Subscribe

DNS Resolver unexplained timeouts

I have an ONTAP SIM 7.3 running on VMware ESX 4.1.  It serves data to other guests on the SIM via CIFS and NFS, but does not do username mapping properly.


In other words: within the same VMware ESX Host, network communications is working.


Except DNS.


I can't figure out why.  When I run pktt, no DNS packets are sent at all, even with the DNS cache disabled, or with the DNS cache enabled and flushed.


I am *NOT* a NetApp admin, and very well may have missed a setting.  Therefore, I'm dumping everything I can find to be relevant to my configuration.  192.168.0.* (excepting .250 and .254) are virtual devices on the same ESX Host and same ESX VSwitch.  no networking hardware is involved at all.


Desired goal: setting up a NetApp OnTap 7.x device to do configuration based on RFC2307 and NetApp document TR-3458.


netapp1*> version
NetApp Release 7.3.1: Thu Jan  8 00:10:49 PST 2009
netapp1*> rdfile /etc/nsswitch.conf
#Generated by FilerView - Mon Jan 03 14:27:49 CST 2011
hosts: files dns nis
passwd: files ldap nis
shadow: files ldap ldap
group: files ldap nis
netgroup: files ldap files
netapp1*> rdfile /etc/resolv.conf
#Generated by FilerView - Mon Jan 03 14:27:49 CST 2011
nameserver 192.168.0.4
nameserver 192.168.0.5
search totalnetsolutions.net
netapp1*> ping 192.168.0.4
192.168.0.4 is alive
netapp1*> ping 192.168.0.5
192.168.0.5 is alive

netapp1*> dns info
DNS is enabled


DNS caching is enabled


0 cache hits
3 cache misses
0 cache entries
0 expired entries
0 cache replacements


IP Address                                     State   Last Polled                  Avg RTT Calls  Errs
-------------------------------------------------------------------------------------------------------------
192.168.0.4                                    NO INFO                                    0     0     0
192.168.0.5                                    NO INFO                                    0     0     0


Default domain: totalnetsolutions.net
Search domains: totalnetsolutions.net

netapp1*> options dns
dns.cache.enable             on        
dns.domainname               totalnetsolutions.net
dns.enable                   on        
dns.update.enable            on        
dns.update.ttl               24h

netapp1*> dns flush
DNS cache flushed.


netapp1*> ping tns02.totalnetsolutions.net
ping: unknown host: tns02.totalnetsolutions.net


netapp1*> dns info
DNS is enabled


DNS caching is enabled


0 cache hits
3 cache misses
0 cache entries
0 expired entries
0 cache replacements


IP Address                                     State   Last Polled                  Avg RTT Calls  Errs
-------------------------------------------------------------------------------------------------------------
192.168.0.4                                    NO INFO                                    0     0     0
192.168.0.5                                    NO INFO                                    0     0     0


Default domain: totalnetsolutions.net
Search domains: totalnetsolutions.net


netapp1*> cifs domaininfo
Tue Jan  4 01:16:55 CST [auth.ldap.trace.LDAPConnection.statusMsg:info]: AUTH: TraceLDAPServer- Starting AD LDAP server address discovery for TOTALNETSOLUTIONS.NET.
Tue Jan  4 01:17:02 CST [auth.ldap.trace.LDAPConnection.statusMsg:info]: AUTH: TraceLDAPServer- Found no AD LDAP server addresses using DNS site query (home).
Tue Jan  4 01:17:10 CST [auth.ldap.trace.LDAPConnection.statusMsg:info]: AUTH: TraceLDAPServer- Found no AD LDAP server addresses using generic DNS query.
NetBios Domain:           TNS
Windows 2000 Domain Name: totalnetsolutions.net
Type:                     Windows 2000
Filer AD Site:            home


Not currently connected to any DCs
Preferred Addresses:
                          None
Favored Addresses:
                          None
Other Addresses:
                          192.168.0.5     TNS03            PDCBROKEN
                          192.168.0.4     TNS02            BDCBROKEN


Not currently connected to any AD LDAP server
Preferred Addresses:
                          None
Favored Addresses:
                          None
Other Addresses:
                          None
netapp1*> Tue Jan  4 01:17:10 CST [auth.ldap.trace.LDAPConnection.statusMsg:info]: AUTH: TraceLDAPServer- AD LDAP server address discovery for TOTALNETSOLUTIONS.NET complete. 0 unique addresses found.

netapp1*> options ldap
ldap.ADdomain                totalnetsolutions.net
ldap.base                    dc=totalnetsolutions,dc=net
ldap.base.group              dc=totalnetsolutions,dc=net
ldap.base.netgroup                     
ldap.base.passwd             dc=totalnetsolutions,dc=net
ldap.enable                  on        
ldap.minimum_bind_level      anonymous 
ldap.name                    cn=netapp,ou=Service accounts,ou=sbsusers,ou=users,ou=MyBusiness,dc=totalnetsolutions,dc=net
ldap.nssmap.attribute.gecos  gecos     
ldap.nssmap.attribute.gidNumber gidNumber 
ldap.nssmap.attribute.groupname cn        
ldap.nssmap.attribute.homeDirectory homeDirectory
ldap.nssmap.attribute.loginShell loginShell
ldap.nssmap.attribute.memberNisNetgroup memberNisNetgroup
ldap.nssmap.attribute.memberUid memberUid 
ldap.nssmap.attribute.netgroupname cn        
ldap.nssmap.attribute.nisNetgroupTriple nisNetgroupTriple
ldap.nssmap.attribute.uid    samAccountName
ldap.nssmap.attribute.uidNumber uidNumber 
ldap.nssmap.attribute.userPassword userPassword
ldap.nssmap.objectClass.nisNetgroup nisNetgroup
ldap.nssmap.objectClass.posixAccount User      
ldap.nssmap.objectClass.posixGroup Group     
ldap.passwd                  ******    
ldap.port                    389       
ldap.servers                 192.168.0.4 192.168.0.5
ldap.servers.preferred                 
ldap.ssl.enable              off       
ldap.timeout                 20        
ldap.usermap.attribute.unixaccount unixaccount
ldap.usermap.attribute.windowsaccount windowsaccount
ldap.usermap.base                      
ldap.usermap.enable          off

netapp1*> netdiag
Performing physical layer diagnostics.....OK
Performing network layer diagnostics.....OK
OK
Performing transport layer diagnostics.....OK


netapp1*> netstat
Active TCP connections
Local Address         Remote Address         Swind Send-Q  Rwind Recv-Q State     
netapp1.2049          192.168.0.26.994       49640      0  67160      0 ESTABLISHED
localhost.23          localhost.1023          8192      0   8192      0 ESTABLISHED
localhost.1023        localhost.23            8192      1   8192      0 ESTABLISHED
netapp1.22            192.168.0.21.38275     64128      0   8760      0 ESTABLISHED
::.22                 ::.*                       0      0      0      0 LISTEN    
::.10568              ::.*                       0      0      0      0 LISTEN    
::.10569              ::.*                       0      0      0      0 LISTEN    
::.10567              ::.*                       0      0      0      0 LISTEN    
::.23                 ::.*                       0      0      0      0 LISTEN    


Active UDP sockets
Local Address         Remote Address        Send-Q Recv-Q
::.161                ::.*                       0      0

netapp1*> ifconfig -a
ns0: flags=848043<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
        inet 192.168.0.34 netmask 0xffffff00 broadcast 192.168.0.255
        inet6 fe80::250:56ff:fe0b:5a59 prefixlen 64 scopeid 0x1 autoconf
        ether 00:50:56:0b:5a:59 (auto-100tx-fd-up)
ns1: flags=8042<BROADCAST,RUNNING,MULTICAST> mtu 1500
        ether 00:50:56:0c:5a:59 (auto-unknown-cfg_down)
lo: flags=1948049<UP,LOOPBACK,RUNNING,MULTICAST,TCPCKSUM> mtu 9188
        inet 127.0.0.1 netmask 0xff000000 broadcast 127.0.0.1
        inet6 fe80::1 prefixlen 64 scopeid 0x3 autoconf
        inet6 ::1 prefixlen 128
netapp1*> ifstat -a


-- interface  ns0  (10 hours, 19 minutes, 27 seconds) --


RECEIVE
Frames/second:       8  | Bytes/second:      593  | Errors/minute:       0
Discards/minute:     0  | Total frames:    17826  | Total bytes:      1616k
Total errors:        0  | Total discards:      0  | Multi/broadcast: 13914
No buffers:          0  | Non-primary u/c:     0  | Tag drop:            0
Vlan tag drop:       0  | Vlan untag drop:     0  | Read errors:         0
TRANSMIT
Frames/second:       4  | Bytes/second:      359  | Errors/minute:       0
Discards/minute:     0  | Total frames:      105k | Total bytes:     32660k
Total errors:        0  | Total discards:      0  | Multi/broadcast:   140
Queue overflows:     0  | No buffers:          0  | Write errors:        0
LINK_INFO
Current state:       up | Up to downs:         0  | Speed:             100m
Duplex:            full | Flowcontrol:       none

-- interface  ns1  (10 hours, 19 minutes, 27 seconds) --


RECEIVE
Frames/second:       0  | Bytes/second:        0  | Errors/minute:       0
Discards/minute:     0  | Total frames:        0  | Total bytes:         0
Total errors:        0  | Total discards:      0  | Multi/broadcast:     0
No buffers:          0  | Non-primary u/c:     0  | Tag drop:            0
Vlan tag drop:       0  | Vlan untag drop:     0  | Read errors:         0
TRANSMIT
Frames/second:       0  | Bytes/second:        0  | Errors/minute:       0
Discards/minute:     0  | Total frames:        0  | Total bytes:         0
Total errors:        0  | Total discards:      0  | Multi/broadcast:     0
Queue overflows:     0  | No buffers:          0  | Write errors:        0
LINK_INFO
Current state: cfg_down | Up to downs:         0

-- interface  lo  (10 hours, 19 minutes, 24 seconds) --


RECEIVE
Packets:          3284  | Bytes:             231k | Errors:              0
Queue full:          0
TRANSMIT
Packets:          3284  | Bytes:             231k | Errors:              0
Collisions:          0

-- interface  vh  (10 hours, 19 minutes, 24 seconds) --


RECEIVE
Packets:             0  | Bytes:               0  | Errors:              0
Queue full:          0
TRANSMIT
Packets:             0  | Bytes:               0  | Errors:              0
Collisions:          0

netapp1*> uptime
  1:22am up 10:20 63 NFS ops, 4 CIFS ops, 23 HTTP ops, 0 FCP ops, 0 iSCSI ops
netapp1*>

So you might think: oh, his DNS is just broken, but wait, from a system that is on the same subnet, and has successful NFS connections to my NetApp....:


rob@sol10-a:~$ ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
        inet 127.0.0.1 netmask ff000000
e1000g0: flags=1004843<UP,BROADCAST,RUNNING,MULTICAST,DHCP,IPv4> mtu 1500 index 2
        inet 192.168.0.26 netmask ffffff00 broadcast 192.168.0.255
lo0: flags=2002000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv6,VIRTUAL> mtu 8252 index 1
        inet6 ::1/128
e1000g0: flags=2004841<UP,RUNNING,MULTICAST,DHCP,IPv6> mtu 1500 index 2
        inet6 fe80::250:56ff:feb6:2/10
rob@sol10-a:~$ dig SRV _ldap._tcp.home._sites.totalnetsolutions.net +short @192.168.0.4
0 100 389 tns02.totalnetsolutions.net.
0 100 389 tns03.totalnetsolutions.net.
rob@sol10-a:~$ dig SRV _ldap._tcp.home._sites.totalnetsolutions.net +short @192.168.0.5
0 100 389 tns02.totalnetsolutions.net.
0 100 389 tns03.totalnetsolutions.net.
rob@sol10-a:~$ dig SRV _Kerberos._tcp.home._sites.totalnetsolutions.net +short @192.168.0.4
0 100 88 tns02.totalnetsolutions.net.
0 100 88 tns03.totalnetsolutions.net.
rob@sol10-a:~$ dig SRV _Kerberos._tcp.home._sites.totalnetsolutions.net +short @192.168.0.5
0 100 88 tns02.totalnetsolutions.net.
0 100 88 tns03.totalnetsolutions.net.
rob@sol10-a:~$ dig SRV _kerberos._tcp.totalnetsolutions.net +short @192.168.0.4           
0 100 88 tns02.totalnetsolutions.net.
0 100 88 tns03.totalnetsolutions.net.
rob@sol10-a:~$ dig SRV _kerberos._tcp.totalnetsolutions.net +short @192.168.0.5
0 100 88 tns02.totalnetsolutions.net.
0 100 88 tns03.totalnetsolutions.net.
rob@sol10-a:~$ dig SRV _kerberos._udp.totalnetsolutions.net +short @192.168.0.5
0 100 88 tns02.totalnetsolutions.net.
0 100 88 tns03.totalnetsolutions.net.
rob@sol10-a:~$ dig SRV _kerberos._udp.totalnetsolutions.net +short @192.168.0.4
0 100 88 tns02.totalnetsolutions.net.
0 100 88 tns03.totalnetsolutions.net.

So, what stupid config piece am I missing?

Thanks in advance.

Rob

@docsmooth

Re: DNS Resolver unexplained timeouts

You need to set the LDAP option ldap.ADdomain

host1*> options ldap

ldap.ADdomain

By default this is not set

host1*> options ldap.ADdomain yourADdomain.com

host1*> options ldap

ldap.ADdomain  yourADdomain.com