freeradius DNS issue

classic Classic list List threaded Threaded
6 messages Options
| Threaded
Open this post in threaded view
|

freeradius DNS issue

Satish Patel-2
I have two DNS entry in /etc/resolve.conf and somehow today 10.10.0.10
DNS went down and result radius fail to authenticate clients, it was
bizarre that 1 hour everything was down and as soon as 10.10.0.10 came
back radius start working, I have check 10.10.0.11 is totally
functional DNS but look like freeradius just doesn't like getting
failover to second DNS, is there any timeout or better solution of
this issue?

# cat /etc/resolv.conf
nameserver 10.10.0.10
nameserver 10.10.0.11
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: freeradius DNS issue

Alan DeKok-2
On Feb 11, 2020, at 2:35 PM, Satish Patel <[hidden email]> wrote:
>
> I have two DNS entry in /etc/resolve.conf and somehow today 10.10.0.10
> DNS went down and result radius fail to authenticate clients, it was
> bizarre that 1 hour everything was down and as soon as 10.10.0.10 came
> back radius start working, I have check 10.10.0.11 is totally
> functional DNS but look like freeradius just doesn't like getting
> failover to second DNS, is there any timeout or better solution of
> this issue?

  FreeRADIUS just uses the local system libraries to do DNS resolution.  If the local DNS libraries don't do failover, look there for issues and fixes.

  Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: freeradius DNS issue

Satish Patel-2
Hmm so you are saying it depend on OS not something built into radius?

Very strange that Linux do this.

Sent from my iPhone

> On Feb 11, 2020, at 3:48 PM, Alan DeKok <[hidden email]> wrote:
>
> On Feb 11, 2020, at 2:35 PM, Satish Patel <[hidden email]> wrote:
>>
>> I have two DNS entry in /etc/resolve.conf and somehow today 10.10.0.10
>> DNS went down and result radius fail to authenticate clients, it was
>> bizarre that 1 hour everything was down and as soon as 10.10.0.10 came
>> back radius start working, I have check 10.10.0.11 is totally
>> functional DNS but look like freeradius just doesn't like getting
>> failover to second DNS, is there any timeout or better solution of
>> this issue?
>
>  FreeRADIUS just uses the local system libraries to do DNS resolution.  If the local DNS libraries don't do failover, look there for issues and fixes.
>
>  Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: [EXTERNAL] freeradius DNS issue

Users mailing list
In reply to this post by Satish Patel-2
Not RADIUS read the manpage for /etc/resolv.conf, default timeout is 30 seconds and there is an option to change it to a different value.

Alister


On 11/02/2020, 19:35, "Freeradius-Users on behalf of Satish Patel" <freeradius-users-bounces+alister.winfield=[hidden email] on behalf of [hidden email]> wrote:

    I have two DNS entry in /etc/resolve.conf and somehow today 10.10.0.10
    DNS went down and result radius fail to authenticate clients, it was
    bizarre that 1 hour everything was down and as soon as 10.10.0.10 came
    back radius start working, I have check 10.10.0.11 is totally
    functional DNS but look like freeradius just doesn't like getting
    failover to second DNS, is there any timeout or better solution of
    this issue?

    # cat /etc/resolv.conf
    nameserver 10.10.0.10
    nameserver 10.10.0.11
    -
    List info/subscribe/unsubscribe? See https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.freeradius.org%2Flist%2Fusers.html&amp;data=02%7C01%7Calister.winfield%40sky.uk%7C377535fc4a3347d05dfc08d7af298fb6%7C68b865d5cf184b2b82a4a4eddb9c5237%7C0%7C0%7C637170465357667527&amp;sdata=874hxguRNoVmrpvIXGF85PCXOZSPmk9i2QogIVKtdtw%3D&amp;reserved=0
    --------------------------------------------------------------------
    This email is from an external source. Please do not open attachments or click links from an unknown or suspicious origin. Phishing attempts can be reported by sending them to [hidden email] as attachments. Thank you
    --------------------------------------------------------------------



Information in this email including any attachments may be privileged, confidential and is intended exclusively for the addressee. The views expressed may not be official policy, but the personal views of the originator. If you have received it in error, please notify the sender by return e-mail and delete it from your system. You should not reproduce, distribute, store, retransmit, use or disclose its contents to anyone. Please note we reserve the right to monitor all e-mail communication through our internal and external networks. SKY and the SKY marks are trademarks of Sky Limited and Sky International AG and are used under licence.

Sky UK Limited (Registration No. 2906991), Sky-In-Home Service Limited (Registration No. 2067075), Sky Subscribers Services Limited (Registration No. 2340150) and Sky CP Limited (Registration No. 9513259) are direct or indirect subsidiaries of Sky Limited (Registration No. 2247735). All of the companies mentioned in this paragraph are incorporated in England and Wales and share the same registered office at Grant Way, Isleworth, Middlesex TW7 5QD

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: freeradius DNS issue

Alan DeKok-2
In reply to this post by Satish Patel-2
On Feb 11, 2020, at 6:04 PM, Satish Patel <[hidden email]> wrote:
>
> Hmm so you are saying it depend on OS not something built into radius?

   That is exactly what I said.  What part of my message was unclear?

> Very strange that Linux do this.

  No.

  Very few applications include a DNS resolver.  They are non-trivial to write.

  Probably 99% of applications do exactly what FreeRADIUS does.  Even on Windows, OSX, etc.

  Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: freeradius DNS issue

Satish Patel-2
In that case only solution is put DNS infrastructure behind
load-balancer or some kind of HA.

On Wed, Feb 12, 2020 at 8:42 AM Alan DeKok <[hidden email]> wrote:

>
> On Feb 11, 2020, at 6:04 PM, Satish Patel <[hidden email]> wrote:
> >
> > Hmm so you are saying it depend on OS not something built into radius?
>
>    That is exactly what I said.  What part of my message was unclear?
>
> > Very strange that Linux do this.
>
>   No.
>
>   Very few applications include a DNS resolver.  They are non-trivial to write.
>
>   Probably 99% of applications do exactly what FreeRADIUS does.  Even on Windows, OSX, etc.
>
>   Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html