search

unifi-utilities / unifios-utilities

A collection of enhancements for UnifiOS based devices
GNU General Public License v3.0
3.86k stars 415 forks source link

DNS requests time out #6

Closed m4ff3w closed 4 years ago

m4ff3w commented 4 years ago

Can someone point me to where I should start for troubleshooting?

DNS requests to 10.0.5.3 time out and I cannot ping 10.0.5.3. I can ping .1 and .2, though.

The nextdns starts successfully.

I'm sure I missed something, but I'm not sure where it could be.

mojo333 commented 4 years ago

Did you create the VLAN on the UDM?

m4ff3w commented 4 years ago

Did you create the VLAN on the UDM?

Yup. I can even ping 10.0.5.1 and 10.0.5.2 from a client machine.

mojo333 commented 4 years ago

What do you see in the nextdns logs i.e. anything odd in the output when running the command podman container logs nextdns

m4ff3w commented 4 years ago

What do you see in the nextdns logs i.e. anything odd in the output when running the command podman container logs nextdns

podman container logs nextdns

INFO: 18:37:30 Starting NextDNS 1.6.4/linux on :53 INFO: 18:37:30 Starting mDNS discovery INFO: 18:37:30 Listening on UDP/:53 INFO: 18:37:30 Listening on TCP/:53

boostchicken commented 4 years ago

Did you add the route to your on_boot.sh? https://github.com/boostchicken/udm-utilities/blob/eee0ea1ae0fac0b84d8be131ce7643423a8f383a/nextdns/udm-files/on_boot.sh#L12

m4ff3w commented 4 years ago

Did you add the route to your on_boot.sh? https://github.com/boostchicken/udm-utilities/blob/eee0ea1ae0fac0b84d8be131ce7643423a8f383a/nextdns/udm-files/on_boot.sh#L12

Yes.

`

!/bin/sh

mkdir -p /opt/cni ln -s /mnt/data/podman/cni/ /opt/cni/bin ln -s /mnt/data/podman/cni/20-dns.conflist /etc/cni/net.d/20-dns.conflist

Assumes your Podman network made in the controller is on VLAN 5

Adjust the IP to match the address in your cni configuration

ip link add br5.mac link br5 type macvlan mode bridge ip addr add 10.0.5.2/24 dev br5.mac ip link set br5.mac up ip route add 10.0.5.3/32 dev br5.mac proto static scope link podman start nextdns

`

boostchicken commented 4 years ago

Please share the output of the following commands

ifconfig br5
ifconfig br5.mac
ip route show
podman ps -a
podman inspect nextdns
podman network inspect dns
boostchicken commented 4 years ago

Also please post a screenshot of your network you created in the unifi controller, if you don't want to post these publically you send me a message on reddit (/u/boostchicken) or twitter @boostchicken.

boostchicken commented 4 years ago

@m4ff3w Did you get a chance to get that together?

m4ff3w commented 4 years ago

podman network inspect dns

`

ifconfig br5

br5 Link encap:Ethernet HWaddr E0:63:DA:86:B2:0E inet addr:10.0.5.1 Bcast:0.0.0.0 Mask:255.255.255.0 inet6 addr: fe80::8c3e:15ff:fe47:cde2/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:31797 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 B) TX bytes:2058046 (1.9 MiB)

ifconfig br5.mac

ifconfig: br5.mac: error fetching interface information: Device not found

podman ps -a

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES bd3c21c9f897 localhost/unifi-os:latest /sbin/init 30 hours ago Up 30 hours ago unifi-os 35c1aae42177 docker.io/boostchicken/nextdns-udm:latest 3 days ago Created nextdns

podman inspect nextdns

[ { "Id": "35c1aae4217793fcce637eb4fbd7d27e73afd258ad23b4171a1e8129a565eb8f", "Created": "2020-06-11T13:37:30.562491503-05:00", "Path": "/opt/nextdns/nextdns", "Args": [ "run", "-config-file", "/etc/nextdns/nextdns.conf" ], "State": { "OciVersion": "1.0.1-dev", "Status": "configured", "Running": false, "Paused": false, "Restarting": false, "OOMKilled": false, "Dead": false, "Pid": 0, "ExitCode": 0, "Error": "", "StartedAt": "2020-06-11T13:37:30.98021057-05:00", "FinishedAt": "0001-01-01T00:00:00Z", "Healthcheck": { "Status": "", "FailingStreak": 0, "Log": null } }, "Image": "2b5c1b7264204001b47e885a4504b8b4f13fd11010a13ac1e8ce2dea55c6d217", "ImageName": "docker.io/boostchicken/nextdns-udm:latest", "Rootfs": "", "Pod": "", "ResolvConfPath": "", "HostnamePath": "", "HostsPath": "", "StaticDir": "/mnt/data/podman/storage/overlay-containers/35c1aae4217793fcce637eb4fbd7d27e73afd258ad23b4171a1e8129a565eb8f/userdata", "OCIConfigPath": "/mnt/data/podman/storage/overlay-containers/35c1aae4217793fcce637eb4fbd7d27e73afd258ad23b4171a1e8129a565eb8f/userdata/config.json", "OCIRuntime": "runc", "LogPath": "/mnt/data/podman/storage/overlay-containers/35c1aae4217793fcce637eb4fbd7d27e73afd258ad23b4171a1e8129a565eb8f/userdata/ctr.log", "ConmonPidFile": "/var/run/containers/storage/overlay-containers/35c1aae4217793fcce637eb4fbd7d27e73afd258ad23b4171a1e8129a565eb8f/userdata/conmon.pid", "Name": "nextdns", "RestartCount": 0, "Driver": "overlay", "MountLabel": "", "ProcessLabel": "", "AppArmorProfile": "", "EffectiveCaps": [ "CAP_CHOWN", "CAP_DAC_OVERRIDE", "CAP_DAC_READ_SEARCH", "CAP_FOWNER", "CAP_FSETID", "CAP_KILL", "CAP_SETGID", "CAP_SETUID", "CAP_SETPCAP", "CAP_LINUX_IMMUTABLE", "CAP_NET_BIND_SERVICE", "CAP_NET_BROADCAST", "CAP_NET_ADMIN", "CAP_NET_RAW", "CAP_IPC_LOCK", "CAP_IPC_OWNER", "CAP_SYS_MODULE", "CAP_SYS_RAWIO", "CAP_SYS_CHROOT", "CAP_SYS_PTRACE", "CAP_SYS_PACCT", "CAP_SYS_ADMIN", "CAP_SYS_BOOT", "CAP_SYS_NICE", "CAP_SYS_RESOURCE", "CAP_SYS_TIME", "CAP_SYS_TTY_CONFIG", "CAP_MKNOD", "CAP_LEASE", "CAP_AUDIT_WRITE", "CAP_AUDIT_CONTROL", "CAP_SETFCAP", "CAP_MAC_OVERRIDE", "CAP_MAC_ADMIN", "CAP_SYSLOG", "CAP_WAKE_ALARM", "CAP_BLOCK_SUSPEND", "CAP_AUDIT_READ" ], "BoundingCaps": [ "CAP_CHOWN", "CAP_DAC_OVERRIDE", "CAP_DAC_READ_SEARCH", "CAP_FOWNER", "CAP_FSETID", "CAP_KILL", "CAP_SETGID", "CAP_SETUID", "CAP_SETPCAP", "CAP_LINUX_IMMUTABLE", "CAP_NET_BIND_SERVICE", "CAP_NET_BROADCAST", "CAP_NET_ADMIN", "CAP_NET_RAW", "CAP_IPC_LOCK", "CAP_IPC_OWNER", "CAP_SYS_MODULE", "CAP_SYS_RAWIO", "CAP_SYS_CHROOT", "CAP_SYS_PTRACE", "CAP_SYS_PACCT", "CAP_SYS_ADMIN", "CAP_SYS_BOOT", "CAP_SYS_NICE", "CAP_SYS_RESOURCE", "CAP_SYS_TIME", "CAP_SYS_TTY_CONFIG", "CAP_MKNOD", "CAP_LEASE", "CAP_AUDIT_WRITE", "CAP_AUDIT_CONTROL", "CAP_SETFCAP", "CAP_MAC_OVERRIDE", "CAP_MAC_ADMIN", "CAP_SYSLOG", "CAP_WAKE_ALARM", "CAP_BLOCK_SUSPEND", "CAP_AUDIT_READ" ], "ExecIDs": [], "GraphDriver": { "Name": "overlay", "Data": { "LowerDir": "/mnt/data/podman/storage/overlay/d5c4e02f03d5ff4945d936614b4e0fd5d4199586af4b1e8cae76f3de6406b128/diff:/mnt/data/podman/storage/overlay/f61d0bd563987068a92279982b8747d66a931343a3c25a345575891bf85e25c0/diff:/mnt/data/podman/storage/overlay/ffc9b21953f4cd7956cdf532a5db04ff0a2daa7475ad796f1bad58cfbaf77a07/diff", "UpperDir": "/mnt/data/podman/storage/overlay/890c7b91b02e563a22cb9b7d95ab7e6412ebcdea402d2bc8f38583190563680b/diff", "WorkDir": "/mnt/data/podman/storage/overlay/890c7b91b02e563a22cb9b7d95ab7e6412ebcdea402d2bc8f38583190563680b/work" } }, "Mounts": [ { "Type": "bind", "Name": "", "Source": "/mnt/data/nextdns", "Destination": "/etc/nextdns", "Driver": "", "Mode": "", "Options": [ "rbind" ], "RW": true, "Propagation": "rprivate" }, { "Type": "bind", "Name": "", "Source": "/var/run/dbus/system_bus_socket", "Destination": "/var/run/dbus/system_bus_socket", "Driver": "", "Mode": "", "Options": [ "rbind" ], "RW": true, "Propagation": "rprivate" }, { "Type": "bind", "Name": "", "Source": "/config/dnsmasq.lease", "Destination": "/tmp/dnsmasq.leases", "Driver": "", "Mode": "", "Options": [ "rbind" ], "RW": true, "Propagation": "rprivate" } ], "Dependencies": [], "NetworkSettings": { "Bridge": "", "SandboxID": "", "HairpinMode": false, "LinkLocalIPv6Address": "", "LinkLocalIPv6PrefixLen": 0, "Ports": [], "SandboxKey": "", "SecondaryIPAddresses": null, "SecondaryIPv6Addresses": null, "EndpointID": "", "Gateway": "", "GlobalIPv6Address": "", "GlobalIPv6PrefixLen": 0, "IPAddress": "", "IPPrefixLen": 0, "IPv6Gateway": "", "MacAddress": "" }, "ExitCommand": [ "/usr/bin/podman", "--root", "/mnt/data/podman/storage", "--runroot", "/var/run/containers/storage", "--log-level", "error", "--cgroup-manager", "cgroupfs", "--tmpdir", "/var/run/libpod", "--runtime", "runc", "--storage-opt", ".imagestore=/var/lib/containers/storage", "--storage-opt", ".skip_mount_home=false", "--storage-opt", ".mountopt=nodev", "--events-backend", "file", "container", "cleanup", "35c1aae4217793fcce637eb4fbd7d27e73afd258ad23b4171a1e8129a565eb8f" ], "Namespace": "", "IsInfra": false, "Config": { "Hostname": "nextdns", "Domainname": "", "User": "", "AttachStdin": false, "AttachStdout": false, "AttachStderr": false, "Tty": false, "OpenStdin": false, "StdinOnce": false, "Env": [ "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "TERM=xterm", "HOSTNAME=nextdns", "container=podman", "HOME=/root" ], "Cmd": null, "Image": "docker.io/boostchicken/nextdns-udm:latest", "Volumes": null, "WorkingDir": "/", "Entrypoint": "/opt/nextdns/nextdns run -config-file /etc/nextdns/nextdns.conf", "OnBuild": null, "Labels": { "maintainer": "John Dorman dorman@ataxia.cloud" }, "Annotations": { "io.container.manager": "libpod", "io.kubernetes.cri-o.ContainerType": "sandbox", "io.kubernetes.cri-o.Created": "2020-06-11T13:37:30.562491503-05:00", "io.kubernetes.cri-o.TTY": "false", "io.podman.annotations.autoremove": "FALSE", "io.podman.annotations.init": "FALSE", "io.podman.annotations.privileged": "TRUE", "io.podman.annotations.publish-all": "FALSE", "org.opencontainers.image.stopSignal": "15" }, "StopSignal": 15 }, "HostConfig": { "Binds": [ "/mnt/data/nextdns:/etc/nextdns:rw,rprivate,rbind", "/var/run/dbus/system_bus_socket:/var/run/dbus/system_bus_socket:rw,rprivate,rbind", "/config/dnsmasq.lease:/tmp/dnsmasq.leases:rw,rprivate,rbind" ], "ContainerIDFile": "", "LogConfig": { "Type": "k8s-file", "Config": null }, "NetworkMode": "default", "PortBindings": {}, "RestartPolicy": { "Name": "", "MaximumRetryCount": 0 }, "AutoRemove": false, "VolumeDriver": "", "VolumesFrom": null, "CapAdd": [], "CapDrop": [], "Dns": [ "45.90.28.175", "45.90.30.175" ], "DnsOptions": [], "DnsSearch": [], "ExtraHosts": [], "GroupAdd": [], "IpcMode": "", "Cgroup": "", "Cgroups": "default", "Links": null, "OomScoreAdj": 0, "PidMode": "", "Privileged": true, "PublishAllPorts": false, "ReadonlyRootfs": false, "SecurityOpt": [], "Tmpfs": {}, "UTSMode": "", "UsernsMode": "", "ShmSize": 65536000, "Runtime": "oci", "ConsoleSize": [ 0, 0 ], "Isolation": "", "CpuShares": 0, "Memory": 0, "NanoCpus": 0, "CgroupParent": "", "BlkioWeight": 0, "BlkioWeightDevice": null, "BlkioDeviceReadBps": null, "BlkioDeviceWriteBps": null, "BlkioDeviceReadIOps": null, "BlkioDeviceWriteIOps": null, "CpuPeriod": 0, "CpuQuota": 0, "CpuRealtimePeriod": 0, "CpuRealtimeRuntime": 0, "CpusetCpus": "", "CpusetMems": "", "Devices": [], "DiskQuota": 0, "KernelMemory": 0, "MemoryReservation": 0, "MemorySwap": 0, "MemorySwappiness": -1, "OomKillDisable": false, "PidsLimit": 0, "Ulimits": [ { "Name": "RLIMIT_NOFILE", "Soft": 1048576, "Hard": 1048576 }, { "Name": "RLIMIT_NPROC", "Soft": 1048576, "Hard": 1048576 } ], "CpuCount": 0, "CpuPercent": 0, "IOMaximumIOps": 0, "IOMaximumBandwidth": 0 } } ]

^C

podman network inspect dns

Error: unable to find network configuration for dns

`

m4ff3w commented 4 years ago

image

And thank you for an awesome project.

boostchicken commented 4 years ago

@m4ff3w you need the br5.mac interface made with these commands

ip link add br5.mac link br5 type macvlan mode bridge
ip link set br5 promisc on
ip link set br5.mac promisc on
ip addr add 10.0.5.2/24 dev br5.mac
ip link set br5.mac up
m4ff3w commented 4 years ago

I don't know how I missed that. Thanks so much!

boostchicken commented 4 years ago

@m4ff3w i just did a big change to how this is done that makes it simpler, I would go take a look at my latest commits and adjust accordingly

ip link set br5 promisc on

ip link add br5.mac link br5 type macvlan mode bridge
ip addr add 10.0.5.1/24 dev br5.mac noprefixroute
ip link set br5.mac promisc on
ip link set br5.mac up

ip route add 10.0.5.3/32 dev br5.mac

This frees up 10.0.5.2 and fixes some potential routing issues