Jails Unable to Resolve Domain Names

[aiden21c]

I have recently done a large amount of work on my TrueNAS-12.0-U5.1 build and seem to have broken something. Alongside updating it to the latest software last night, I also have configured OpenVPN (running smoothly) on it following this tutorial. I am currently running an Ubuntu Server 20.04 VM with PiHole (nothing on the network currently pointing to it), a Plex server in a jail and OpenVPN. For some reason, all of a sudden, my Plex jail can no longer resolve domain names (can ping 8.8.8.8 but not google.com), and the same issue occurs within the Ubuntu Server VM. OpenVPN has no such issues.

As of before yesterday, Plex was working perfectly, and I believe it would have been using the DNS of the router or the FreeNAS (the FreeNAS is configured to use 8.8.8.8 and 8.8.4.4). Currently Plex shows to have "remote access enabled", however it cannot actually be accessed remotely and it can't do any matching as that relies on DNS. The PiHole is unable to resolve Host Names and hence is running as the worlds worst DNSat the moment.

My whole network is not effected, and this doesnt even effect the overall TrueNAS build, simply the jails and VM running inside it.
The resolv.conf of the TrueNAS:

Code:

root@truenas[~]# cat /etc/resolv.conf
# Generated by resolvconf
search local
nameserver 8.8.8.8
nameserver 8.8.4.4

The resolv.conf of the Plex Jail (192.168.0.1 is my current router. Plex was assigned the IP 192.168.0.11 via DHCP):

Code:

root@Plex:/ # cat /etc/resolv.conf
# Generated by resolvconf
search home
nameserver 192.168.0.1

I dont really understand what I could have done to mess this up, unless it was something to do with the OpenVPN or settings on my router. I understand i could just change the nameserver in resolv.conf for every jail to 8.8.8.8, but I want a more permanent fix as this is supposed to reset after reboot. Hope I can get a hand. Cheers!

 

[Vertigo 7]

That is odd. I don't see how running a VPN server on your network, be it on the NAS or other device, could impact DNS resolution for any local clients.

How is your network configured? Are you using a single subnet or are your jails and VMs on a separate subnet from the NAS or other devices on your network?

 

[aiden21c]

That is odd. I don't see how running a VPN server on your network, be it on the NAS or other device, could impact DNS resolution for any local clients.

How is your network configured? Are you using a single subnet or are your jails and VMs on a separate subnet from the NAS or other devices on your network?

At the moment everything is on the .0 subnet. TrueNAS is .0.15, PiHole is .0.39, Plex is .0.11, ect. These addresses were set dynamically initially, and in the case of the PiHole and the TrueNas I statically set it on the end device side (so the IPs definitely don't clash with any other network devices). Again, I just can't understand why nothing else on the network, including the TrueNAS seems to be effected. It is truly only the Jail's and VMs. And on top of that, they can reach the internet, they just can't resolve host names

 

[sretalla]

The jail will be aligning itself with the settings given by the DHCP server (probably your router = 192.168.0.1).

The TrueNAS host will probably be overriding the settings from DHCP, if that's how you set your IP, based on what you set in Network | Global Configuration or a mix of both.

The jail doesn't care what the host is set to do.

 

[aiden21c]

O

The jail will be aligning itself with the settings given by the DHCP server (probably your router = 192.168.0.1).

The TrueNAS host will probably be overriding the settings from DHCP, if that's how you set your IP, based on what you set in Network | Global Configuration or a mix of both.

The jail doesn't care what the host is set to do.

Ok I understand this. Based on the resolv.conf files above, the TrueNAS is set to resolve to 8.8.8.8 and 8.8.4.4, and the Plex jail is set to 192.168.0.1 (as you expected). What I don't understand is why this is a problem, if what you said is that it doesn't matter what DNS the jail is set to. By that logic, If the TrueNAS can resolve host names then shouldn't the jail?

 

[Vertigo 7]

So you're not utilizing the pihole with your TrueNAS stuff? If you point DNS for your TrueNAS and stuff it's hosting to .0.39 address, does that change anything?

 

[aiden21c]

So you're not utilizing the pihole with your TrueNAS stuff? If you point DNS for your TrueNAS and stuff it's hosting to .0.39 address, does that change anything?

At the moment nothing is pointing towards .39 as it's DNS server. If I point the TrueNAS to it, I feel it will break the build. I did test a secondary modem I have on my network (now disconnected) by pointing that to .39 as it's main DNS, and when connected to that modem I experience similar issues being unable to resolve host names. That modem has worked previously when utilising .39 as it's DNS

 

[aiden21c]

Update: I just tried to update the plex jail from within the web GUI (which failed), and now plex is unable to find the server at all, making it inaccessible from the same LAN completely

 

[Vertigo 7]

I don't understand how pointing your server and jails at a dns (pihole) server would break anything.

 

[aiden21c]

I don't understand how pointing your server and jails at a dns (pihole) server would break anything.

Well I guess because currently the PiHole is having the same problems as the server and jails and also cannot resolve host names. If the PiHole also cannot ping google.com then it won't be able to respond to DNS requests sent by the server or the jail?

 

[Vertigo 7]

is pihole running on a VM on your truenas or on a separate device? can you ping the pihole from your server?

 

[aiden21c]

is pihole running on a VM on your truenas or on a separate device? can you ping the pihole from your server?

The pihole is running in an Ubuntu server VM on the NAS. I can ping it from the NAS, and I can ping the NAS from the PiHole. But the PiHole cannot resolve host names (i can ping 8.8.8.8 but not google.com from inside the VM). The same issue happens from inside the jail, the behaviour is exactly the same

 

[Vertigo 7]

did you add any firewall rules to your router that would be blocking port 53?

 

[aiden21c]

did you add any firewall rules to your router that would be blocking port 53?

Nothing has really changed on my router other than adding a DDNS entry for Open VPN, as well as opening port 1194 for passthrough. If there was a rule blocking port 53, would this not effect the whole network not just the vm and jails?

 

[Vertigo 7]

depends on how the rule was set up. firewall rules can be crafted to only impact certain source and/or destination IP addresses or a range of addresses, not just ports with a blanket allow or block.

 

[aiden21c]

depends on how the rule was set up. firewall rules can be crafted to only impact certain source and/or destination IP addresses or a range of addresses, not just ports with a blanket allow or block.

I'm pretty confident I can rule this out based on the reasoning that I am the only one configuring my router, and I know for certain I have not added any firewall settings. The modem is exactly as it was when my setup was working, the only difference being port 1194 is open, and there is now static routes in place for both the Plex jail IP and the TrueNas IP. The LAN configuration are attached and there are no rules set in the IP or Mac filtering (nor any firewall rules set). I did find This link that puts a similar issue down to general problems with TrueNas release 12, could this potentially be a bug as I did run an update on Sunday night before it all stopped working?

 

[Vertigo 7]

Wait... you created a static route for Truenas? Can you share your route table?

 

[aiden21c]

Wait... you created a static route for Truenas? Can you share your route table?

Here is as much info I have from the modemn the modem uses DNS servers assigned by the ISP (which appear to be working seeing as the rest of the network is unaffected)

 

[Vertigo 7]

Sorry for the delayed response, been away.

So I'm not seeing anything that shows your static routes you mentioned you set up. I do see your DHCP reservations for Plex and Truenas, is that what you were referring to?

I'm wondering if your lack of DNS response is because your ISP is doing some funkyness with DNS. Some force you to use their DNS and won't allow you to use any other DNS service. If you change the DNS address you're using with Plex and Truenas to your router/modem's IP address, does that fix your problem?

 

[aiden21c]

Sorry for the delayed response, been away.

So I'm not seeing anything that shows your static routes you mentioned you set up. I do see your DHCP reservations for Plex and Truenas, is that what you were referring to?

I'm wondering if your lack of DNS response is because your ISP is doing some funkyness with DNS. Some force you to use their DNS and won't allow you to use any other DNS service. If you change the DNS address you're using with Plex and Truenas to your router/modem's IP address, does that fix your problem?

Sorry yes I was referring to the DHCP reservations. And I completely understand what you're saying about the ISP forcing the use of their own DNS, however would this effect both the host Nas and the jail (in this case it's only effecting the jail). Similarly, i only changed the DNS in the jail this week to 8.8.8.8 to try and fix this issue (it was previously my routers address). Last week (before this bug occured) I also had a secondary router on my network which had its DNS pointing towards my PiHole and it was working perfectly fine until this issue occured within the VM.

I have filed a bug ticket as I was recommended by another user to, as they believed that this is likely a bug in the new update that I ran on Sunday (before everything broke). You can see our conversation here.

Thanks for all your help I greatly appreciate it, and if there is anything other trouble shooting you can provide them I'm more than happy to give it a go.