Any Solutions for Installing Plugins -- Jail and DNS Problem

[Sûmi]

I installed the last release of the TrueNAS 12 core.
Apparently there are problems when you want to install a plugin. The jail is installed but as soon as it is installed and he starts to install the package, a query via DNS into the Internet within the jail then fails.

I also have the same problem here for Plex using a script to install the whole thing. Likewise, it fails to install other plugins itself. You can also rule out that it is due to the release within the jail because I used Plex with 12.2, 12.1 and others 11.3 from other plugins.

I also made a DNS query via the shell, there are no problems with the resolution for me. Of course, I also checked /etc/resolv.conf to see whether the correct DNS servers were available there.

Even if the jail was installed, the correct DNS server was there, but apparently the jail does not come out into the internet via port 53.

Is there a solution to this problem apparently I'm not the only one with the problem.

Thank you for your help.

 

[ornias]

Did you try a reboot?

 

[Sûmi]

I've also rebooted the server several times. But unfortunately that has no influence on it.
It should be mentioned that the server runs as a VM in an ESX environment, but that doesn't matter because there is network connectivity.

 

[terri1769]

I'm having the same issue. I also see other reports of it in this forum. Brand new TrueNAS install and it has definitely been rebooted. Plugins that don't require pkg.truenas.org install, like Duplicati.

 

[Sûmi]

Thank you for your information, I have also seen that many report this problem, but unfortunately I have not found anything that is already being worked on and when a probable solution or workaround can be expected. I can only say with certainty that this problem is currently present in TrueNAS 12.0 U2-1. And hope that there will soon be good news from the manufacturer that you are addressing the problem.

 

[Mushishi]

Do you run a lagg group on your network interfaces. Because i have had the same problem when all my interfaces was bonded together, so i removed one of the interfaces from my bonded group, and use that interface just for my plugins.

 

[Sûmi]

Hi, I don't have a link aggregation group.
That has to do with it because I have already connected everything to LACP etc. via vCenter, so it is not necessary to do that there within the VM.

I have connected a virtual network interface to the VM as normal and via this I also have normal Internet with DNS etc. only unfortunately the name resolution within the jail does not work.

That's my problem.

Best regards

 

[Mushishi]

Well seems strange then. Though i have to say i am using a version i did upgrade from 11 and not a fresh install and i do run mine on bare metal and not in a vm, that might have something to say. I am planning to move my NAS to scale this week so can start with a fresh install and give it a test again.

 

[Sûmi]

Hello everybody,

I did another test and have now definitely come to the result that there is an error with the plugins in the Truenas Core 12.0 U2.1 version.

This is what my test looked like.
1. I tried TrueNAS Scale, configured the network here and then installed it as a plug-in / APP Plex here had no problems with it ran flawlessly.

2.Then I took a freshly installed TrueNAS Core 12.0 U2.1 again, I also configured the network here and unfortunately there were again problems with the resolution of the DNS name.

So basically the same error as on my productive system.
So no matter how you turn it, I can say that there are currently problems installing plugins on the FreeBSD platform. I hope that a developer will comment on this soon and possibly also say when a fix for this problem can be expected.

Because it seems that there is a bug on the FreeBSD platform.

Many thanks.

 

[Patrick M. Hausen]

Please file a bug ticket. Devs don't read this forum for bug reports.

 

[aiden21c]

Just wondering if this is still a known issue. I recently updated to TrueNAS-12.0-U5.1 and my previously working Plex jail and Ubuntu Server VM seem to no longer be able to access DNS servers, despite having access to the internet (ping 8.8.8.8 works but google.com does not). The truenas itself has no issues, it appears only to have issues within jails and VMs. Been pulling my hair out looking for a solution all week as Plex has become unusable outside my local network.

 

[Patrick M. Hausen]

What's the output of iocage get resolver <jailname>?
What's in /etc/resolv.conf inside the jail?
Can you ping/ping6 that address from inside the jail?
Can you manually use drill inside the jail to query that server?

 

[aiden21c]

What's the output of iocage get resolver <jailname>?
What's in /etc/resolv.conf inside the jail?
Can you ping/ping6 that address from inside the jail?
Can you manually use drill inside the jail to query that server?

Apologies for the screenshots from my phone, but these are the outputs to the commands you asked for. The resolve.conf inside the jail mimics that of the TrueNAS (both are the same). I can ping this nameserver from inside the jail and I can use drill to manually query that server. I just can't ping any host names

 

[Patrick M. Hausen]

So drill google.com works while ping google.com doesn't? Sorry, that's weird. No idea. Next I would do a packet trace on the NAS host with tcpdump.

Is this a VNET jail? Does it use NAT? If yes to both, I would suspect the latter.

 

[aiden21c]

So drill google.com works while ping google.com doesn't? Sorry, that's weird. No idea. Next I would do a packet trace on the NAS host with tcpdump.

Is this a VNET jail? Does it use NAT? If yes to both, I would suspect the latter.

I have done a tcpdump from the Nas Host while monitoring the traffic from the interface connected to the plex jail. I then did a ping to google.com out from the plex jail and here is an excerp of the output:
09:27:20.128142 IP 192.168.0.11.54511 > dns.google.domain: 43986+ A? google.com. (28) 09:27:20.134755 IP 192.168.0.15.domain > 192.168.0.11.54511: 43986 1/0/0 A 142.250.70.206 (44) 09:27:20.134882 IP 192.168.0.11 > 192.168.0.15: ICMP 192.168.0.11 udp port 54511 unreachable, length 80 09:27:20.521090 ARP, Request who-has 192.168.0.8 tell 192.168.0.1, length 46 09:27:21.198200 IP 192.168.0.11.11661 > 192.168.0.255.32412: UDP, length 21 09:27:21.198216 IP 192.168.0.11.27598 > 192.168.0.255.32414: UDP, length 21 09:27:21.198250 IP 192.168.0.15.11661 > 192.168.0.255.32412: UDP, length 21 09:27:21.198270 IP 192.168.0.15.27598 > 192.168.0.255.32414: UDP, length 21 09:27:21.198295 IP 192.168.0.11.32414 > 192.168.0.15.27598: UDP, length 248 09:27:21.198316 IP 192.168.0.15 > 192.168.0.11: ICMP 192.168.0.15 udp port 27598 unreachable, length 284 09:27:21.333264 IP 192.168.0.11.38097 > 239.255.255.250.ssdp: UDP, length 173 09:27:21.333277 IP 192.168.0.11.38097 > 239.255.255.250.ssdp: UDP, length 173 09:27:21.333299 IP 192.168.0.15.38097 > 239.255.255.250.ssdp: UDP, length 173 09:27:21.333317 IP 192.168.0.15.38097 > 239.255.255.250.ssdp: UDP, length 173 09:27:21.333787 IP 192.168.0.11.34497 > 192.168.0.15.38097: UDP, length 344 09:27:21.333874 IP 192.168.0.15 > 192.168.0.11: ICMP 192.168.0.15 udp port 38097 unreachable, length 380
192.168.0.15 is the Host NAS, and 192.168.0.11 is the jail. It appears that there is some disconnect between the host relaying udp information to the jail, if i am reading this output correctly.

This is a thread i made myself asking for help on the issue, and have had no luck over there either.

 

[Patrick M. Hausen]

This looks wrong:

Code:

09:27:20.128142 IP 192.168.0.11.54511 > dns.google.domain: 43986+ A? google.com. (28)
09:27:20.134755 IP 192.168.0.15.domain > 192.168.0.11.54511: 43986 1/0/0 A 142.250.70.206 (44)

Source address for the reply packet should be Google, not your NAS host.

I'd file a bug ticket.

 

[aiden21c]

This looks wrong:

Code:

09:27:20.128142 IP 192.168.0.11.54511 > dns.google.domain: 43986+ A? google.com. (28)
09:27:20.134755 IP 192.168.0.15.domain > 192.168.0.11.54511: 43986 1/0/0 A 142.250.70.206 (44)

Source address for the reply packet should be Google, not your NAS host.

I'd file a bug ticket.

Thanks heaps for all the help. Is there any instruction you can provide in filing bug tickets, cause I'm genuinely not sure how to go about it (I'm sorta new to this) and what I should include in it, because don't I have to have evidence of the bug to file a bug ticket?

 

[Patrick M. Hausen]

Got to https://jira.ixsystems.com, register a user account, then create a new issue describing your problem.

 

[aiden21c]

Got to https://jira.ixsystems.com, register a user account, then create a new issue describing your problem.

Thank you very much for your help. I have filed a bug ticket here.

 

[CragMonkey]

Thank you very much for your help. I have filed a bug ticket here.

Your ticket indicates you "found the culprit"... what did you need to fix?