Solutions

Unable to successfully use DNS on the Director Appliance

Solutions ID:    KB4438
Version:    5.0
Status:    Published
Published date:    06/14/2011
Updated:    08/01/2011
 

Problem Description

The Director appliance was just upgraded to SGME 5.5.1.1 but we can no longer connect to the device using a hostname in the address bar of the browser.

Can no longer connect to the ProxySG appliances from Director using their DNS name.

When attempting to connect to the Director interface using a DNS suffix (not just hostname) we receive the following error: "Unable to establish connection to Director. Hostname resolution may not have been enabled in the Director"

Attempting to do a traceroute to the same hostname from the Director appliance resulted in a gethostbyname: Host name lookup failure

The ifconfig output looks normal.

interface ether-0 ip address <director_IP>
no interface ether-0 shutdown
no interface lo shutdown
ip default-gateway <default_gateway_IP>
hostname chabcdir1
ip host chabcdir1 127.0.0.1
ip host localhost 127.0.0.1
ip name-server <DNS_1_IP>
ip name-server <DNS_2_IP>
ip name-server <DNS_3_IP>

Resolution

Troubleshooting.  

1: To ensure the daemon - djbdbs- is running, execute this command in the shell.  For details on how to acess the shell, see KB4178.

  • sh-3.2# ps -aef | grep dns

If it is not running, reload it by restarting Director, or running this command.

  • sh-3.2# service djbdns start

2: One known root cause Root cause of this symtom is this: The "djbdns" binary module needs the user "dnscache" to work properly. In this fault condition we are being forced to run as the root user because "dnscache" and "dnslog" users are missing. 

Workaround:
We need to manually add the "dnscache" and "dnslog" users to the "/etc/passwd" file. 

NOTE: To follow the below steps you'll need to be proficient in LINUX command line syntax and also be able to navigate the VI text editor in LINUX.   For more information on the VI text editor, see this WIKI site.

Procedure:

  • Launch Director CLI session (SSH session to Director).
  • TIP: For detailed information on how to use the Director CLI, see KB4178 
  • From the enable prompt, type "config t" to enter configuration mode.
  • Type "shell" at the config prompt.
  • Type this command: vi /etc/passwd
  • Add the lines below to the the "/etc/passwd" file:

dnscache:x:100:102::/var/djbdns:/bin/true

dnslog:x:101:103::/var/djbdns:/bin/true

  • Save and exit from the "/etc/passwd" file.
  • Go back to the config mode of the director by executing the 'exit'' command.
  • Type "write memory" to save the system's configuration. 
  • From the enable prompt, type "config t" to enter configuration mode.
  • Type shell at the config prompt.
  • Restart the Director service using the commands listed below:

service director stop

service director start

  • You can try the dnsip command to verify DNS proper DNS resolution.
  • TIP: The syntax for using this command to test out the google.com's IP address is:

dnsip google.com

  • The result to the above command should be a list of IP addresses for this name.
  • If this fails, display the output of the /etc/shadow file.

cat /etc/shadow

  • NOTE: For information about the contents of /etc/shadow, please examine this link.
  • Look for these usernames: "dnscache" and "dnslog" as seen below.  If they do not exist AND the DNS lookup failed, we recommend that you add them manually using your VI text editor exactly as seen below:

dnscache:!!:15127:0:99999:7:::

dnslog:!!:15127:0:99999:7:::

NOTE: For other examples of  using the CLI syntax for Director, see KB4178 FAQ1177  , KB4253  

 


Rate this Page

Please take a moment to complete this form to help us better serve you.

Did this document help answer your question?
 
 
If you are finished providing feedback, please click the RATE CONTENT button. Otherwise, please add more detail in the following text box and then click RATE CONTENT.
 
 

Your response will be used to improve our document content.

Ask a Question