DNS for my LAN

For PC type software that runs under some PC opsys.

DNS for my LAN

Postby Doug Coulter » Mon Dec 31, 2012 2:04 pm

Well...There's this problem. I have a large lan, but it's not so much server->client as a bunch of peers. Each machine gets an IP from DHCP from my telco router (which I have to use, and cannot change) on boot - so everytime, each machine has a different IP.

Samba finds them all of course, with proper config, but that means I have to use my file explorer (Nautilus in linux) to find/access another machine for copying files, cross backups and so on - a script can't do it since it can't find the right machine always.

So, I spent the weekend diddling around. I'm hoping, actually, that it was wasted effort and that someone will tell me "just get program X for dns and tell things to only do this for the LAN, and it will work with any two machines on". But this hasn't happened yet.

So I spent some time munging around in perl. I wrote two scripts, one that simply finds out the name/ip pair of the machine it's running on and sends that out the UDP broadcast address about once a minute.

The other one listens for that, builds up a data structure of what's out there (and kills off things it hasn't heard from in awhile) and rewrites /etc/hosts when things change.
This works - many of my machines, for example, run apache and mysql, and it's nice to be able to use that interface by just typing in a machine name to a web browser, or hard-coding a machine into a script that might want to use my fast upstairs server database to record data from the fusor downstairs (safely away from the lightning too).

But, there are issues. Doing this in perl means the programs have a fairly large footprint in ram (500k for one, 1.5 megs for the other). Further, while the transmit one is tiny and simple (and should really be re-written in C for size, it's not rocket science), the recieve one is not only large and complex, but needs root priveledge to write /etc/hosts - and a lot of things complain about that unless you run it manually from a terminal. I want both to be daemons that run at startup, now and forever, which again, is pretty easy for the transmit one, but kind of hairy for the receive one. And no, I don't want to make /etc writable by non-root, it's dangerous.

But the programs work as is, run in terminals (even detached) and I can turn off their debugging printing etc for that. Anybody out there have a better idea?

Note, to make any sense at all of a perl program, use something that does syntax highlighting, else you'll just go blind. Gedit does, padre does, geany does, and so on.
FakeDNS.zip
Perl source code
(2.68 KiB) Downloaded 169 times

For example, here's one of them in gedit.
tellem.png
What code should look like - linux's version of notepad, but with actual features like color syntax highlighting for a dozen languages.
Posting as just me, not as the forum owner. Everything I say is "in my opinion" and YMMV -- which should go for everyone without saying.
User avatar
Doug Coulter
 
Posts: 2964
Joined: Wed Jul 14, 2010 8:05 pm
Location: Floyd county, VA, USA

Re: DNS for my LAN

Postby solar_dave » Tue Jan 01, 2013 6:05 pm

OK Doug what is Your router? Most will allow fixed IPs on the private side of the network router, you should used one of the private address spaces like 10.0.0.0 or 192.168.1.0. Then a simple bind9 for named installed on one of your Linux machines should suffice. It requires pair of files, a fake local domain and a reverse lookup file configured with a forwarder to the ISP DNS for outside addresses. Then you just set your resolv.conf files to point at your local Linux box with a search directive for your local private LAN. At the same time you could also do a NTP server locally.

I just did a bit more complex setup on contract for a firm in SFO, but just slightly more complex. I would be glad to offer some examples if your interested. I could even scrub up some of the diagrams I did for those guys.

If you must keep the DHCP based system look for the Wikipedia pages on DDNS (dynamic dns).
Dave Shiels

My TED 5000 power monitoring
http://phx-solar.no-ip.info:8081/Footprints.html
solar_dave
 
Posts: 108
Joined: Tue Aug 21, 2012 1:33 pm
Location: Phoenix, AZ

Re: DNS for my LAN

Postby Jerry » Wed Jan 02, 2013 8:40 am

My FIOS service comes with an actiontec router which really sucks as a router, has a very small NAT table. I put the actiontec in bridge mode and use a regular router after that. Works great.
Jerry
 
Posts: 556
Joined: Sun Jul 18, 2010 1:07 am
Location: Beaverton, OR

Re: DNS for my LAN

Postby Doug Coulter » Wed Jan 02, 2013 12:46 pm

I have zero control over my router. Zero. I know it should be able to handle this. Fixed IP is something we used to do, but if I do that, it won't allow internet access. No one at the phone company has a clue, or is willing to figure it out, it's all on me. And a fixed IP scheme still doesn't tell "Fuze3" that "server" is online or not, at least not without a deliberate ping.

You're not understanding the situation. Most of the time only one machine is on, though I have rough order of 20 specialized for various tasks, so I cannot do the "server and slaves" bit - can't afford the extra juice, especially not at this time of year when solar is zero or nearly. This is our dark season, on top of the winter solstice, it's dark/rainy almost every day, and I'm burning gasoline to run just the trading machine and keep one light on.
Posting as just me, not as the forum owner. Everything I say is "in my opinion" and YMMV -- which should go for everyone without saying.
User avatar
Doug Coulter
 
Posts: 2964
Joined: Wed Jul 14, 2010 8:05 pm
Location: Floyd county, VA, USA

Re: DNS for my LAN

Postby solar_dave » Wed Jan 02, 2013 9:13 pm

Doug one pretty elegant solution would be to put a dd-wrt low power router in that you control after your phone company router. It could fetch a DHCP address from the phone company for the ouside address and allow you to hide everything behind it from the phone company while running fixed IPs interanaly It can act as a DNS server and a whole myriad of other tasks, like FW, small web server ...

Plug computers are also a other low wattage solution. The one designed for my TED web server only draws about 10-15 watts.

Yeah the dark days are tough on off grinders this time of year. I just got my Dec bill, $0.00 all fees and taxes paid. With a $18.18 credit from my annual settle up with the utility. Much less than I expected but we used lots of heat pump this month and of course charged 2 Volts.
Dave Shiels

My TED 5000 power monitoring
http://phx-solar.no-ip.info:8081/Footprints.html
solar_dave
 
Posts: 108
Joined: Tue Aug 21, 2012 1:33 pm
Location: Phoenix, AZ

Re: DNS for my LAN

Postby Jerry » Fri Jan 04, 2013 1:38 am

Just set the IP manually in each machine.

You should look at a mac mini if you want a low power machine. 11 watts at idle and 85 at full load.
Jerry
 
Posts: 556
Joined: Sun Jul 18, 2010 1:07 am
Location: Beaverton, OR

Re: DNS for my LAN

Postby solar_dave » Fri Jan 04, 2013 12:10 pm

Jerry wrote:Just set the IP manually in each machine.

You should look at a mac mini if you want a low power machine. 11 watts at idle and 85 at full load.


Yep I like my MAC minis here as well even less power if you SSD them.
Dave Shiels

My TED 5000 power monitoring
http://phx-solar.no-ip.info:8081/Footprints.html
solar_dave
 
Posts: 108
Joined: Tue Aug 21, 2012 1:33 pm
Location: Phoenix, AZ

Re: DNS for my LAN

Postby Doug Coulter » Sat Jan 05, 2013 7:29 pm

Well, my use-case is that I might want to hardcode a machine name into a script (like for data aq for the fusor) or populate a dropdown box so the data aq user can pick one machine to shove data to. This turns out to be moderately important to be able to do, as once in awhile, despite "heroic" measures, a bit of lightning (from the fusor supplies) will just take that machine right on down - fry the mobo before it could so much as close a log file it was keeping, for example. And in re "vampire loads", yes, I've been watching with great interest on some of these little low power things, but really, 10w? When you're on off-grid solar...even 10w is significant for an always on kind of thing. Perhaps something a little nicer than the odroid will come along and change my mind someday, but not yet.

I looked up all the junk on bind and named, and while it looks like it can do what I want - it will only take weeks to setup a caching only discovery DNS, and only take 10 times the ram etc as my existing approach. Couldn't find a simple recipe - it's like learning samba.conf or something equally nasty to set that dinosaur (for this use case) up. So that's no-go.

Proceeding, I've already got the tellem program daemonized and running on all the relevant machines as a startup program - I don't have to remember to do a thing. And I've learned a couple of things along the way there, like anything running like that is root already, and doesn't have some of the limitations I'd run into running from a terminal as root. Evidently, linux assumes that by the time you've got it in someplace like /usr/bin and owned by root, it must be fine, so the stage is set to daemonize the tellme program that actually updates /etc/hosts (which is also, BTW, about 10k times faster than dns, since it's a simple file read that doesn't need even more network traffic and delays, much less the logic, to work).

But I ran into an edge-case that's kind of interesting, and in my case, important to handle, which is the next job. The way I get my own IP address is essentially to run hostname -I. Well, on a host with more than one ethernet adapter (the fusion machine has 3!) it returns all three. In my case that's one for the wired ethernet (essential when xferring large files, but usually unplugged when HV is around to avoid frying other things on the net), then wireless (slow - 10 megabit, but fine for data xfer during a run, and safe), and another wired one that usually doesn't have an IP at all, but when it does, it's from windows running in Virtual Box and talking to my mass spectrometer on a completely different network space than my usual 192.168.1.x, and the hostname program potentially returns all 3 IP addresses. Oops. /etc/hosts doesn't handle that one well at all.
There are workarounds of course, but they are messy and complex and not as deterministic as I'd like - you can only have one IP on a line, but you can have more than one line with the same host name for example, but that merely wastes space and it still just pulls the first name match anyway when resolving.

Going with the philosophy "be strict in what you emit, and loose in what you'll accept", the first place that needs work is the tellme program, so it can pick just one, and hopefully the right single IP to send. If I get multiples, I guess I will take the first one that starts with 192.168 and ditch the rest before sending.
Another caveat is I forgot to close STDIN, STDOUT, STDERR on my daemon. It works anyway, since I disable printing etc, but I should go ahead and make that change too just to be "clean" and "set a good example" so I will. But, so far, so good, and it now looks like this:
tellem.png
Doesn't quite fit on one screen anymore...
Posting as just me, not as the forum owner. Everything I say is "in my opinion" and YMMV -- which should go for everyone without saying.
User avatar
Doug Coulter
 
Posts: 2964
Joined: Wed Jul 14, 2010 8:05 pm
Location: Floyd county, VA, USA

Re: DNS for my LAN

Postby Doug Coulter » Sun Jan 06, 2013 7:33 pm

Ok, just a bit more work and "tellem" is now a daemon that broadcasts one and only one IP per machine, and logs errors in /tmp/tellem.log (wiped out anew with each startup so it doesn't get huge). Now to get on with tellme in a version that actually does daemonize and change /etc/hosts, but the version in this zip is merely a program you can run from a command prompt (or various other ways) that only prints out what it sees. Handy for debugging, and since it's limited in what it can do just now, I renamed it "Justtellme" since that's all it does.
And here they are. Just a little more foolin around and I'll have it - some useful, very lightweight tools for intra-lan "DNS" that don't depend on a lot. These really don't make a blip on CPU or ram resources - nice.

Tells.zip
zip of the perl programs for homebrew DNS
(1.72 KiB) Downloaded 150 times


I will of course update this when I have something tested and "safe as I can make it" for the part that will finish the job and update /etc/hosts. I have a proto of that here, but...I'm conservative about things like that (and scripts running as root daemons are things to be very conservative about!).

To use tellem, unzip it in your name/bin directory (create one if you don't have it, it will automatically be added to your path next boot and be searched for executables when you try to run something), make it executable (I use nautilus and properties) then copy it to usr/bin (as root) with something like:
name@machinename:~/bin$ sudo cp tellem /usr/bin

Then go to system preferences and add the one in /usr/bin to your startup programs, and it will run every time you boot up, silently. You can then run Justtellme to see it sending things, or look at /tmp/tellme.log to see the logged broadcasts from the local machine.

FWIW, there are some assumptions made in this code. The main one is that your lan is basically 192.168.1.???, and is easily changed in the code itself. The functions that would tell me the correct broadcast address don't always work right, so I just hardcoded that in near the top where I'm defining the global "my" variables, and one other place where we filter IP's to make sure we broadcast one that's on the LAN, not for example, the hardwired one I use to talk to my mass spectrometer (163.53.x.x), since no one else can see that one anyway.
Posting as just me, not as the forum owner. Everything I say is "in my opinion" and YMMV -- which should go for everyone without saying.
User avatar
Doug Coulter
 
Posts: 2964
Joined: Wed Jul 14, 2010 8:05 pm
Location: Floyd county, VA, USA

Re: DNS for my LAN

Postby Doug Coulter » Sun Jan 06, 2013 10:58 pm

Ok, a little hair pulling (and I don't have many to spare) and we got it!

Tellsv.9.zip
A working set for intra-LAN DNS
(3.5 KiB) Downloaded 159 times


Here's how to use this stuff.
Extract the zip.
copy tellem and tellme to /usr/bin (or someplace else they are likely to be safe, executable and on the path). Ensure they are executable there using the normal linux tools for that.
For ease of use, I'll either use a terminal and sudo with the cp command, or say something like sudo nautilus to the terminal so I can adjust "properties" and owners of things via right click on them.

tellem doesn't need any special privileges to work, it can be owned by "yourusername" or root as you prefer (but probably not owned by doug unless that's your name too, you'll have to change that one perhaps). I got that running by using the system/preferences/startup programs dialogs. For whatever reason, it didn't start working till about 2 reboots after that, and you might want to do what I did for tellme instead. For that, I used and upstart configuration file in /etc/init that you can copy, rename, and change the name of the program executed by it. Not too horrible, and that seems more reliable than the user-space "startup programs" kludge.

Once you have tellme in /usr/bin, you need to change it's ownership to root, and do something like "chmod 6711 tellme" while you are root in that directory. This one, since it writes a root-owned file, /etc/hosts, needs real privileges and linux is rightly very careful about running things as root. It's also picky about who owned the world when it started - it can't escalate its privileges after starting on most distros (this is good!). Therefore, the startup applications thing does NOT work for this (it assumes your normal user privileges and runs things as you), instead, there is provided a tellme.conf file in the zip. You copy this to /etc/init/, which will already have a ton of .conf files in it. This file can be owned by you as well - it doesn't need to be root or have special privileges (oops, I smell a gaping linux security hole here, and this one ain't my fault). This will get tellme started as root on startup.

To see if this stuff is working, use the system monitor, under processes, and edit your preferences so you see "all processes", not just yours. If tellme and tellem are there, you're golden. If not, well...they can't work if they aren't running.

Now, here's how it all works. Tellem simply broadcasts a machine's name and IP over UDP broadcast to the LAN, periodically. For grins, I used a semi-random number to tell it how long to sleep between broadcasts, and it's always a large number on the order of 60 seconds or so - machines don't come and go that fast, and why clog up the LAN or waste CPU?

Anybody who wants this info, and wants it put into /etc/hosts (which is checked before any DNS for name resolution), runs tellme. If you don't like automation, you could just run it from a terminal of course - as root, or it'll die right away the first time it tries to write the hosts file. You'd say something like "sudo tellme" to do that - or add an ampersand after the program path if you want to disconnect from it, though if debug is set, it will still print junk there. It sits and listens for those broadcasts from the rest of the lan (and yourself if you are also running tellem - broadcasts come home too).

It's smart enough to ignore broadcasts from localhost, which would overwrite the faster internal loopback for yourself in the hosts file, but any other change - even a machine that somehow changes its IP on the fly, it will pick up on - that was the entire point, after all. This case can happen here because I have one multi-homed host (more than one NIC) and sometimes it will report the wired NIC, sometimes the wireless if I've unplugged the cable on the wired connection. Which was the entire point here - I unplug this when running that nasty 50kv power supply right next to the machine that does data aq - because we don't want to couple a megawatt arc into the rest of the LAN no matter what. I've also found that restarting a machine on my LAN might make it get a different IP address as well, and I'd rather just remember the machine name than do arp-scan or something.

So, tellme maintains some hashes of info, and when there's a change or it hasn't heard anything from a machine named in one of the hashes for 2 minutes, it recomposes and rewrites the /etc/hosts file with proper syntax. It will also do this immediately on boot up, as it defaults to "changed" at that point, since the last time you ran, you might have had a bunch of other entries in your hosts file, and now those machines aren't on - so no need to wait 2 minutes to repair that - it does it right away on boot.

Note, if you've added a bunch of junk to your hosts file, this will wipe it. You can fix that by adding your special stuff into the "here document" I use to put back the ipv6 junk my original hosts file had in it.

This is like some other designs I do, that I get some complaints about - like when someone duped my preamp design and utterly ignored the fact that I spent years eliminating things it didn't need, and in serious component selection - it only works the way I showed it, not just any old bunch of substituted junk will do. The word is "beware the wires/components that aren't there, because I designed this to not need them" - Don't think (except at your own risk) that you can fiddle this because I obviously missed something, unless you're either as good/better as me, or into serious pain and suffering. This works as is.

And now, with this installed on my net, I can simply type things like "server/" into a browser and hit the apache server on server - or any other machine I have that has a web server on it (all of them). Further, I can now populate drop-down lists and stuff in other programs, so that my data aq can go to any machine on the LAN that is running mysql (all of them, but I'd usually use my machine named server, which was custom built just for that - SSD's and all, it's serious stuff).

So, whether the phone company is working or not, my LAN can (and does) look like a miniature, simplified internet, all the stuff works that would work whether a machine is here or across the planet.

Now, if your internal lan isn't of the form 192.168.1.???\8, then you'll have to edit things that look like that in the programs to reflect your default LAN setup. They tend to be at the top of tellem as a variable set to that, or in a test in the routine in tellem called mynetinfo (so as to eliminate really weird responses I get from another nic that isn't really on my LAN at all). Should be obvious what to do there. .255 as the last number in the IP is always going to be the broadcast address.

If the port I used, 53831, is already in use on your lan for something, you'll have to change that too - I just used my birthday since it got me above the already assigned ports for most machines, hence the joke in the comments.

But it works now, and well, YAY :mrgreen: And now I can get on with what I needed this for - a scheme to push realtime data acquisition into a database on another machine, instead of using a mere log file on the machine doing the acquisition. That approach had two flaws (that I've run into). For one, I sometimes forget to tell my data aq to even make a log file, and while you can recover from that by doing ctrl-a, ctrl-c, then ctrl-v into an editor (from the data aq edit box), that's not in the right format, and I had to write another perl script to make the format right again (add all the text labels back between the numbers). Also, in the event of "lightning" - things lock up, the file isn't closed, that machine might be toast totally - and any data stored on it is just a dream - and that has happened more times than my wallet is happy with already. This way, the data goes out line by line to another machine that's a long way off, and very safe, and if we lose it in the middle, so be it - the mysql database won't mind and what we got, we really have gotten and safely.

Now for the fun parts. This was a bit of digging deep into more sysadmin-type stuff than even I like doing. But it's done now, and the fun can begin with "real" things.

:D :D :D :D :D :D :D
Posting as just me, not as the forum owner. Everything I say is "in my opinion" and YMMV -- which should go for everyone without saying.
User avatar
Doug Coulter
 
Posts: 2964
Joined: Wed Jul 14, 2010 8:05 pm
Location: Floyd county, VA, USA

Next

Return to PC

Who is online

Users browsing this forum: No registered users and 1 guest