_LDAP._TCP.dc._msdcs.domainname

[kpi...@gmail.com]

On one slave I get full response with all my DC's  on another I do not.

I have copied the config from one to the other same thing

yes I restarted the slaves.

when I run the query against 10.10.183.10 it works

listen_ip = 0.0.0.0

http_port = 80

https_port = 443

start_tomcat = 1

cluster_mode = 2

master_ip = 10.10.1.22

slave_ip =

blacklist_type = 1

local_dns = 10.10.183.10

local_domain = kenyonweb.com

debug log from nonworking slave

DEBUG [12-07 08:35:52] - Zone transfer, makellosclassics.com, 10.10.1.50
DEBUG [12-07 08:35:53] - Zone transfer, pegasusaz.com, 10.10.0.252
DEBUG [12-07 08:35:53] - Zone transfer, valorequipment.com, 10.10.1.50
DEBUG [12-07 08:35:53] - Zone transfer, kenyonweb.com, 10.10.1.50
DEBUG [12-07 08:35:53] - Zone transfer, kenyonweb.com, 10.10.1.50
DEBUG [12-07 08:35:53] - Zone transfer, _msdcs.kenyonweb.com, 10.10.1.50
DEBUG [12-07 08:35:55] - /U 10.10.183.103
DEBUG [12-07 08:35:55] - /FOUND
DEBUG [12-07 08:35:55] - /RUP 10.10.183.103
DEBUG [12-07 08:35:55] - /RUP 10.10.183.103
DEBUG [12-07 08:35:55] - nv:2.8.6 up:60 -ss pw:d033e22ae348aeb5660fc2140aec35850c4da997 -dc -dp
DEBUG [12-07 08:35:57] - BlockDomainResolver.run, Checking for 10.10.1.22
DEBUG [12-07 08:35:57] - BlockDomainResolver.run, Checking for 10.10.171.10
DEBUG [12-07 08:35:59] - RH #3, unifi.kenyonweb.com, rq_size= 0, r_dc = 1, r_ttl = 0, r_type = 1
DEBUG [12-07 08:35:59] - Local domain : unifi.kenyonweb.com
DEBUG [12-07 08:35:59] - RH #8, 2ua4221w66.kenyonweb.com, rq_size= 0, r_dc = 1, r_ttl = 0, r_type = 6
DEBUG [12-07 08:35:59] - DDNS domain : 2ua4221w66.kenyonweb.com
DEBUG [12-07 08:35:59] - RH #1, 2ua4221w66.kenyonweb.com, rq_size= 0, r_dc = 1, r_ttl = 0, r_type = 6
DEBUG [12-07 08:35:59] - DDNS domain : 2ua4221w66.kenyonweb.com
DEBUG [12-07 08:36:00] - Zone transfer, mk-masonry.com, 10.10.1.50
DEBUG [12-07 08:36:00] - Zone transfer, azwholesalebp.com, 10.10.1.50
DEBUG [12-07 08:36:00] - RH #5, _ldap._tcp.dc._msdcs.kenyonweb.com.kenyonweb.com, rq_size= 0, r_dc = 1, r_ttl = 0, r_type = 255
DEBUG [12-07 08:36:00] - Local domain : _ldap._tcp.dc._msdcs.kenyonweb.com.kenyonweb.com
DEBUG [12-07 08:36:00] - /HELLO 124 32 9 21
DEBUG [12-07 08:36:00] - Zone transfer, makellosclassics.com, 10.10.1.50
DEBUG [12-07 08:36:00] - 20441225-100000-0-NXFREE03 1
DEBUG [12-07 08:36:00] - RH #7, _ldap._tcp.dc._msdcs.kenyonweb.com, rq_size= 0, r_dc = 1, r_ttl = 0, r_type = 255
DEBUG [12-07 08:36:00] - Local domain : _ldap._tcp.dc._msdcs.kenyonweb.com
DEBUG [12-07 08:36:00] - Zone transfer, pegasusaz.com, 10.10.0.252
DEBUG [12-07 08:36:00] - Zone transfer, valorequipment.com, 10.10.1.50
DEBUG [12-07 08:36:01] - Zone transfer, kenyonweb.com, 10.10.1.50
DEBUG [12-07 08:36:01] - Zone transfer, kenyonweb.com, 10.10.1.50
DEBUG [12-07 08:36:01] - Zone transfer, _msdcs.kenyonweb.com, 10.10.1.50

Nslookup

> _LDAP._TCP.dc._msdcs.kenyonweb.com
Server:  kvis-hv.kenyonweb.com
Address:  10.10.183.2

DNS request timed out.
    timeout was 2 seconds.
*** Request to kvis-hv.kenyonweb.com timed-out
> _LDAP._TCP.dc._msdcs.kenyonweb.com
Server:  kvis-hv.kenyonweb.com
Address:  10.10.183.2

DNS request timed out.
    timeout was 2 seconds.
*** Request to kvis-hv.kenyonweb.com timed-out
>

[Jinhee]

Is this your slave node IP?

  Server:  kvis-hv.kenyonweb.com
  Address:  10.10.183.2

Did you install it on 10.10.183.2? And its domain name is kvis-hv.kenyonweb.com?

[kpi...@gmail.com]

Yes

[kpi...@gmail.com]

10.10.183.10 is the domain controller at that site.

[Jinhee]

Did you try nslookup on 10.10.183.10? It seems like your slave node doesn't get request.

[kpi...@gmail.com]

Yes nslookup works fine to 10.10.183.10 but not to .2 the debug shows the request.

Also the lookup works against the master at 10.10.1.22 and a slave at 10.10.1.23 but not from any slave over our vpns it looks like.

All other requests work and report fine to the master also.

[Jinhee]

Sorry, I was talking about 10.10.183.2. Are you saying that you tried nslookup on 10.10.183.2 to itself and it worked?

When you do nslookup against 10.10.183.2 you should be able to see the request on debug mode.

If you don't see it, it might be about port opening. If you see it but you don't get the response then it might be about

outbound UDP/53.

[kpi...@gmail.com]

this is still an issue ns lookup against my master it works some slaves it works but not other slaves......

returns timed out

DEBUG [03-29 16:48:35] - /GND
DEBUG [03-29 16:48:35] - RH #2, _ldap._tcp.dc._msdcs.kenyonweb.com.kenyonweb.com, rq_size= 0, r_dc = 1, r_ttl = 0, r_type = 33
DEBUG [03-29 16:48:35] - Local domain : _ldap._tcp.dc._msdcs.kenyonweb.com.kenyonweb.com
DEBUG [03-29 16:48:35] - RH #6, _ldap._tcp.dc._msdcs.kenyonweb.com, rq_size= 0, r_dc = 1, r_ttl = 0, r_type = 33
DEBUG [03-29 16:48:35] - Local domain : _ldap._tcp.dc._msdcs.kenyonweb.com
DEBUG [03-29 16:48:38] - /GND

also getting BlockDomainResolver.run, Checking for 10.10.171.10 this server should never be looking at that dns server.

[Jinhee]

Do you have the same local_dns, local_domain settings on every nodes? cfg.properties file is not being shared. If that's the problem update it to v3.1.5-p1 or have it on every node.

That BlockDomainResolver message is there as you have multiple block redirection IPs.

[Jinhee]

What's you block redirection IP? 10.10.171.10 should be one of them.

[kpi...@gmail.com]

yes this fixed it for the block redirection

[kpi...@gmail.com]

determined the issue the ASA Vpn was inspecting DNS records and not allowing them over the vpn this is now fixed.