Re: UniFi USG local DNS not resolving local hostname correctly

phk46 · ‎11-12-2015

@UBNT-cmb wrote:
@phk46 wrote:
@UBNT-cmb, if a domain name must be configured for this to work then is the resolution of "unifi" a special case? It seems to be treated as a fqdn that has only a tld.
The domain name requirement is a client OS thing. Windows, OS X, and modern Linux desktop-focused distros will only do LLMNR lookups for non-qualified hostnames if they do not have a default domain assigned. UAP, USW and USG don't care either way, they'll all do DNS lookups on non-qualified hostnames. As will BSDs, and most server-focused and embedded Linux distros in a default config.

Hmm. Then I'm confused. I have "localdomain" configured in my controller. IIUC what you say above then I shouldn't be able to resolve "unifi" from my Mac. I just tried and I can ping both "unifi." and "unifi" with identical results. But IIRC the other day I wasn't able to ping "unifi". Or does that mean that after resolving "unfi." the Mac caches the result and uses it to locally resolve "unfi."?

robpickering · ‎11-19-2016

Understood. I was grasping at straws and trying to find anyway for the DNS resolver to be useful.
It seemed a reasonable assumption that "alias" could be a hostname alias for DNS resolution. It obviously is not.

The reality is that unless you are running a pure DHCP network (nothing manually assigned) and are happy with all of the client-identifiers coming from all of those hosts, then the USG just isn't suitable as a DNS server, and if you're going to use something else for DNS, you'll probably want to use something else for DHCP, and once you're down that slippery slope, you'll probably end up with a totally different firewall.

I was extremely hopeful to have a pure Ubiquiti UniFi network infrastructure. I love the concept of everything working together, central management, and visibility. But if the basics cannot be supported, then it's just not useable.

I wish it were different.

-Rob

robpickering · ‎11-19-2016

@phk46 wrote:
@UBNT-cmb wrote:
@phk46 wrote:
@UBNT-cmb, if a domain name must be configured for this to work then is the resolution of "unifi" a special case? It seems to be treated as a fqdn that has only a tld.
The domain name requirement is a client OS thing. Windows, OS X, and modern Linux desktop-focused distros will only do LLMNR lookups for non-qualified hostnames if they do not have a default domain assigned. UAP, USW and USG don't care either way, they'll all do DNS lookups on non-qualified hostnames. As will BSDs, and most server-focused and embedded Linux distros in a default config.
Hmm. Then I'm confused. I have "localdomain" configured in my controller. IIUC what you say above then I shouldn't be able to resolve "unifi" from my Mac. I just tried and I can ping both "unifi." and "unifi" with identical results. But IIRC the other day I wasn't able to ping "unifi". Or does that mean that after resolving "unfi." the Mac caches the result and uses it to locally resolve "unfi."?

There is a hard-coded DNSmasq rule, found in /etc/dnsmasq.conf on the USG. This is where it's coming from:

/etc/dnsmasq.conf:

host-record=unifi,172.31.1.8

In my network, when running the USG, it will only resolve as "unifi." which truncates the domain portion (.localdomain or whatever you have your Default Domain set to)

It also provides PTR records for your default gateway IP back to ubnt-usg

-Rob

UBNT-cmb · ‎08-08-2016

It works as it's designed to work, in a way that suffices for many. Static records can be added via host-record config.gateway.json, but that requirement will be gone soon. We're adding full DNS Forwarder control in controller in the future, for adding domain overrides, static A, AAAA, CNAME, PTR records, etc. And probably a new field on clients to set a hostname, so Alias is just an alias (for display purposes only) and DNS is configured from the hostname field.

robpickering · ‎11-19-2016

@UBNT-cmb wrote:
It works as it's designed to work, in a way that suffices for many. Static records can be added via host-record config.gateway.json, but that requirement will be gone soon. We're adding full DNS Forwarder control in 5.7.x controller, for adding domain overrides, static A, AAAA, CNAME, PTR records, etc. And probably a new field on clients to set a hostname, so Alias is just an alias (for display purposes only) and DNS is configured from the hostname field.

No argument that it's working as designed. However, you posted here very clearly that "There aren't any outstanding problems here with 5.5.x controller versions and any semi-recent firmware version".

I was just pointing out that there are still problems that your customers are having. The implementation is incomplete, not broken. This has clearly been recognized, based on this post, and things are moving forward with adding the features that would make it a more complete implementation.

Unfortunately, it took 10 months to get the Default domain put back into the GA code after Ubnt removed it last October, I'm guessing a similar timeframe to have these features available, which would make it May, 2018 before they're seen in the GA code. That's a long time to not have these features in a DNS Server implementation.

I hope it happens sooner, though the implication is that editing of Hostnames will actually be even longer (5.7), which in my opinion is the most critical feature that's missing. I don't mind creating host-record entries in a config.json.xml (though lots of your customers will), but I do mind maintaining them that way for my entire internal network when I have a GUI at my disposal.

Don't get me wrong (I know I come off as highly displeased), I'm genuinely thrilled with the Ubnt UniFi gear and went "all in". I'm just disappointed in the USG itself as I had a working pfSense firewall that it displaced only for me to find out that I could no longer have effective DNS for my internal network. If folks don't have NAS devices, or Servers, or applicances that they have to routinely connect to, it's probably not a big deal. I'm not one of those people and I have all of those types of devices on my internal LAN, which makes proper DNS critical. I've had to revert to memorizing IP addresses in order to function and that's just not something I wanted to do (as the client-identifiers are just as esoteric, e.g. st-D052A8263C7B0001, SonosZP, PlumLP-160200023, none of which can be changed to something memorable)

-Rob

phk46 · ‎11-12-2015

@UBNT-cmb wrote:
It works as it's designed to work, in a way that suffices for many. Static records can be added via host-record config.gateway.json, but that requirement will be gone soon. We're adding full DNS Forwarder control in 5.7.x controller, for adding domain overrides, static A, AAAA, CNAME, PTR records, etc. And probably a new field on clients to set a hostname, so Alias is just an alias (for display purposes only) and DNS is configured from the hostname field.

This all sounds *great*. If there will be separate configuration for hostname and alias, hopefully the controller GUI will use the hostname when no alias has been configured.

Also, can you then also provide this hostname field for *devices* as well as clients?

mdean · ‎12-21-2017

This is exactly what I'm looking for is there a beta opt in to test 5.7?

I just made myself a Ubuntu box to learn linux better and run the UniFi controller, now I have to use the IP instead of the host name.

I have done winbind in the mean time, but this is so basic of a feature seems silly it isn't in here already.

Especially since I static assign all my devices (makes it easier to identify new or unwelcome devices).

drewy · ‎04-21-2017

Any idea of when we will see this functionality?

nevmi · ‎12-22-2016

Do it's that implemented im on 5.8.3 version and dont ebable to found from gui to setup static dns records. In my network i have homelab with internal dns dhcp server all type diffrent severs and exsi hypervisor and what to make static dns record for them

nmorillov · ‎12-28-2013

I don't know if you guys solved this issue, but I did solved like @UBNT-cmb said with the help of @sdjernes and @dgiaffe.

First you have to set up the USG as dns for the hosts, in the dhcp configuration.

Screen Shot 2018-03-09 at 2.42.30 PM.png

Once all hosts has the USG as the default dns, you have to ssh the USG and follow this steps:

configure
edit service dns
set forwarding options host-record=HOSTNAME,IPADDRESS
commit
save

Please kudos to @sdjernes and @dgiaffe in the original post is this: Re: Static Names / Client Aliases

Hope that helped.

Regards

hazymat · ‎06-08-2016

Re the last post, why would you need to set up the USG as a DNS server manually, as suggested? Surely it is already the DNS server? Surely this option is for setting your DNS server to *another* device?

Last post doesn't make sense to me!

nmorillov · ‎12-28-2013

Hi. Not really. If you leave dns in automatic usg will forward the dns settings assigned by you ISP. And then happens what happened in te first post.

donriggs · ‎01-08-2018

@UBNT-cmbwrote:
We're adding full DNS Forwarder control in 5.7.x controller, for adding domain overrides, static A, AAAA, CNAME, PTR records, etc. And probably a new field on clients to set a hostname, so Alias is just an alias (for display purposes only) and DNS is configured from the hostname field.

I apologise if this is a dumb question, but is this UI change still on the roadmap? I am running on 5.7.20 since the recent Cloud Key update and could not find these in the UI.

PublicName · ‎05-11-2017

Don't hold your breath. Its been promised for awhile. I gave up on it and started using a Pi Hole setup for my DNS. Much happier and much faster then the forwarder on the USG. Pi Hole is running on a Debian VM not a Pi so that might be why it's much faster... Do your self a favor and forget using the USG and use an external one. Forward the DNS from USG to the Pi and things are so much more stable.

UBNT-cmb · ‎08-08-2016

@donriggs wrote:

I apologise if this is a dumb question, but is this UI change still on the roadmap? I am running on 5.7.20 since the recent Cloud Key update and could not find these in the UI.

That didn't make the cut at the time, it is still on the road map.

donriggs · ‎01-08-2018

@PublicNamewrote:
Do your self a favor and forget using the USG and use an external one. Forward the DNS from USG to the Pi and things are so much more stable.

Sure, that's always a possible solution. Still, I would really like to have the USG managing it and operate it from the controller software. It would be a very fitting puzzle part in the controller suite.

donriggs · ‎01-08-2018

@UBNT-cmbwrote:
That didn't make the cut at the time, it is still on the road map.

Thank you!

Looking forward to see this feature land in the controller software!

UBNT-cmb · ‎08-08-2016

@donriggs wrote:

@PublicNamewrote:
Do your self a favor and forget using the USG and use an external one. Forward the DNS from USG to the Pi and things are so much more stable.

Sure, that's always a possible solution. Still, I would really like to have the USG managing it and operate it from the controller software. It would be a very fitting puzzle part in the controller suite.

They're the exact same software underneath doing the DNS resolution. Either the config was broken (like a primary DNS server that wouldn't respond, so waiting for timeouts), or any perceived stability improvement was just a placebo.

PublicName · ‎05-11-2017

Would be pretty hard to have 9.9.9.9 "23ms" and 8.8.8.8 "29"ms" broken at the same time. DNSBench was kind enough to confirm so was my better half. Swapping to any 3rd party resolved the lag on DNS lookup disappeared. Dumping config and doing a reset on the USG was a good test of my paper clip skills. Still got them! Swapping the DNS lookup from the USG to Pi Hole was a massive jump in general web surfing. <br><br>@UBNT-cmb I have absolute faith that you'll get the USG up to today standards. Your history is the sole reason I purchased the USG and have ever recommended them. The USG has come a LONG way in the past year! Thank you for all your hard work it was not an easy place to start. The USG is perfect for a small office that uses everything hosted. I hate to say it but for the next few months the USG even after the last update is getting side lined and not being recommended by me to anyone. Road map was saying GUI driven DNS would be introduced in 5.7 and it was missed. Do you have any idea how bad that makes someone look when you resell a product with a promise to only have is dropped in a forum post 2 hours ago that it will be skipped for now? Road map is not a promise so I fully have to take that one on the chin but man dose it suck dealing with a pissed off customer that you now have to deal with them questioning your every move.

NAUIDiver · ‎03-27-2018

Wow. I stumbled onto this thread after spending an entire day with support because it I couldn’t resolve my Synology NAS since it’s a fixed IP and not dhcp client. Omg it still isn’t working!

None of my local workstations can reach the host by name, but we can using its IP address.

What scares me most is how old this thread is! Yikes. Not feeling great about my switch to USG.

Even my tiny little FIOS router handled this without blinking! And I could enter address and alias names into their UI without even flinching.

Hope this gets fixed soon!