Wednesday, October 8, 2008

.local Host Name and Multicast DNS

While installing and configuring OpenVPN on Ubuntu, I ran into a network problem I've been intermittently encountering on Windows.

Not much was required in installing and configuring openvpn. I just installed the prebuilt package via apt. Configuration files were downloaded from the Astaro firewall running the openvpn server. The only change needed was to include

up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf

in the .ovpn file to apply/undo the nameserver settings the openvpn server pushes to the client upon connect/disconnect. "update-resolv-conf" is a script that came with the openvpn package that parses the environment variables for the DNS settings the openvpn server pushes and the client exports to "foreign_variable_#" variables before calling the up/down scripts. And "resolvconf" package needed to be installed since "update-resolv-conf" uses it.

Even after configuring things this way, though, I couldn't connect to machines on the VPN. I could retrieve the correct IP addresses via nslookup, but when trying to connect any application them resulted in the hosts the names not resolving correctly. Connecting by specifying the IP address manually worked.

After some searching, I found some online discussions referring to this problem. "/etc/nsswitch.conf" was configured to kill the name resolution process when the mDNS could not resolve a ".local" name.

hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4

... was changed to ...

hosts: files dns mdns4

I suppose one way to look at it is that the a ".local" domain name was chosen for host names on the VPN even though mDNS was not set up. Astaro apparently doesn't support the protocol.

If I were in charge of managing the network, I would transition all hosts to use a different domain. But I'm not. The administrator insists that we continue using ".local" because Astaro should support mDNS. I think he should put his love for all things Apple aside for once and face the messy reality.

The underlying cause of the problem may be the same for the Windows machines. Though the fact that the problem crops up only occasionally with Windows is odd. For Windows, I've specified the IP addresses of the few hosts I need to connect to on the VPN in the "hosts" file. This has so far worked out for me.

No comments: