceroute -node sibyls2-03 -vserver als-enable-ds1 -destination 131.243.5.2 traceroute to 131.243.5.2 (131.243.5.2), 64 hops max, 40 byte packets 1 vlan3078.irals.lbl.gov (131.243.78.1) 0.446 ms 0.409 ms 0.375 ms 2 nsals.lbl.gov (131.243.5.2) 0.649 ms 1.047 ms 1.080 ms
sibyls2::*> traceroute -node sibyls2-04 -vserver als-enable-ds1 -destination 131.243.78.1 traceroute to 131.243.78.1 (131.243.78.1), 64 hops max, 40 byte packets 1 vlan3078.irals.lbl.gov (131.243.78.1) 0.443 ms * 0.502 ms
sibyls2::*> traceroute -node sibyls2-04 -vserver als-enable-ds1 -destination 131.243.5.1 traceroute to 131.243.5.1 (131.243.5.1), 64 hops max, 40 byte packets 1 vlan3078.irals.lbl.gov (131.243.78.1) 0.515 ms 0.402 ms 0.388 ms 2 xe-2-2-1.er1-n1.lbl.gov (131.243.244.140) 0.513 ms 0.344 ms 0.326 ms 3 t5-4.ir3-n2.lbl.gov (131.243.244.129) 1.737 ms 1.618 ms t5-4.ir4-n3.lbl.gov (131.243.244.133) 0.582 ms 4 ns.lbl.gov (131.243.5.1) 0.898 ms 1.213 ms 0.517 ms
sibyls2::*> traceroute -node sibyls2-04 -vserver als-enable-ds1 -destination 131.243.5.2 traceroute to 131.243.5.2 (131.243.5.2), 64 hops max, 40 byte packets 1 vlan3078.irals.lbl.gov (131.243.78.1) 2.075 ms 1.451 ms 0.403 ms 2 nsals.lbl.gov (131.243.5.2) 1.198 ms 0.410 ms 0.911 ms _______________________________________________ Toasters mailing list Toasters@teaparty.net http://www.teaparty.net/mailman/listinfo/toasters
Output for the relevant server
als-enable-ds1 ae1g-1 data nfs data als-enable-ds1 ae1g-2 data nfs data als-enable-ds1 ae1g-3 data nfs data als-enable-ds1 ae1g-4 data nfs data
On Apr 25, 2019, at 11:56 AM, tmac tmacmd@gmail.com wrote:
net int show -fields vserver, role,data-protocol, firewall-policy
maybe you should create a LIF on that SVM with no data-protocol and firewall-policy of mgmt? or...maybe something on the network is blocking port 53?
--tmac
*Tim McCarthy, **Principal Consultant*
*Proud Member of the #NetAppATeam https://twitter.com/NetAppATeam*
*I Blog at TMACsRack https://tmacsrack.wordpress.com/*
On Thu, Apr 25, 2019 at 2:59 PM Scott Classen sclassen@lbl.gov wrote:
Output for the relevant server
als-enable-ds1 ae1g-1 data nfs data als-enable-ds1 ae1g-2 data nfs data als-enable-ds1 ae1g-3 data nfs data als-enable-ds1 ae1g-4 data nfs data
On Apr 25, 2019, at 11:56 AM, tmac tmacmd@gmail.com wrote:
net int show -fields vserver, role,data-protocol, firewall-policy
So, ping and traceroute won't really check what you need to check for DNS connectivity; that's access to the IP over port 53.
DNS check will test round trip time to the DNS server by doing a simple DNS lookup of example.domain.com and reports the time it took for that request.
"Operation timed out" means either that the DNS query couldn't be made or it took longer than the DNS timeout you have set. Try increasing the timeout from 2 seconds to 10 seconds and retry the check. A packet trace will also be useful to see why/how the requests are failing.
-----Original Message----- From: toasters-bounces@teaparty.net toasters-bounces@teaparty.net On Behalf Of Scott Classen Sent: Thursday, April 25, 2019 2:48 PM To: toasters@teaparty.net Subject: DNS woes
NetApp Security WARNING: This is an external email. Do not click links or open attachments unless you recognize the sender and know the content is safe.
Hello,
Can anyone help me with this before I open a case with NetApp?
dns check on one of my sververs fails (see below where I get an “Operation timed out” error), but I can ping and traceroute from the vserver to the gateway and the DNS servers.
sibyls2::*> dns show -vserver als-enable-ds1
Vserver: als-enable-ds1 Domains: als.lbl.gov, lbl.gov Name Servers: 131.243.5.1, 131.243.5.2 Timeout (secs): 2 Maximum Attempts: 1 Is TLD Query Enabled?: true Require Source and Reply IPs to Match: true Require Packet Queries to Match: true
sibyls2::*> dns check -vserver als-enable-ds1 Name Server Vserver Name Server Status Status Details ------------- --------------- ------------ -------------------------- als-enable-ds1 down Operation timed out. 131.243.5.1 als-enable-ds1 down Operation timed out. 131.243.5.2 2 entries were displayed.
sibyls2::*> ping -node sibyls2-03 -destination 131.243.78.1 -vserver als-enable-ds1 -wait-response 2000 -count 3 131.243.78.1 is alive
sibyls2::*> ping -node sibyls2-03 -destination 131.243.5.1 -vserver als-enable-ds1 -wait-response 2000 -count 3 131.243.5.1 is alive
sibyls2::*> ping -node sibyls2-03 -destination 131.243.5.2 -vserver als-enable-ds1 -wait-response 2000 -count 3 131.243.5.2 is alive
sibyls2::*> ping -node sibyls2-04 -destination 131.243.78.1 -vserver als-enable-ds1 -wait-response 2000 -count 3 131.243.78.1 is alive
sibyls2::*> ping -node sibyls2-04 -destination 131.243.5.1 -vserver als-enable-ds1 -wait-response 2000 -count 3 131.243.5.1 is alive
sibyls2::*> ping -node sibyls2-04 -destination 131.243.5.2 -vserver als-enable-ds1 -wait-response 2000 -count 3 131.243.5.2 is alive
sibyls2::*> traceroute -node sibyls2-03 -vserver als-enable-ds1 -destination 131.243.78.1 traceroute to 131.243.78.1 (131.243.78.1), 64 hops max, 40 byte packets 1 vlan3078.irals.lbl.gov (131.243.78.1) 0.521 ms * 0.484 ms
sibyls2::*> traceroute -node sibyls2-03 -vserver als-enable-ds1 -destination 131.243.5.1 traceroute to 131.243.5.1 (131.243.5.1), 64 hops max, 40 byte packets 1 vlan3078.irals.lbl.gov (131.243.78.1) 0.478 ms 0.369 ms 0.376 ms 2 xe-2-2-1.er1-n1.lbl.gov (131.243.244.140) 0.411 ms 0.391 ms 0.330 ms 3 t5-4.ir1-n1.lbl.gov (131.243.244.131) 0.796 ms 1.365 ms 0.524 ms 4 ns.lbl.gov (131.243.5.1) 0.402 ms 0.765 ms 0.936 ms
sibyls2::*> traceroute -node sibyls2-03 -vserver als-enable-ds1 -destination 131.243.5.2 traceroute to 131.243.5.2 (131.243.5.2), 64 hops max, 40 byte packets 1 vlan3078.irals.lbl.gov (131.243.78.1) 0.446 ms 0.409 ms 0.375 ms 2 nsals.lbl.gov (131.243.5.2) 0.649 ms 1.047 ms 1.080 ms
sibyls2::*> traceroute -node sibyls2-04 -vserver als-enable-ds1 -destination 131.243.78.1 traceroute to 131.243.78.1 (131.243.78.1), 64 hops max, 40 byte packets 1 vlan3078.irals.lbl.gov (131.243.78.1) 0.443 ms * 0.502 ms
sibyls2::*> traceroute -node sibyls2-04 -vserver als-enable-ds1 -destination 131.243.5.1 traceroute to 131.243.5.1 (131.243.5.1), 64 hops max, 40 byte packets 1 vlan3078.irals.lbl.gov (131.243.78.1) 0.515 ms 0.402 ms 0.388 ms 2 xe-2-2-1.er1-n1.lbl.gov (131.243.244.140) 0.513 ms 0.344 ms 0.326 ms 3 t5-4.ir3-n2.lbl.gov (131.243.244.129) 1.737 ms 1.618 ms t5-4.ir4-n3.lbl.gov (131.243.244.133) 0.582 ms 4 ns.lbl.gov (131.243.5.1) 0.898 ms 1.213 ms 0.517 ms
sibyls2::*> traceroute -node sibyls2-04 -vserver als-enable-ds1 -destination 131.243.5.2 traceroute to 131.243.5.2 (131.243.5.2), 64 hops max, 40 byte packets 1 vlan3078.irals.lbl.gov (131.243.78.1) 2.075 ms 1.451 ms 0.403 ms 2 nsals.lbl.gov (131.243.5.2) 1.198 ms 0.410 ms 0.911 ms _______________________________________________ Toasters mailing list Toasters@teaparty.net http://www.teaparty.net/mailman/listinfo/toasters
sibyls2::*> dns modify -vserver als-enable-ds1 -domains als.lbl.gov,lbl.gov -name-servers 131.243.5.2 -timeout 10
Error: "10" is an invalid value for field "-timeout <1..5>"
sibyls2::*> dns modify -vserver als-enable-ds1 -domains bl1231.als.lbl.gov,als.lbl.gov,lbl.gov -name-servers 131.243.5.2 -timeout 5
Error: Failed to verify the specified DNS configuration. 131.243.5.2: Operation timed out. command failed: Verify that the network configuration is correct and that DNS servers are available. Specify "-skip-config-validation" to skip the configuration validation.
sibyls2::*> dns modify -vserver als-enable-ds1 -domains bl1231.als.lbl.gov,als.lbl.gov,lbl.gov -name-servers 131.243.5.2 -timeout 5 -skip-config-validation
sibyls2::*> dns check -vserver als-enable-ds1 Name Server Vserver Name Server Status Status Details ------------- --------------- ------------ -------------------------- als-enable-ds1 down Operation timed out. 131.243.5.2
sibyls2::*> vserver services name-service getxxbyyy gethostbyname -node sibyls2-03 -vserver als-enable-ds1 -hostname nsals.lbl.gov Host name: nsals.lbl.gov Canonical name: nsals.lbl.gov IPv4: 131.243.5.2
Seems odd that a gethostbyname of the name server (nsals.lbl.gov) works but dns check doesn’t
S
On Apr 25, 2019, at 12:39 PM, Parisi, Justin Justin.Parisi@netapp.com wrote:
So, ping and traceroute won't really check what you need to check for DNS connectivity; that's access to the IP over port 53.
DNS check will test round trip time to the DNS server by doing a simple DNS lookup of example.domain.com and reports the time it took for that request.
"Operation timed out" means either that the DNS query couldn't be made or it took longer than the DNS timeout you have set. Try increasing the timeout from 2 seconds to 10 seconds and retry the check. A packet trace will also be useful to see why/how the requests are failing.
-----Original Message----- From: toasters-bounces@teaparty.net toasters-bounces@teaparty.net On Behalf Of Scott Classen Sent: Thursday, April 25, 2019 2:48 PM To: toasters@teaparty.net Subject: DNS woes
NetApp Security WARNING: This is an external email. Do not click links or open attachments unless you recognize the sender and know the content is safe.
Hello,
Can anyone help me with this before I open a case with NetApp?
dns check on one of my sververs fails (see below where I get an “Operation timed out” error), but I can ping and traceroute from the vserver to the gateway and the DNS servers.
sibyls2::*> dns show -vserver als-enable-ds1
Vserver: als-enable-ds1 Domains: als.lbl.gov, lbl.gov Name Servers: 131.243.5.1, 131.243.5.2 Timeout (secs): 2 Maximum Attempts: 1 Is TLD Query Enabled?: true Require Source and Reply IPs to Match: true Require Packet Queries to Match: true
sibyls2::*> dns check -vserver als-enable-ds1 Name Server Vserver Name Server Status Status Details
als-enable-ds1 down Operation timed out. 131.243.5.1 als-enable-ds1 down Operation timed out. 131.243.5.2 2 entries were displayed.
sibyls2::*> ping -node sibyls2-03 -destination 131.243.78.1 -vserver als-enable-ds1 -wait-response 2000 -count 3 131.243.78.1 is alive
sibyls2::*> ping -node sibyls2-03 -destination 131.243.5.1 -vserver als-enable-ds1 -wait-response 2000 -count 3 131.243.5.1 is alive
sibyls2::*> ping -node sibyls2-03 -destination 131.243.5.2 -vserver als-enable-ds1 -wait-response 2000 -count 3 131.243.5.2 is alive
sibyls2::*> ping -node sibyls2-04 -destination 131.243.78.1 -vserver als-enable-ds1 -wait-response 2000 -count 3 131.243.78.1 is alive
sibyls2::*> ping -node sibyls2-04 -destination 131.243.5.1 -vserver als-enable-ds1 -wait-response 2000 -count 3 131.243.5.1 is alive
sibyls2::*> ping -node sibyls2-04 -destination 131.243.5.2 -vserver als-enable-ds1 -wait-response 2000 -count 3 131.243.5.2 is alive
sibyls2::*> traceroute -node sibyls2-03 -vserver als-enable-ds1 -destination 131.243.78.1 traceroute to 131.243.78.1 (131.243.78.1), 64 hops max, 40 byte packets 1 vlan3078.irals.lbl.gov (131.243.78.1) 0.521 ms * 0.484 ms
sibyls2::*> traceroute -node sibyls2-03 -vserver als-enable-ds1 -destination 131.243.5.1 traceroute to 131.243.5.1 (131.243.5.1), 64 hops max, 40 byte packets 1 vlan3078.irals.lbl.gov (131.243.78.1) 0.478 ms 0.369 ms 0.376 ms 2 xe-2-2-1.er1-n1.lbl.gov (131.243.244.140) 0.411 ms 0.391 ms 0.330 ms 3 t5-4.ir1-n1.lbl.gov (131.243.244.131) 0.796 ms 1.365 ms 0.524 ms 4 ns.lbl.gov (131.243.5.1) 0.402 ms 0.765 ms 0.936 ms
sibyls2::*> traceroute -node sibyls2-03 -vserver als-enable-ds1 -destination 131.243.5.2 traceroute to 131.243.5.2 (131.243.5.2), 64 hops max, 40 byte packets 1 vlan3078.irals.lbl.gov (131.243.78.1) 0.446 ms 0.409 ms 0.375 ms 2 nsals.lbl.gov (131.243.5.2) 0.649 ms 1.047 ms 1.080 ms
sibyls2::*> traceroute -node sibyls2-04 -vserver als-enable-ds1 -destination 131.243.78.1 traceroute to 131.243.78.1 (131.243.78.1), 64 hops max, 40 byte packets 1 vlan3078.irals.lbl.gov (131.243.78.1) 0.443 ms * 0.502 ms
sibyls2::*> traceroute -node sibyls2-04 -vserver als-enable-ds1 -destination 131.243.5.1 traceroute to 131.243.5.1 (131.243.5.1), 64 hops max, 40 byte packets 1 vlan3078.irals.lbl.gov (131.243.78.1) 0.515 ms 0.402 ms 0.388 ms 2 xe-2-2-1.er1-n1.lbl.gov (131.243.244.140) 0.513 ms 0.344 ms 0.326 ms 3 t5-4.ir3-n2.lbl.gov (131.243.244.129) 1.737 ms 1.618 ms t5-4.ir4-n3.lbl.gov (131.243.244.133) 0.582 ms 4 ns.lbl.gov (131.243.5.1) 0.898 ms 1.213 ms 0.517 ms
sibyls2::*> traceroute -node sibyls2-04 -vserver als-enable-ds1 -destination 131.243.5.2 traceroute to 131.243.5.2 (131.243.5.2), 64 hops max, 40 byte packets 1 vlan3078.irals.lbl.gov (131.243.78.1) 2.075 ms 1.451 ms 0.403 ms 2 nsals.lbl.gov (131.243.5.2) 1.198 ms 0.410 ms 0.911 ms _______________________________________________ Toasters mailing list Toasters@teaparty.net http://www.teaparty.net/mailman/listinfo/toasters
I wonder if your DNS server rejects queries like the one we use for DNS check...
A packet trace can verify that.
________________________________ From: Scott Classen sclassen@lbl.gov Sent: Thursday, April 25, 2019 3:48:29 PM To: Parisi, Justin Cc: toasters@teaparty.net Subject: Re: DNS woes
NetApp Security WARNING: This is an external email. Do not click links or open attachments unless you recognize the sender and know the content is safe.
sibyls2::*> dns modify -vserver als-enable-ds1 -domains als.lbl.gov,lbl.gov -name-servers 131.243.5.2 -timeout 10
Error: "10" is an invalid value for field "-timeout <1..5>"
sibyls2::*> dns modify -vserver als-enable-ds1 -domains bl1231.als.lbl.gov,als.lbl.gov,lbl.gov -name-servers 131.243.5.2 -timeout 5
Error: Failed to verify the specified DNS configuration. 131.243.5.2: Operation timed out. command failed: Verify that the network configuration is correct and that DNS servers are available. Specify "-skip-config-validation" to skip the configuration validation.
sibyls2::*> dns modify -vserver als-enable-ds1 -domains bl1231.als.lbl.gov,als.lbl.gov,lbl.gov -name-servers 131.243.5.2 -timeout 5 -skip-config-validation
sibyls2::*> dns check -vserver als-enable-ds1 Name Server Vserver Name Server Status Status Details ------------- --------------- ------------ -------------------------- als-enable-ds1 down Operation timed out. 131.243.5.2
sibyls2::*> vserver services name-service getxxbyyy gethostbyname -node sibyls2-03 -vserver als-enable-ds1 -hostname nsals.lbl.gov Host name: nsals.lbl.gov Canonical name: nsals.lbl.gov IPv4: 131.243.5.2
Seems odd that a gethostbyname of the name server (nsals.lbl.gov) works but dns check doesn’t
S
On Apr 25, 2019, at 12:39 PM, Parisi, Justin Justin.Parisi@netapp.com wrote:
So, ping and traceroute won't really check what you need to check for DNS connectivity; that's access to the IP over port 53.
DNS check will test round trip time to the DNS server by doing a simple DNS lookup of example.domain.com and reports the time it took for that request.
"Operation timed out" means either that the DNS query couldn't be made or it took longer than the DNS timeout you have set. Try increasing the timeout from 2 seconds to 10 seconds and retry the check. A packet trace will also be useful to see why/how the requests are failing.
-----Original Message----- From: toasters-bounces@teaparty.net toasters-bounces@teaparty.net On Behalf Of Scott Classen Sent: Thursday, April 25, 2019 2:48 PM To: toasters@teaparty.net Subject: DNS woes
NetApp Security WARNING: This is an external email. Do not click links or open attachments unless you recognize the sender and know the content is safe.
Hello,
Can anyone help me with this before I open a case with NetApp?
dns check on one of my sververs fails (see below where I get an “Operation timed out” error), but I can ping and traceroute from the vserver to the gateway and the DNS servers.
sibyls2::*> dns show -vserver als-enable-ds1
Vserver: als-enable-ds1 Domains: als.lbl.gov, lbl.gov Name Servers: 131.243.5.1, 131.243.5.2 Timeout (secs): 2 Maximum Attempts: 1 Is TLD Query Enabled?: true Require Source and Reply IPs to Match: true Require Packet Queries to Match: true
sibyls2::*> dns check -vserver als-enable-ds1 Name Server Vserver Name Server Status Status Details
als-enable-ds1 down Operation timed out. 131.243.5.1 als-enable-ds1 down Operation timed out. 131.243.5.2 2 entries were displayed.
sibyls2::*> ping -node sibyls2-03 -destination 131.243.78.1 -vserver als-enable-ds1 -wait-response 2000 -count 3 131.243.78.1 is alive
sibyls2::*> ping -node sibyls2-03 -destination 131.243.5.1 -vserver als-enable-ds1 -wait-response 2000 -count 3 131.243.5.1 is alive
sibyls2::*> ping -node sibyls2-03 -destination 131.243.5.2 -vserver als-enable-ds1 -wait-response 2000 -count 3 131.243.5.2 is alive
sibyls2::*> ping -node sibyls2-04 -destination 131.243.78.1 -vserver als-enable-ds1 -wait-response 2000 -count 3 131.243.78.1 is alive
sibyls2::*> ping -node sibyls2-04 -destination 131.243.5.1 -vserver als-enable-ds1 -wait-response 2000 -count 3 131.243.5.1 is alive
sibyls2::*> ping -node sibyls2-04 -destination 131.243.5.2 -vserver als-enable-ds1 -wait-response 2000 -count 3 131.243.5.2 is alive
sibyls2::*> traceroute -node sibyls2-03 -vserver als-enable-ds1 -destination 131.243.78.1 traceroute to 131.243.78.1 (131.243.78.1), 64 hops max, 40 byte packets 1 vlan3078.irals.lbl.gov (131.243.78.1) 0.521 ms * 0.484 ms
sibyls2::*> traceroute -node sibyls2-03 -vserver als-enable-ds1 -destination 131.243.5.1 traceroute to 131.243.5.1 (131.243.5.1), 64 hops max, 40 byte packets 1 vlan3078.irals.lbl.gov (131.243.78.1) 0.478 ms 0.369 ms 0.376 ms 2 xe-2-2-1.er1-n1.lbl.gov (131.243.244.140) 0.411 ms 0.391 ms 0.330 ms 3 t5-4.ir1-n1.lbl.gov (131.243.244.131) 0.796 ms 1.365 ms 0.524 ms 4 ns.lbl.gov (131.243.5.1) 0.402 ms 0.765 ms 0.936 ms
sibyls2::*> traceroute -node sibyls2-03 -vserver als-enable-ds1 -destination 131.243.5.2 traceroute to 131.243.5.2 (131.243.5.2), 64 hops max, 40 byte packets 1 vlan3078.irals.lbl.gov (131.243.78.1) 0.446 ms 0.409 ms 0.375 ms 2 nsals.lbl.gov (131.243.5.2) 0.649 ms 1.047 ms 1.080 ms
sibyls2::*> traceroute -node sibyls2-04 -vserver als-enable-ds1 -destination 131.243.78.1 traceroute to 131.243.78.1 (131.243.78.1), 64 hops max, 40 byte packets 1 vlan3078.irals.lbl.gov (131.243.78.1) 0.443 ms * 0.502 ms
sibyls2::*> traceroute -node sibyls2-04 -vserver als-enable-ds1 -destination 131.243.5.1 traceroute to 131.243.5.1 (131.243.5.1), 64 hops max, 40 byte packets 1 vlan3078.irals.lbl.gov (131.243.78.1) 0.515 ms 0.402 ms 0.388 ms 2 xe-2-2-1.er1-n1.lbl.gov (131.243.244.140) 0.513 ms 0.344 ms 0.326 ms 3 t5-4.ir3-n2.lbl.gov (131.243.244.129) 1.737 ms 1.618 ms t5-4.ir4-n3.lbl.gov (131.243.244.133) 0.582 ms 4 ns.lbl.gov (131.243.5.1) 0.898 ms 1.213 ms 0.517 ms
sibyls2::*> traceroute -node sibyls2-04 -vserver als-enable-ds1 -destination 131.243.5.2 traceroute to 131.243.5.2 (131.243.5.2), 64 hops max, 40 byte packets 1 vlan3078.irals.lbl.gov (131.243.78.1) 2.075 ms 1.451 ms 0.403 ms 2 nsals.lbl.gov (131.243.5.2) 1.198 ms 0.410 ms 0.911 ms _______________________________________________ Toasters mailing list Toasters@teaparty.net http://www.teaparty.net/mailman/listinfo/toasters
So, not going to explain how to here.... But if you know how, unlock the diag user and set a password. Open a systemshell to a node try: telnet 131.243.5.1 53
My example: (fails)
home-01% telnet 192.168.1.208 53 Trying 192.168.1.208... telnet: connect to address 192.168.1.208: Connection refused telnet: Unable to connect to remote host
(works)
home-01% telnet 192.168.1.159 53
Trying 192.168.1.159...
Connected to homeauto.ddns.net.
^CConnection closed by foreign host.
(fails) home-01% telnet 192.168.1.155 53 Trying 192.168.1.155... telnet: connect to address 192.168.1.155: Connection refused telnet: Unable to connect to remote host home-01% exit
The failures are what happens when the port is either blocked or not communicating on port 53 (dns)
--tmac
*Tim McCarthy, **Principal Consultant*
*Proud Member of the #NetAppATeam https://twitter.com/NetAppATeam*
*I Blog at TMACsRack https://tmacsrack.wordpress.com/*
On Thu, Apr 25, 2019 at 3:53 PM Scott Classen sclassen@lbl.gov wrote:
sibyls2::*> dns modify -vserver als-enable-ds1 -domains als.lbl.gov, lbl.gov -name-servers 131.243.5.2 -timeout 10
Error: "10" is an invalid value for field "-timeout <1..5>"
sibyls2::*> dns modify -vserver als-enable-ds1 -domains bl1231.als.lbl.gov ,als.lbl.gov,lbl.gov -name-servers 131.243.5.2 -timeout 5
Error: Failed to verify the specified DNS configuration. 131.243.5.2: Operation timed out. command failed: Verify that the network configuration is correct and that DNS servers are available. Specify "-skip-config-validation" to skip the configuration validation.
sibyls2::*> dns modify -vserver als-enable-ds1 -domains bl1231.als.lbl.gov ,als.lbl.gov,lbl.gov -name-servers 131.243.5.2 -timeout 5 -skip-config-validation
sibyls2::*> dns check -vserver als-enable-ds1
Name Server
Vserver Name Server Status Status Details
als-enable-ds1 down Operation timed out. 131.243.5.2
sibyls2::*> vserver services name-service getxxbyyy gethostbyname -node sibyls2-03 -vserver als-enable-ds1 -hostname nsals.lbl.gov
Host name: nsals.lbl.gov Canonical name: nsals.lbl.gov IPv4: 131.243.5.2
Seems odd that a gethostbyname of the name server (nsals.lbl.gov) works but dns check doesn’t
S
On Apr 25, 2019, at 12:39 PM, Parisi, Justin Justin.Parisi@netapp.com
wrote:
So, ping and traceroute won't really check what you need to check for
DNS connectivity; that's access to the IP over port 53.
DNS check will test round trip time to the DNS server by doing a simple
DNS lookup of example.domain.com and reports the time it took for that request.
"Operation timed out" means either that the DNS query couldn't be made
or it took longer than the DNS timeout you have set. Try increasing the timeout from 2 seconds to 10 seconds and retry the check. A packet trace will also be useful to see why/how the requests are failing.
-----Original Message----- From: toasters-bounces@teaparty.net toasters-bounces@teaparty.net On
Behalf Of Scott Classen
Sent: Thursday, April 25, 2019 2:48 PM To: toasters@teaparty.net Subject: DNS woes
NetApp Security WARNING: This is an external email. Do not click links
or open attachments unless you recognize the sender and know the content is safe.
Hello,
Can anyone help me with this before I open a case with NetApp?
dns check on one of my sververs fails (see below where I get an
“Operation timed out” error), but I can ping and traceroute from the vserver to the gateway and the DNS servers.
sibyls2::*> dns show -vserver als-enable-ds1
Vserver: als-enable-ds1 Domains: als.lbl.gov, lbl.gov Name Servers: 131.243.5.1, 131.243.5.2 Timeout (secs): 2 Maximum Attempts: 1 Is TLD Query Enabled?: true Require Source and Reply IPs
to Match: true
Require Packet Queries to Match: true
sibyls2::*> dns check -vserver als-enable-ds1 Name Server Vserver Name Server Status Status Details
als-enable-ds1 down Operation timed out. 131.243.5.1 als-enable-ds1 down Operation timed out. 131.243.5.2 2 entries were displayed.
sibyls2::*> ping -node sibyls2-03 -destination 131.243.78.1 -vserver
als-enable-ds1 -wait-response 2000 -count 3
131.243.78.1 is alive
sibyls2::*> ping -node sibyls2-03 -destination 131.243.5.1 -vserver
als-enable-ds1 -wait-response 2000 -count 3
131.243.5.1 is alive
sibyls2::*> ping -node sibyls2-03 -destination 131.243.5.2 -vserver
als-enable-ds1 -wait-response 2000 -count 3
131.243.5.2 is alive
sibyls2::*> ping -node sibyls2-04 -destination 131.243.78.1 -vserver
als-enable-ds1 -wait-response 2000 -count 3
131.243.78.1 is alive
sibyls2::*> ping -node sibyls2-04 -destination 131.243.5.1 -vserver
als-enable-ds1 -wait-response 2000 -count 3
131.243.5.1 is alive
sibyls2::*> ping -node sibyls2-04 -destination 131.243.5.2 -vserver
als-enable-ds1 -wait-response 2000 -count 3
131.243.5.2 is alive
sibyls2::*> traceroute -node sibyls2-03 -vserver als-enable-ds1
-destination 131.243.78.1 traceroute to 131.243.78.1 (131.243.78.1), 64 hops max, 40 byte packets
1 vlan3078.irals.lbl.gov (131.243.78.1) 0.521 ms * 0.484 ms
sibyls2::*> traceroute -node sibyls2-03 -vserver als-enable-ds1
-destination 131.243.5.1 traceroute to 131.243.5.1 (131.243.5.1), 64 hops max, 40 byte packets
1 vlan3078.irals.lbl.gov (131.243.78.1) 0.478 ms 0.369 ms 0.376 ms 2 xe-2-2-1.er1-n1.lbl.gov (131.243.244.140) 0.411 ms 0.391 ms 0.330
ms
3 t5-4.ir1-n1.lbl.gov (131.243.244.131) 0.796 ms 1.365 ms 0.524 ms 4 ns.lbl.gov (131.243.5.1) 0.402 ms 0.765 ms 0.936 ms
sibyls2::*> traceroute -node sibyls2-03 -vserver als-enable-ds1
-destination 131.243.5.2 traceroute to 131.243.5.2 (131.243.5.2), 64 hops max, 40 byte packets
1 vlan3078.irals.lbl.gov (131.243.78.1) 0.446 ms 0.409 ms 0.375 ms 2 nsals.lbl.gov (131.243.5.2) 0.649 ms 1.047 ms 1.080 ms
sibyls2::*> traceroute -node sibyls2-04 -vserver als-enable-ds1
-destination 131.243.78.1 traceroute to 131.243.78.1 (131.243.78.1), 64 hops max, 40 byte packets
1 vlan3078.irals.lbl.gov (131.243.78.1) 0.443 ms * 0.502 ms
sibyls2::*> traceroute -node sibyls2-04 -vserver als-enable-ds1
-destination 131.243.5.1 traceroute to 131.243.5.1 (131.243.5.1), 64 hops max, 40 byte packets
1 vlan3078.irals.lbl.gov (131.243.78.1) 0.515 ms 0.402 ms 0.388 ms 2 xe-2-2-1.er1-n1.lbl.gov (131.243.244.140) 0.513 ms 0.344 ms 0.326
ms
3 t5-4.ir3-n2.lbl.gov (131.243.244.129) 1.737 ms 1.618 ms t5-4.ir4-n3.lbl.gov (131.243.244.133) 0.582 ms 4 ns.lbl.gov (131.243.5.1) 0.898 ms 1.213 ms 0.517 ms
sibyls2::*> traceroute -node sibyls2-04 -vserver als-enable-ds1
-destination 131.243.5.2 traceroute to 131.243.5.2 (131.243.5.2), 64 hops max, 40 byte packets
1 vlan3078.irals.lbl.gov (131.243.78.1) 2.075 ms 1.451 ms 0.403 ms 2 nsals.lbl.gov (131.243.5.2) 1.198 ms 0.410 ms 0.911 ms
Toasters mailing list Toasters@teaparty.net http://www.teaparty.net/mailman/listinfo/toasters
Toasters mailing list Toasters@teaparty.net http://www.teaparty.net/mailman/listinfo/toasters
Well he's able to do hostname lookups, which means port 53 seems to be working...
________________________________ From: tmac tmacmd@gmail.com Sent: Thursday, April 25, 2019 4:09:24 PM To: NGC-sclassen-lbl.gov Cc: Parisi, Justin; toasters@teaparty.net Subject: Re: DNS woes
So, not going to explain how to here.... But if you know how, unlock the diag user and set a password. Open a systemshell to a node try: telnet 131.243.5.1 53
My example: (fails) home-01% telnet 192.168.1.208 53 Trying 192.168.1.208... telnet: connect to address 192.168.1.208http://192.168.1.208: Connection refused telnet: Unable to connect to remote host (works) home-01% telnet 192.168.1.159 53 Trying 192.168.1.159... Connected to homeauto.ddns.nethttp://homeauto.ddns.net. ^CConnection closed by foreign host. (fails) home-01% telnet 192.168.1.155 53 Trying 192.168.1.155... telnet: connect to address 192.168.1.155http://192.168.1.155: Connection refused telnet: Unable to connect to remote host home-01% exit
The failures are what happens when the port is either blocked or not communicating on port 53 (dns)
--tmac
Tim McCarthy, Principal Consultant
Proud Member of the #NetAppATeamhttps://twitter.com/NetAppATeam
I Blog at TMACsRackhttps://tmacsrack.wordpress.com/
On Thu, Apr 25, 2019 at 3:53 PM Scott Classen <sclassen@lbl.govmailto:sclassen@lbl.gov> wrote: sibyls2::*> dns modify -vserver als-enable-ds1 -domains als.lbl.govhttp://als.lbl.gov,lbl.govhttp://lbl.gov -name-servers 131.243.5.2 -timeout 10
Error: "10" is an invalid value for field "-timeout <1..5>"
sibyls2::*> dns modify -vserver als-enable-ds1 -domains bl1231.als.lbl.govhttp://bl1231.als.lbl.gov,als.lbl.govhttp://als.lbl.gov,lbl.govhttp://lbl.gov -name-servers 131.243.5.2 -timeout 5
Error: Failed to verify the specified DNS configuration. 131.243.5.2http://131.243.5.2: Operation timed out. command failed: Verify that the network configuration is correct and that DNS servers are available. Specify "-skip-config-validation" to skip the configuration validation.
sibyls2::*> dns modify -vserver als-enable-ds1 -domains bl1231.als.lbl.govhttp://bl1231.als.lbl.gov,als.lbl.govhttp://als.lbl.gov,lbl.govhttp://lbl.gov -name-servers 131.243.5.2 -timeout 5 -skip-config-validation
sibyls2::*> dns check -vserver als-enable-ds1 Name Server Vserver Name Server Status Status Details ------------- --------------- ------------ -------------------------- als-enable-ds1 down Operation timed out. 131.243.5.2
sibyls2::*> vserver services name-service getxxbyyy gethostbyname -node sibyls2-03 -vserver als-enable-ds1 -hostname nsals.lbl.govhttp://nsals.lbl.gov Host name: nsals.lbl.govhttp://nsals.lbl.gov Canonical name: nsals.lbl.govhttp://nsals.lbl.gov IPv4: 131.243.5.2
Seems odd that a gethostbyname of the name server (nsals.lbl.govhttp://nsals.lbl.gov) works but dns check doesn’t
S
On Apr 25, 2019, at 12:39 PM, Parisi, Justin <Justin.Parisi@netapp.commailto:Justin.Parisi@netapp.com> wrote:
So, ping and traceroute won't really check what you need to check for DNS connectivity; that's access to the IP over port 53.
DNS check will test round trip time to the DNS server by doing a simple DNS lookup of example.domain.comhttp://example.domain.com and reports the time it took for that request.
"Operation timed out" means either that the DNS query couldn't be made or it took longer than the DNS timeout you have set. Try increasing the timeout from 2 seconds to 10 seconds and retry the check. A packet trace will also be useful to see why/how the requests are failing.
-----Original Message----- From: toasters-bounces@teaparty.netmailto:toasters-bounces@teaparty.net <toasters-bounces@teaparty.netmailto:toasters-bounces@teaparty.net> On Behalf Of Scott Classen Sent: Thursday, April 25, 2019 2:48 PM To: toasters@teaparty.netmailto:toasters@teaparty.net Subject: DNS woes
NetApp Security WARNING: This is an external email. Do not click links or open attachments unless you recognize the sender and know the content is safe.
Hello,
Can anyone help me with this before I open a case with NetApp?
dns check on one of my sververs fails (see below where I get an “Operation timed out” error), but I can ping and traceroute from the vserver to the gateway and the DNS servers.
sibyls2::*> dns show -vserver als-enable-ds1
Vserver: als-enable-ds1 Domains: als.lbl.gov<http://als.lbl.gov>, lbl.gov<http://lbl.gov> Name Servers: 131.243.5.1, 131.243.5.2 Timeout (secs): 2 Maximum Attempts: 1 Is TLD Query Enabled?: true Require Source and Reply IPs to Match: true Require Packet Queries to Match: true
sibyls2::*> dns check -vserver als-enable-ds1 Name Server Vserver Name Server Status Status Details
als-enable-ds1 down Operation timed out. 131.243.5.1 als-enable-ds1 down Operation timed out. 131.243.5.2 2 entries were displayed.
sibyls2::*> ping -node sibyls2-03 -destination 131.243.78.1 -vserver als-enable-ds1 -wait-response 2000 -count 3 131.243.78.1 is alive
sibyls2::*> ping -node sibyls2-03 -destination 131.243.5.1 -vserver als-enable-ds1 -wait-response 2000 -count 3 131.243.5.1 is alive
sibyls2::*> ping -node sibyls2-03 -destination 131.243.5.2 -vserver als-enable-ds1 -wait-response 2000 -count 3 131.243.5.2 is alive
sibyls2::*> ping -node sibyls2-04 -destination 131.243.78.1 -vserver als-enable-ds1 -wait-response 2000 -count 3 131.243.78.1 is alive
sibyls2::*> ping -node sibyls2-04 -destination 131.243.5.1 -vserver als-enable-ds1 -wait-response 2000 -count 3 131.243.5.1 is alive
sibyls2::*> ping -node sibyls2-04 -destination 131.243.5.2 -vserver als-enable-ds1 -wait-response 2000 -count 3 131.243.5.2 is alive
sibyls2::*> traceroute -node sibyls2-03 -vserver als-enable-ds1 -destination 131.243.78.1 traceroute to 131.243.78.1 (131.243.78.1), 64 hops max, 40 byte packets 1 vlan3078.irals.lbl.govhttp://vlan3078.irals.lbl.gov (131.243.78.1) 0.521 ms * 0.484 ms
sibyls2::*> traceroute -node sibyls2-03 -vserver als-enable-ds1 -destination 131.243.5.1 traceroute to 131.243.5.1 (131.243.5.1), 64 hops max, 40 byte packets 1 vlan3078.irals.lbl.govhttp://vlan3078.irals.lbl.gov (131.243.78.1) 0.478 ms 0.369 ms 0.376 ms 2 xe-2-2-1.er1-n1.lbl.govhttp://xe-2-2-1.er1-n1.lbl.gov (131.243.244.140) 0.411 ms 0.391 ms 0.330 ms 3 t5-4.ir1-n1.lbl.govhttp://t5-4.ir1-n1.lbl.gov (131.243.244.131) 0.796 ms 1.365 ms 0.524 ms 4 ns.lbl.govhttp://ns.lbl.gov (131.243.5.1) 0.402 ms 0.765 ms 0.936 ms
sibyls2::*> traceroute -node sibyls2-03 -vserver als-enable-ds1 -destination 131.243.5.2 traceroute to 131.243.5.2 (131.243.5.2), 64 hops max, 40 byte packets 1 vlan3078.irals.lbl.govhttp://vlan3078.irals.lbl.gov (131.243.78.1) 0.446 ms 0.409 ms 0.375 ms 2 nsals.lbl.govhttp://nsals.lbl.gov (131.243.5.2) 0.649 ms 1.047 ms 1.080 ms
sibyls2::*> traceroute -node sibyls2-04 -vserver als-enable-ds1 -destination 131.243.78.1 traceroute to 131.243.78.1 (131.243.78.1), 64 hops max, 40 byte packets 1 vlan3078.irals.lbl.govhttp://vlan3078.irals.lbl.gov (131.243.78.1) 0.443 ms * 0.502 ms
sibyls2::*> traceroute -node sibyls2-04 -vserver als-enable-ds1 -destination 131.243.5.1 traceroute to 131.243.5.1 (131.243.5.1), 64 hops max, 40 byte packets 1 vlan3078.irals.lbl.govhttp://vlan3078.irals.lbl.gov (131.243.78.1) 0.515 ms 0.402 ms 0.388 ms 2 xe-2-2-1.er1-n1.lbl.govhttp://xe-2-2-1.er1-n1.lbl.gov (131.243.244.140) 0.513 ms 0.344 ms 0.326 ms 3 t5-4.ir3-n2.lbl.govhttp://t5-4.ir3-n2.lbl.gov (131.243.244.129) 1.737 ms 1.618 ms t5-4.ir4-n3.lbl.govhttp://t5-4.ir4-n3.lbl.gov (131.243.244.133) 0.582 ms 4 ns.lbl.govhttp://ns.lbl.gov (131.243.5.1) 0.898 ms 1.213 ms 0.517 ms
sibyls2::*> traceroute -node sibyls2-04 -vserver als-enable-ds1 -destination 131.243.5.2 traceroute to 131.243.5.2 (131.243.5.2), 64 hops max, 40 byte packets 1 vlan3078.irals.lbl.govhttp://vlan3078.irals.lbl.gov (131.243.78.1) 2.075 ms 1.451 ms 0.403 ms 2 nsals.lbl.govhttp://nsals.lbl.gov (131.243.5.2) 1.198 ms 0.410 ms 0.911 ms _______________________________________________ Toasters mailing list Toasters@teaparty.netmailto:Toasters@teaparty.net http://www.teaparty.net/mailman/listinfo/toasters
_______________________________________________ Toasters mailing list Toasters@teaparty.netmailto:Toasters@teaparty.net http://www.teaparty.net/mailman/listinfo/toasters
I can telnet to the dns servers on port 53 from other hosts on the 131.243.78 subnet so I don’t think that’s the problem.
I will attempt to do a packet trace as per Justin’s suggestion and get back to the list.
Thanks, Scott
On Apr 25, 2019, at 1:09 PM, tmac tmacmd@gmail.com wrote:
So, not going to explain how to here.... But if you know how, unlock the diag user and set a password. Open a systemshell to a node try: telnet 131.243.5.1 53
My example: (fails) home-01% telnet 192.168.1.208 53 Trying 192.168.1.208... telnet: connect to address 192.168.1.208 http://192.168.1.208/: Connection refused telnet: Unable to connect to remote host (works) home-01% telnet 192.168.1.159 53 Trying 192.168.1.159... Connected to homeauto.ddns.net http://homeauto.ddns.net/. ^CConnection closed by foreign host. (fails) home-01% telnet 192.168.1.155 53 Trying 192.168.1.155... telnet: connect to address 192.168.1.155 http://192.168.1.155/: Connection refused telnet: Unable to connect to remote host home-01% exit
The failures are what happens when the port is either blocked or not communicating on port 53 (dns)
--tmac
Tim McCarthy, Principal Consultant Proud Member of the #NetAppATeam https://twitter.com/NetAppATeam I Blog at TMACsRack https://tmacsrack.wordpress.com/
On Thu, Apr 25, 2019 at 3:53 PM Scott Classen <sclassen@lbl.gov mailto:sclassen@lbl.gov> wrote: sibyls2::*> dns modify -vserver als-enable-ds1 -domains als.lbl.gov http://als.lbl.gov/,lbl.gov http://lbl.gov/ -name-servers 131.243.5.2 -timeout 10
Error: "10" is an invalid value for field "-timeout <1..5>"
sibyls2::*> dns modify -vserver als-enable-ds1 -domains bl1231.als.lbl.gov http://bl1231.als.lbl.gov/,als.lbl.gov http://als.lbl.gov/,lbl.gov http://lbl.gov/ -name-servers 131.243.5.2 -timeout 5
Error: Failed to verify the specified DNS configuration. 131.243.5.2 http://131.243.5.2/: Operation timed out. command failed: Verify that the network configuration is correct and that DNS servers are available. Specify "-skip-config-validation" to skip the configuration validation.
sibyls2::*> dns modify -vserver als-enable-ds1 -domains bl1231.als.lbl.gov http://bl1231.als.lbl.gov/,als.lbl.gov http://als.lbl.gov/,lbl.gov http://lbl.gov/ -name-servers 131.243.5.2 -timeout 5 -skip-config-validation
sibyls2::*> dns check -vserver als-enable-ds1 Name Server Vserver Name Server Status Status Details
als-enable-ds1 down Operation timed out. 131.243.5.2
sibyls2::*> vserver services name-service getxxbyyy gethostbyname -node sibyls2-03 -vserver als-enable-ds1 -hostname nsals.lbl.gov http://nsals.lbl.gov/ Host name: nsals.lbl.gov http://nsals.lbl.gov/ Canonical name: nsals.lbl.gov http://nsals.lbl.gov/ IPv4: 131.243.5.2
Seems odd that a gethostbyname of the name server (nsals.lbl.gov http://nsals.lbl.gov/) works but dns check doesn’t
S
On Apr 25, 2019, at 12:39 PM, Parisi, Justin <Justin.Parisi@netapp.com mailto:Justin.Parisi@netapp.com> wrote:
So, ping and traceroute won't really check what you need to check for DNS connectivity; that's access to the IP over port 53.
DNS check will test round trip time to the DNS server by doing a simple DNS lookup of example.domain.com http://example.domain.com/ and reports the time it took for that request.
"Operation timed out" means either that the DNS query couldn't be made or it took longer than the DNS timeout you have set. Try increasing the timeout from 2 seconds to 10 seconds and retry the check. A packet trace will also be useful to see why/how the requests are failing.
-----Original Message----- From: toasters-bounces@teaparty.net mailto:toasters-bounces@teaparty.net <toasters-bounces@teaparty.net mailto:toasters-bounces@teaparty.net> On Behalf Of Scott Classen Sent: Thursday, April 25, 2019 2:48 PM To: toasters@teaparty.net mailto:toasters@teaparty.net Subject: DNS woes
NetApp Security WARNING: This is an external email. Do not click links or open attachments unless you recognize the sender and know the content is safe.
Hello,
Can anyone help me with this before I open a case with NetApp?
dns check on one of my sververs fails (see below where I get an “Operation timed out” error), but I can ping and traceroute from the vserver to the gateway and the DNS servers.
sibyls2::*> dns show -vserver als-enable-ds1
Vserver: als-enable-ds1 Domains: als.lbl.gov <http://als.lbl.gov/>, lbl.gov <http://lbl.gov/> Name Servers: 131.243.5.1, 131.243.5.2 Timeout (secs): 2 Maximum Attempts: 1 Is TLD Query Enabled?: true Require Source and Reply IPs to Match: true Require Packet Queries to Match: true
sibyls2::*> dns check -vserver als-enable-ds1 Name Server Vserver Name Server Status Status Details
als-enable-ds1 down Operation timed out. 131.243.5.1 als-enable-ds1 down Operation timed out. 131.243.5.2 2 entries were displayed.
sibyls2::*> ping -node sibyls2-03 -destination 131.243.78.1 -vserver als-enable-ds1 -wait-response 2000 -count 3 131.243.78.1 is alive
sibyls2::*> ping -node sibyls2-03 -destination 131.243.5.1 -vserver als-enable-ds1 -wait-response 2000 -count 3 131.243.5.1 is alive
sibyls2::*> ping -node sibyls2-03 -destination 131.243.5.2 -vserver als-enable-ds1 -wait-response 2000 -count 3 131.243.5.2 is alive
sibyls2::*> ping -node sibyls2-04 -destination 131.243.78.1 -vserver als-enable-ds1 -wait-response 2000 -count 3 131.243.78.1 is alive
sibyls2::*> ping -node sibyls2-04 -destination 131.243.5.1 -vserver als-enable-ds1 -wait-response 2000 -count 3 131.243.5.1 is alive
sibyls2::*> ping -node sibyls2-04 -destination 131.243.5.2 -vserver als-enable-ds1 -wait-response 2000 -count 3 131.243.5.2 is alive
sibyls2::*> traceroute -node sibyls2-03 -vserver als-enable-ds1 -destination 131.243.78.1 traceroute to 131.243.78.1 (131.243.78.1), 64 hops max, 40 byte packets 1 vlan3078.irals.lbl.gov http://vlan3078.irals.lbl.gov/ (131.243.78.1) 0.521 ms * 0.484 ms
sibyls2::*> traceroute -node sibyls2-03 -vserver als-enable-ds1 -destination 131.243.5.1 traceroute to 131.243.5.1 (131.243.5.1), 64 hops max, 40 byte packets 1 vlan3078.irals.lbl.gov http://vlan3078.irals.lbl.gov/ (131.243.78.1) 0.478 ms 0.369 ms 0.376 ms 2 xe-2-2-1.er1-n1.lbl.gov http://xe-2-2-1.er1-n1.lbl.gov/ (131.243.244.140) 0.411 ms 0.391 ms 0.330 ms 3 t5-4.ir1-n1.lbl.gov http://t5-4.ir1-n1.lbl.gov/ (131.243.244.131) 0.796 ms 1.365 ms 0.524 ms 4 ns.lbl.gov http://ns.lbl.gov/ (131.243.5.1) 0.402 ms 0.765 ms 0.936 ms
sibyls2::*> traceroute -node sibyls2-03 -vserver als-enable-ds1 -destination 131.243.5.2 traceroute to 131.243.5.2 (131.243.5.2), 64 hops max, 40 byte packets 1 vlan3078.irals.lbl.gov http://vlan3078.irals.lbl.gov/ (131.243.78.1) 0.446 ms 0.409 ms 0.375 ms 2 nsals.lbl.gov http://nsals.lbl.gov/ (131.243.5.2) 0.649 ms 1.047 ms 1.080 ms
sibyls2::*> traceroute -node sibyls2-04 -vserver als-enable-ds1 -destination 131.243.78.1 traceroute to 131.243.78.1 (131.243.78.1), 64 hops max, 40 byte packets 1 vlan3078.irals.lbl.gov http://vlan3078.irals.lbl.gov/ (131.243.78.1) 0.443 ms * 0.502 ms
sibyls2::*> traceroute -node sibyls2-04 -vserver als-enable-ds1 -destination 131.243.5.1 traceroute to 131.243.5.1 (131.243.5.1), 64 hops max, 40 byte packets 1 vlan3078.irals.lbl.gov http://vlan3078.irals.lbl.gov/ (131.243.78.1) 0.515 ms 0.402 ms 0.388 ms 2 xe-2-2-1.er1-n1.lbl.gov http://xe-2-2-1.er1-n1.lbl.gov/ (131.243.244.140) 0.513 ms 0.344 ms 0.326 ms 3 t5-4.ir3-n2.lbl.gov http://t5-4.ir3-n2.lbl.gov/ (131.243.244.129) 1.737 ms 1.618 ms t5-4.ir4-n3.lbl.gov http://t5-4.ir4-n3.lbl.gov/ (131.243.244.133) 0.582 ms 4 ns.lbl.gov http://ns.lbl.gov/ (131.243.5.1) 0.898 ms 1.213 ms 0.517 ms
sibyls2::*> traceroute -node sibyls2-04 -vserver als-enable-ds1 -destination 131.243.5.2 traceroute to 131.243.5.2 (131.243.5.2), 64 hops max, 40 byte packets 1 vlan3078.irals.lbl.gov http://vlan3078.irals.lbl.gov/ (131.243.78.1) 2.075 ms 1.451 ms 0.403 ms 2 nsals.lbl.gov http://nsals.lbl.gov/ (131.243.5.2) 1.198 ms 0.410 ms 0.911 ms _______________________________________________ Toasters mailing list Toasters@teaparty.net mailto:Toasters@teaparty.net http://www.teaparty.net/mailman/listinfo/toasters http://www.teaparty.net/mailman/listinfo/toasters
Toasters mailing list Toasters@teaparty.net mailto:Toasters@teaparty.net http://www.teaparty.net/mailman/listinfo/toasters http://www.teaparty.net/mailman/listinfo/toasters
Seems odd that a gethostbyname of the name server (nsals.lbl.gov) works but dns check doesn’t
That's not odd at all. The filer has to store the hosts entry for the DNS server in a local hosts file/database — otherwise, how would it resolve the DNS server's address to send it a query? You can't do a DNS lookup of the DNS server's address unless you already know it, in which case what's the point of querying for it?