Setting up DNS in a Hybrid Environment.
Hello Folks, I’m not sure when this became a series, but it’s looking like it’s going to be ongoing. I’m hoping it can give the community a sense of how you can slowly adopt cloud services to enhance your on-prem environment. It started a few weeks ago with the post on how I needed to replace the edge device on my home network. Then I followed up with how I now can use the site-to-site VPN I set up to access (RDP & SSH) all the servers in my environment using the Bastion host on Azure. But I’m at a point where I’ve got demo servers and services on both sides of the VPN. Name resolution is fast becoming an issue. How do I set up a DNS structure to efficiently resolve server IP addresses from an on-premises environment and vice versa without deploying VM-based DNS servers.
minor bugs in nx_dns.c
Hi all, working on nx_dns.c versio 6.1.12 I found some minor bugs. In function 3911 _nx_dns_host_resource_data_by_name_get() we have a NX_DNS_QUERY_FAILED 0xA3 /* DNS query failed; no DNS server sent an 'answer' */ return value on most errors, end even if we got a reply. It seems that it is due to line 4052 4052 return(NX_DNS_QUERY_FAILED); while 4052 return(status); would return actual error. You can test this searching a non existing domain name (e.g. goo4gle.com) or setting server address to a non existing dns server (e.g 91.1.1.1). Digging deeper, I found another non optimal return value in function 4888 _nx_dns_response_process() Here we have NX_DNS_SERVER_AUTH_ERROR 0xAC /* Server not able to authenticate answer/authority data*/ for any reply with reply code 0x2, 0x3, 0x6, 0x7, but not alla are errors. Can be reproduced as before with non-existing domain. it comes from line 4039 nad folowing if ((status & NX_DNS_ERROR_MASK) == NX_DNS_ERROR_MASK) { /* Release the source packet. */ nx_packet_release(packet_ptr); return NX_DNS_SERVER_AUTH_ERROR; } Best would be to add in nx_dns.h #define NX_DNS_REPLY_CODE_OK 0xB8 /* base value for reply code management */ #define NX_DNS_REPLY_CODE_FORMERR 0xB9 /* DNS Query Format Error */ #define NX_DNS_REPLY_CODE_SERVFAIL 0xBA /* Server failed to complete the DNS request */ #define NX_DNS_REPLY_CODE_NXDOMAIN 0xBB /* Domain name does not exist */ #define NX_DNS_REPLY_CODE_NOTIMP 0xBC /* Function not implemented */ #define NX_DNS_REPLY_CODE_REFUSED 0xBD /* The server refused to answer for the query */ #define NX_DNS_REPLY_CODE_YXDOMAIN 0xBE /* Name that should not exist, does exist */ #define NX_DNS_REPLY_CODE_XRRSET 0xBF /* RRset that should not exist, does exist */ #define NX_DNS_REPLY_CODE_NOTAUTH 0xE0 /* Server not authoritative for the zone */ #define NX_DNS_REPLY_CODE_NOTZONE 0xE1 /* Name not in zone */ and change 4939 if (((status & NX_DNS_QUERY_MASK) == NX_DNS_RESPONSE_FLAG) && ((status & NX_DNS_RCODE_MASK) != NX_DNS_RCODE_SUCCESS)) { /* Release the source packet. */ nx_packet_release(packet_ptr); return (NX_DNS_REPLY_CODE_OK + (status & NX_DNS_RCODE_MASK)); } This allows to take proper action if required.
