Mailing List Archive

what about a "net int show -fields vserver, role,data-protocol,
firewall-policy"

--tmac

*Tim McCarthy, **Principal Consultant*

*Proud Member of the #NetAppATeam <https://twitter.com/NetAppATeam>*

*I Blog at TMACsRack <https://tmacsrack.wordpress.com/>*



On Thu, Apr 25, 2019 at 2:52 PM Scott Classen <sclassen@lbl.gov> wrote:

> Hello,
>
> Can anyone help me with this before I open a case with NetApp?
>
> dns check on one of my sververs fails (see below where I get an “Operation
> timed out” error), but I can ping and traceroute from the vserver to the
> gateway and the DNS servers.
>
>
>
> sibyls2::*> dns show -vserver als-enable-ds1
>
> Vserver: als-enable-ds1
> Domains: als.lbl.gov, lbl.gov
> Name Servers: 131.243.5.1, 131.243.5.2
> Timeout (secs): 2
> Maximum Attempts: 1
> Is TLD Query Enabled?: true
> Require Source and Reply IPs to Match: true
> Require Packet Queries to Match: true
>
>
> sibyls2::*> dns check -vserver als-enable-ds1
> Name Server
> Vserver Name Server Status Status Details
> ------------- --------------- ------------ --------------------------
> als-enable-ds1 down Operation timed out.
> 131.243.5.1
> als-enable-ds1 down Operation timed out.
> 131.243.5.2
> 2 entries were displayed.
>
>
> sibyls2::*> ping -node sibyls2-03 -destination 131.243.78.1 -vserver
> als-enable-ds1 -wait-response 2000 -count 3
> 131.243.78.1 is alive
>
> sibyls2::*> ping -node sibyls2-03 -destination 131.243.5.1 -vserver
> als-enable-ds1 -wait-response 2000 -count 3
> 131.243.5.1 is alive
>
> sibyls2::*> ping -node sibyls2-03 -destination 131.243.5.2 -vserver
> als-enable-ds1 -wait-response 2000 -count 3
> 131.243.5.2 is alive
>
> sibyls2::*> ping -node sibyls2-04 -destination 131.243.78.1 -vserver
> als-enable-ds1 -wait-response 2000 -count 3
> 131.243.78.1 is alive
>
> sibyls2::*> ping -node sibyls2-04 -destination 131.243.5.1 -vserver
> als-enable-ds1 -wait-response 2000 -count 3
> 131.243.5.1 is alive
>
> sibyls2::*> ping -node sibyls2-04 -destination 131.243.5.2 -vserver
> als-enable-ds1 -wait-response 2000 -count 3
> 131.243.5.2 is alive
>
> sibyls2::*> traceroute -node sibyls2-03 -vserver als-enable-ds1
> -destination 131.243.78.1
> traceroute to 131.243.78.1 (131.243.78.1), 64 hops max, 40 byte packets
> 1 vlan3078.irals.lbl.gov (131.243.78.1) 0.521 ms * 0.484 ms
>
>
> sibyls2::*> traceroute -node sibyls2-03 -vserver als-enable-ds1
> -destination 131.243.5.1
> traceroute to 131.243.5.1 (131.243.5.1), 64 hops max, 40 byte packets
> 1 vlan3078.irals.lbl.gov (131.243.78.1) 0.478 ms 0.369 ms 0.376 ms
> 2 xe-2-2-1.er1-n1.lbl.gov (131.243.244.140) 0.411 ms 0.391 ms 0.330
> ms
> 3 t5-4.ir1-n1.lbl.gov (131.243.244.131) 0.796 ms 1.365 ms 0.524 ms
> 4 ns.lbl.gov (131.243.5.1) 0.402 ms 0.765 ms 0.936 ms
>
>
> sibyls2::*> traceroute -node sibyls2-03 -vserver als-enable-ds1
> -destination 131.243.5.2
> traceroute to 131.243.5.2 (131.243.5.2), 64 hops max, 40 byte packets
> 1 vlan3078.irals.lbl.gov (131.243.78.1) 0.446 ms 0.409 ms 0.375 ms
> 2 nsals.lbl.gov (131.243.5.2) 0.649 ms 1.047 ms 1.080 ms
>
> sibyls2::*> traceroute -node sibyls2-04 -vserver als-enable-ds1
> -destination 131.243.78.1
> traceroute to 131.243.78.1 (131.243.78.1), 64 hops max, 40 byte packets
> 1 vlan3078.irals.lbl.gov (131.243.78.1) 0.443 ms * 0.502 ms
>
> sibyls2::*> traceroute -node sibyls2-04 -vserver als-enable-ds1
> -destination 131.243.5.1
> traceroute to 131.243.5.1 (131.243.5.1), 64 hops max, 40 byte packets
> 1 vlan3078.irals.lbl.gov (131.243.78.1) 0.515 ms 0.402 ms 0.388 ms
> 2 xe-2-2-1.er1-n1.lbl.gov (131.243.244.140) 0.513 ms 0.344 ms 0.326
> ms
> 3 t5-4.ir3-n2.lbl.gov (131.243.244.129) 1.737 ms 1.618 ms
> t5-4.ir4-n3.lbl.gov (131.243.244.133) 0.582 ms
> 4 ns.lbl.gov (131.243.5.1) 0.898 ms 1.213 ms 0.517 ms
>
> sibyls2::*> traceroute -node sibyls2-04 -vserver als-enable-ds1
> -destination 131.243.5.2
> traceroute to 131.243.5.2 (131.243.5.2), 64 hops max, 40 byte packets
> 1 vlan3078.irals.lbl.gov (131.243.78.1) 2.075 ms 1.451 ms 0.403 ms
> 2 nsals.lbl.gov (131.243.5.2) 1.198 ms 0.410 ms 0.911 ms
> _______________________________________________
> Toasters mailing list
> Toasters@teaparty.net
> http://www.teaparty.net/mailman/listinfo/toasters
>

Output for the relevant server

als-enable-ds1 ae1g-1 data nfs data
als-enable-ds1 ae1g-2 data nfs data
als-enable-ds1 ae1g-3 data nfs data
als-enable-ds1 ae1g-4 data nfs data



> On Apr 25, 2019, at 11:56 AM, tmac <tmacmd@gmail.com> wrote:
>
> net int show -fields vserver, role,data-protocol, firewall-policy

maybe you should create a LIF on that SVM with no data-protocol and
firewall-policy of mgmt?
or...maybe something on the network is blocking port 53?

--tmac

*Tim McCarthy, **Principal Consultant*

*Proud Member of the #NetAppATeam <https://twitter.com/NetAppATeam>*

*I Blog at TMACsRack <https://tmacsrack.wordpress.com/>*



On Thu, Apr 25, 2019 at 2:59 PM Scott Classen <sclassen@lbl.gov> wrote:

> Output for the relevant server
>
> als-enable-ds1 ae1g-1 data nfs data
> als-enable-ds1 ae1g-2 data nfs data
> als-enable-ds1 ae1g-3 data nfs data
> als-enable-ds1 ae1g-4 data nfs data
>
>
>
> On Apr 25, 2019, at 11:56 AM, tmac <tmacmd@gmail.com> wrote:
>
> net int show -fields vserver, role,data-protocol, firewall-policy
>
>
>

So, ping and traceroute won't really check what you need to check for DNS connectivity; that's access to the IP over port 53.

DNS check will test round trip time to the DNS server by doing a simple DNS lookup of example.domain.com and reports the time it took for that request.

"Operation timed out" means either that the DNS query couldn't be made or it took longer than the DNS timeout you have set. Try increasing the timeout from 2 seconds to 10 seconds and retry the check. A packet trace will also be useful to see why/how the requests are failing.

-----Original Message-----
From: toasters-bounces@teaparty.net <toasters-bounces@teaparty.net> On Behalf Of Scott Classen
Sent: Thursday, April 25, 2019 2:48 PM
To: toasters@teaparty.net
Subject: DNS woes

NetApp Security WARNING: This is an external email. Do not click links or open attachments unless you recognize the sender and know the content is safe.




Hello,

Can anyone help me with this before I open a case with NetApp?

dns check on one of my sververs fails (see below where I get an ?Operation timed out? error), but I can ping and traceroute from the vserver to the gateway and the DNS servers.



sibyls2::*> dns show -vserver als-enable-ds1

Vserver: als-enable-ds1
Domains: als.lbl.gov, lbl.gov
Name Servers: 131.243.5.1, 131.243.5.2
Timeout (secs): 2
Maximum Attempts: 1
Is TLD Query Enabled?: true Require Source and Reply IPs to Match: true
Require Packet Queries to Match: true


sibyls2::*> dns check -vserver als-enable-ds1
Name Server
Vserver Name Server Status Status Details
------------- --------------- ------------ --------------------------
als-enable-ds1 down Operation timed out.
131.243.5.1
als-enable-ds1 down Operation timed out.
131.243.5.2
2 entries were displayed.


sibyls2::*> ping -node sibyls2-03 -destination 131.243.78.1 -vserver als-enable-ds1 -wait-response 2000 -count 3
131.243.78.1 is alive

sibyls2::*> ping -node sibyls2-03 -destination 131.243.5.1 -vserver als-enable-ds1 -wait-response 2000 -count 3
131.243.5.1 is alive

sibyls2::*> ping -node sibyls2-03 -destination 131.243.5.2 -vserver als-enable-ds1 -wait-response 2000 -count 3
131.243.5.2 is alive

sibyls2::*> ping -node sibyls2-04 -destination 131.243.78.1 -vserver als-enable-ds1 -wait-response 2000 -count 3
131.243.78.1 is alive

sibyls2::*> ping -node sibyls2-04 -destination 131.243.5.1 -vserver als-enable-ds1 -wait-response 2000 -count 3
131.243.5.1 is alive

sibyls2::*> ping -node sibyls2-04 -destination 131.243.5.2 -vserver als-enable-ds1 -wait-response 2000 -count 3
131.243.5.2 is alive

sibyls2::*> traceroute -node sibyls2-03 -vserver als-enable-ds1 -destination 131.243.78.1 traceroute to 131.243.78.1 (131.243.78.1), 64 hops max, 40 byte packets
1 vlan3078.irals.lbl.gov (131.243.78.1) 0.521 ms * 0.484 ms


sibyls2::*> traceroute -node sibyls2-03 -vserver als-enable-ds1 -destination 131.243.5.1 traceroute to 131.243.5.1 (131.243.5.1), 64 hops max, 40 byte packets
1 vlan3078.irals.lbl.gov (131.243.78.1) 0.478 ms 0.369 ms 0.376 ms
2 xe-2-2-1.er1-n1.lbl.gov (131.243.244.140) 0.411 ms 0.391 ms 0.330 ms
3 t5-4.ir1-n1.lbl.gov (131.243.244.131) 0.796 ms 1.365 ms 0.524 ms
4 ns.lbl.gov (131.243.5.1) 0.402 ms 0.765 ms 0.936 ms


sibyls2::*> traceroute -node sibyls2-03 -vserver als-enable-ds1 -destination 131.243.5.2 traceroute to 131.243.5.2 (131.243.5.2), 64 hops max, 40 byte packets
1 vlan3078.irals.lbl.gov (131.243.78.1) 0.446 ms 0.409 ms 0.375 ms
2 nsals.lbl.gov (131.243.5.2) 0.649 ms 1.047 ms 1.080 ms

sibyls2::*> traceroute -node sibyls2-04 -vserver als-enable-ds1 -destination 131.243.78.1 traceroute to 131.243.78.1 (131.243.78.1), 64 hops max, 40 byte packets
1 vlan3078.irals.lbl.gov (131.243.78.1) 0.443 ms * 0.502 ms

sibyls2::*> traceroute -node sibyls2-04 -vserver als-enable-ds1 -destination 131.243.5.1 traceroute to 131.243.5.1 (131.243.5.1), 64 hops max, 40 byte packets
1 vlan3078.irals.lbl.gov (131.243.78.1) 0.515 ms 0.402 ms 0.388 ms
2 xe-2-2-1.er1-n1.lbl.gov (131.243.244.140) 0.513 ms 0.344 ms 0.326 ms
3 t5-4.ir3-n2.lbl.gov (131.243.244.129) 1.737 ms 1.618 ms
t5-4.ir4-n3.lbl.gov (131.243.244.133) 0.582 ms
4 ns.lbl.gov (131.243.5.1) 0.898 ms 1.213 ms 0.517 ms

sibyls2::*> traceroute -node sibyls2-04 -vserver als-enable-ds1 -destination 131.243.5.2 traceroute to 131.243.5.2 (131.243.5.2), 64 hops max, 40 byte packets
1 vlan3078.irals.lbl.gov (131.243.78.1) 2.075 ms 1.451 ms 0.403 ms
2 nsals.lbl.gov (131.243.5.2) 1.198 ms 0.410 ms 0.911 ms _______________________________________________
Toasters mailing list
Toasters@teaparty.net
http://www.teaparty.net/mailman/listinfo/toasters

_______________________________________________
Toasters mailing list
Toasters@teaparty.net
http://www.teaparty.net/mailman/listinfo/toasters

sibyls2::*> dns modify -vserver als-enable-ds1 -domains als.lbl.gov,lbl.gov -name-servers 131.243.5.2 -timeout 10

Error: "10" is an invalid value for field "-timeout <1..5>"

sibyls2::*> dns modify -vserver als-enable-ds1 -domains bl1231.als.lbl.gov,als.lbl.gov,lbl.gov -name-servers 131.243.5.2 -timeout 5

Error: Failed to verify the specified DNS configuration.
131.243.5.2: Operation timed out.
command failed: Verify that the network configuration is correct and that DNS servers are available. Specify "-skip-config-validation" to skip the configuration validation.


sibyls2::*> dns modify -vserver als-enable-ds1 -domains bl1231.als.lbl.gov,als.lbl.gov,lbl.gov -name-servers 131.243.5.2 -timeout 5 -skip-config-validation

sibyls2::*> dns check -vserver als-enable-ds1
Name Server
Vserver Name Server Status Status Details
------------- --------------- ------------ --------------------------
als-enable-ds1 down Operation timed out.
131.243.5.2

sibyls2::*> vserver services name-service getxxbyyy gethostbyname -node sibyls2-03 -vserver als-enable-ds1 -hostname nsals.lbl.gov
Host name: nsals.lbl.gov
Canonical name: nsals.lbl.gov
IPv4: 131.243.5.2


Seems odd that a gethostbyname of the name server (nsals.lbl.gov) works but dns check doesn’t

S



> On Apr 25, 2019, at 12:39 PM, Parisi, Justin <Justin.Parisi@netapp.com> wrote:
>
> So, ping and traceroute won't really check what you need to check for DNS connectivity; that's access to the IP over port 53.
>
> DNS check will test round trip time to the DNS server by doing a simple DNS lookup of example.domain.com and reports the time it took for that request.
>
> "Operation timed out" means either that the DNS query couldn't be made or it took longer than the DNS timeout you have set. Try increasing the timeout from 2 seconds to 10 seconds and retry the check. A packet trace will also be useful to see why/how the requests are failing.
>
> -----Original Message-----
> From: toasters-bounces@teaparty.net <toasters-bounces@teaparty.net> On Behalf Of Scott Classen
> Sent: Thursday, April 25, 2019 2:48 PM
> To: toasters@teaparty.net
> Subject: DNS woes
>
> NetApp Security WARNING: This is an external email. Do not click links or open attachments unless you recognize the sender and know the content is safe.
>
>
>
>
> Hello,
>
> Can anyone help me with this before I open a case with NetApp?
>
> dns check on one of my sververs fails (see below where I get an “Operation timed out” error), but I can ping and traceroute from the vserver to the gateway and the DNS servers.
>
>
>
> sibyls2::*> dns show -vserver als-enable-ds1
>
> Vserver: als-enable-ds1
> Domains: als.lbl.gov, lbl.gov
> Name Servers: 131.243.5.1, 131.243.5.2
> Timeout (secs): 2
> Maximum Attempts: 1
> Is TLD Query Enabled?: true Require Source and Reply IPs to Match: true
> Require Packet Queries to Match: true
>
>
> sibyls2::*> dns check -vserver als-enable-ds1
> Name Server
> Vserver Name Server Status Status Details
> ------------- --------------- ------------ --------------------------
> als-enable-ds1 down Operation timed out.
> 131.243.5.1
> als-enable-ds1 down Operation timed out.
> 131.243.5.2
> 2 entries were displayed.
>
>
> sibyls2::*> ping -node sibyls2-03 -destination 131.243.78.1 -vserver als-enable-ds1 -wait-response 2000 -count 3
> 131.243.78.1 is alive
>
> sibyls2::*> ping -node sibyls2-03 -destination 131.243.5.1 -vserver als-enable-ds1 -wait-response 2000 -count 3
> 131.243.5.1 is alive
>
> sibyls2::*> ping -node sibyls2-03 -destination 131.243.5.2 -vserver als-enable-ds1 -wait-response 2000 -count 3
> 131.243.5.2 is alive
>
> sibyls2::*> ping -node sibyls2-04 -destination 131.243.78.1 -vserver als-enable-ds1 -wait-response 2000 -count 3
> 131.243.78.1 is alive
>
> sibyls2::*> ping -node sibyls2-04 -destination 131.243.5.1 -vserver als-enable-ds1 -wait-response 2000 -count 3
> 131.243.5.1 is alive
>
> sibyls2::*> ping -node sibyls2-04 -destination 131.243.5.2 -vserver als-enable-ds1 -wait-response 2000 -count 3
> 131.243.5.2 is alive
>
> sibyls2::*> traceroute -node sibyls2-03 -vserver als-enable-ds1 -destination 131.243.78.1 traceroute to 131.243.78.1 (131.243.78.1), 64 hops max, 40 byte packets
> 1 vlan3078.irals.lbl.gov (131.243.78.1) 0.521 ms * 0.484 ms
>
>
> sibyls2::*> traceroute -node sibyls2-03 -vserver als-enable-ds1 -destination 131.243.5.1 traceroute to 131.243.5.1 (131.243.5.1), 64 hops max, 40 byte packets
> 1 vlan3078.irals.lbl.gov (131.243.78.1) 0.478 ms 0.369 ms 0.376 ms
> 2 xe-2-2-1.er1-n1.lbl.gov (131.243.244.140) 0.411 ms 0.391 ms 0.330 ms
> 3 t5-4.ir1-n1.lbl.gov (131.243.244.131) 0.796 ms 1.365 ms 0.524 ms
> 4 ns.lbl.gov (131.243.5.1) 0.402 ms 0.765 ms 0.936 ms
>
>
> sibyls2::*> traceroute -node sibyls2-03 -vserver als-enable-ds1 -destination 131.243.5.2 traceroute to 131.243.5.2 (131.243.5.2), 64 hops max, 40 byte packets
> 1 vlan3078.irals.lbl.gov (131.243.78.1) 0.446 ms 0.409 ms 0.375 ms
> 2 nsals.lbl.gov (131.243.5.2) 0.649 ms 1.047 ms 1.080 ms
>
> sibyls2::*> traceroute -node sibyls2-04 -vserver als-enable-ds1 -destination 131.243.78.1 traceroute to 131.243.78.1 (131.243.78.1), 64 hops max, 40 byte packets
> 1 vlan3078.irals.lbl.gov (131.243.78.1) 0.443 ms * 0.502 ms
>
> sibyls2::*> traceroute -node sibyls2-04 -vserver als-enable-ds1 -destination 131.243.5.1 traceroute to 131.243.5.1 (131.243.5.1), 64 hops max, 40 byte packets
> 1 vlan3078.irals.lbl.gov (131.243.78.1) 0.515 ms 0.402 ms 0.388 ms
> 2 xe-2-2-1.er1-n1.lbl.gov (131.243.244.140) 0.513 ms 0.344 ms 0.326 ms
> 3 t5-4.ir3-n2.lbl.gov (131.243.244.129) 1.737 ms 1.618 ms
> t5-4.ir4-n3.lbl.gov (131.243.244.133) 0.582 ms
> 4 ns.lbl.gov (131.243.5.1) 0.898 ms 1.213 ms 0.517 ms
>
> sibyls2::*> traceroute -node sibyls2-04 -vserver als-enable-ds1 -destination 131.243.5.2 traceroute to 131.243.5.2 (131.243.5.2), 64 hops max, 40 byte packets
> 1 vlan3078.irals.lbl.gov (131.243.78.1) 2.075 ms 1.451 ms 0.403 ms
> 2 nsals.lbl.gov (131.243.5.2) 1.198 ms 0.410 ms 0.911 ms _______________________________________________
> Toasters mailing list
> Toasters@teaparty.net
> http://www.teaparty.net/mailman/listinfo/toasters


_______________________________________________
Toasters mailing list
Toasters@teaparty.net
http://www.teaparty.net/mailman/listinfo/toasters

I wonder if your DNS server rejects queries like the one we use for DNS check...


A packet trace can verify that.

________________________________
From: Scott Classen <sclassen@lbl.gov>
Sent: Thursday, April 25, 2019 3:48:29 PM
To: Parisi, Justin
Cc: toasters@teaparty.net
Subject: Re: DNS woes

NetApp Security WARNING: This is an external email. Do not click links or open attachments unless you recognize the sender and know the content is safe.




sibyls2::*> dns modify -vserver als-enable-ds1 -domains als.lbl.gov,lbl.gov -name-servers 131.243.5.2 -timeout 10

Error: "10" is an invalid value for field "-timeout <1..5>"

sibyls2::*> dns modify -vserver als-enable-ds1 -domains bl1231.als.lbl.gov,als.lbl.gov,lbl.gov -name-servers 131.243.5.2 -timeout 5

Error: Failed to verify the specified DNS configuration.
131.243.5.2: Operation timed out.
command failed: Verify that the network configuration is correct and that DNS servers are available. Specify "-skip-config-validation" to skip the configuration validation.


sibyls2::*> dns modify -vserver als-enable-ds1 -domains bl1231.als.lbl.gov,als.lbl.gov,lbl.gov -name-servers 131.243.5.2 -timeout 5 -skip-config-validation

sibyls2::*> dns check -vserver als-enable-ds1
Name Server
Vserver Name Server Status Status Details
------------- --------------- ------------ --------------------------
als-enable-ds1 down Operation timed out.
131.243.5.2

sibyls2::*> vserver services name-service getxxbyyy gethostbyname -node sibyls2-03 -vserver als-enable-ds1 -hostname nsals.lbl.gov
Host name: nsals.lbl.gov
Canonical name: nsals.lbl.gov
IPv4: 131.243.5.2


Seems odd that a gethostbyname of the name server (nsals.lbl.gov) works but dns check doesn?t

S



> On Apr 25, 2019, at 12:39 PM, Parisi, Justin <Justin.Parisi@netapp.com> wrote:
>
> So, ping and traceroute won't really check what you need to check for DNS connectivity; that's access to the IP over port 53.
>
> DNS check will test round trip time to the DNS server by doing a simple DNS lookup of example.domain.com and reports the time it took for that request.
>
> "Operation timed out" means either that the DNS query couldn't be made or it took longer than the DNS timeout you have set. Try increasing the timeout from 2 seconds to 10 seconds and retry the check. A packet trace will also be useful to see why/how the requests are failing.
>
> -----Original Message-----
> From: toasters-bounces@teaparty.net <toasters-bounces@teaparty.net> On Behalf Of Scott Classen
> Sent: Thursday, April 25, 2019 2:48 PM
> To: toasters@teaparty.net
> Subject: DNS woes
>
> NetApp Security WARNING: This is an external email. Do not click links or open attachments unless you recognize the sender and know the content is safe.
>
>
>
>
> Hello,
>
> Can anyone help me with this before I open a case with NetApp?
>
> dns check on one of my sververs fails (see below where I get an ?Operation timed out? error), but I can ping and traceroute from the vserver to the gateway and the DNS servers.
>
>
>
> sibyls2::*> dns show -vserver als-enable-ds1
>
> Vserver: als-enable-ds1
> Domains: als.lbl.gov, lbl.gov
> Name Servers: 131.243.5.1, 131.243.5.2
> Timeout (secs): 2
> Maximum Attempts: 1
> Is TLD Query Enabled?: true Require Source and Reply IPs to Match: true
> Require Packet Queries to Match: true
>
>
> sibyls2::*> dns check -vserver als-enable-ds1
> Name Server
> Vserver Name Server Status Status Details
> ------------- --------------- ------------ --------------------------
> als-enable-ds1 down Operation timed out.
> 131.243.5.1
> als-enable-ds1 down Operation timed out.
> 131.243.5.2
> 2 entries were displayed.
>
>
> sibyls2::*> ping -node sibyls2-03 -destination 131.243.78.1 -vserver als-enable-ds1 -wait-response 2000 -count 3
> 131.243.78.1 is alive
>
> sibyls2::*> ping -node sibyls2-03 -destination 131.243.5.1 -vserver als-enable-ds1 -wait-response 2000 -count 3
> 131.243.5.1 is alive
>
> sibyls2::*> ping -node sibyls2-03 -destination 131.243.5.2 -vserver als-enable-ds1 -wait-response 2000 -count 3
> 131.243.5.2 is alive
>
> sibyls2::*> ping -node sibyls2-04 -destination 131.243.78.1 -vserver als-enable-ds1 -wait-response 2000 -count 3
> 131.243.78.1 is alive
>
> sibyls2::*> ping -node sibyls2-04 -destination 131.243.5.1 -vserver als-enable-ds1 -wait-response 2000 -count 3
> 131.243.5.1 is alive
>
> sibyls2::*> ping -node sibyls2-04 -destination 131.243.5.2 -vserver als-enable-ds1 -wait-response 2000 -count 3
> 131.243.5.2 is alive
>
> sibyls2::*> traceroute -node sibyls2-03 -vserver als-enable-ds1 -destination 131.243.78.1 traceroute to 131.243.78.1 (131.243.78.1), 64 hops max, 40 byte packets
> 1 vlan3078.irals.lbl.gov (131.243.78.1) 0.521 ms * 0.484 ms
>
>
> sibyls2::*> traceroute -node sibyls2-03 -vserver als-enable-ds1 -destination 131.243.5.1 traceroute to 131.243.5.1 (131.243.5.1), 64 hops max, 40 byte packets
> 1 vlan3078.irals.lbl.gov (131.243.78.1) 0.478 ms 0.369 ms 0.376 ms
> 2 xe-2-2-1.er1-n1.lbl.gov (131.243.244.140) 0.411 ms 0.391 ms 0.330 ms
> 3 t5-4.ir1-n1.lbl.gov (131.243.244.131) 0.796 ms 1.365 ms 0.524 ms
> 4 ns.lbl.gov (131.243.5.1) 0.402 ms 0.765 ms 0.936 ms
>
>
> sibyls2::*> traceroute -node sibyls2-03 -vserver als-enable-ds1 -destination 131.243.5.2 traceroute to 131.243.5.2 (131.243.5.2), 64 hops max, 40 byte packets
> 1 vlan3078.irals.lbl.gov (131.243.78.1) 0.446 ms 0.409 ms 0.375 ms
> 2 nsals.lbl.gov (131.243.5.2) 0.649 ms 1.047 ms 1.080 ms
>
> sibyls2::*> traceroute -node sibyls2-04 -vserver als-enable-ds1 -destination 131.243.78.1 traceroute to 131.243.78.1 (131.243.78.1), 64 hops max, 40 byte packets
> 1 vlan3078.irals.lbl.gov (131.243.78.1) 0.443 ms * 0.502 ms
>
> sibyls2::*> traceroute -node sibyls2-04 -vserver als-enable-ds1 -destination 131.243.5.1 traceroute to 131.243.5.1 (131.243.5.1), 64 hops max, 40 byte packets
> 1 vlan3078.irals.lbl.gov (131.243.78.1) 0.515 ms 0.402 ms 0.388 ms
> 2 xe-2-2-1.er1-n1.lbl.gov (131.243.244.140) 0.513 ms 0.344 ms 0.326 ms
> 3 t5-4.ir3-n2.lbl.gov (131.243.244.129) 1.737 ms 1.618 ms
> t5-4.ir4-n3.lbl.gov (131.243.244.133) 0.582 ms
> 4 ns.lbl.gov (131.243.5.1) 0.898 ms 1.213 ms 0.517 ms
>
> sibyls2::*> traceroute -node sibyls2-04 -vserver als-enable-ds1 -destination 131.243.5.2 traceroute to 131.243.5.2 (131.243.5.2), 64 hops max, 40 byte packets
> 1 vlan3078.irals.lbl.gov (131.243.78.1) 2.075 ms 1.451 ms 0.403 ms
> 2 nsals.lbl.gov (131.243.5.2) 1.198 ms 0.410 ms 0.911 ms _______________________________________________
> Toasters mailing list
> Toasters@teaparty.net
> http://www.teaparty.net/mailman/listinfo/toasters

So, not going to explain how to here....
But if you know how, unlock the diag user and set a password.
Open a systemshell to a node
try: telnet 131.243.5.1 53

My example:
(fails)

home-01% telnet 192.168.1.208 53
Trying 192.168.1.208...
telnet: connect to address 192.168.1.208: Connection refused
telnet: Unable to connect to remote host

(works)

home-01% telnet 192.168.1.159 53

Trying 192.168.1.159...

Connected to homeauto.ddns.net.

^CConnection closed by foreign host.

(fails)
home-01% telnet 192.168.1.155 53
Trying 192.168.1.155...
telnet: connect to address 192.168.1.155: Connection refused
telnet: Unable to connect to remote host
home-01% exit

The failures are what happens when the port is either blocked or not
communicating on port 53 (dns)

--tmac

*Tim McCarthy, **Principal Consultant*

*Proud Member of the #NetAppATeam <https://twitter.com/NetAppATeam>*

*I Blog at TMACsRack <https://tmacsrack.wordpress.com/>*



On Thu, Apr 25, 2019 at 3:53 PM Scott Classen <sclassen@lbl.gov> wrote:

> sibyls2::*> dns modify -vserver als-enable-ds1 -domains als.lbl.gov,
> lbl.gov -name-servers 131.243.5.2 -timeout 10
>
> Error: "10" is an invalid value for field "-timeout <1..5>"
>
> sibyls2::*> dns modify -vserver als-enable-ds1 -domains bl1231.als.lbl.gov
> ,als.lbl.gov,lbl.gov -name-servers 131.243.5.2 -timeout 5
>
> Error: Failed to verify the specified DNS configuration.
> 131.243.5.2: Operation timed out.
> command failed: Verify that the network configuration is correct
> and that DNS servers are available. Specify "-skip-config-validation" to
> skip the configuration validation.
>
>
> sibyls2::*> dns modify -vserver als-enable-ds1 -domains bl1231.als.lbl.gov
> ,als.lbl.gov,lbl.gov -name-servers 131.243.5.2 -timeout 5
> -skip-config-validation
>
> sibyls2::*> dns check -vserver als-enable-ds1
>
>
> Name Server
> Vserver Name Server Status Status Details
> ------------- --------------- ------------ --------------------------
> als-enable-ds1 down Operation timed out.
> 131.243.5.2
>
> sibyls2::*> vserver services name-service getxxbyyy gethostbyname -node
> sibyls2-03 -vserver als-enable-ds1 -hostname nsals.lbl.gov
>
> Host name: nsals.lbl.gov
> Canonical name: nsals.lbl.gov
> IPv4: 131.243.5.2
>
>
> Seems odd that a gethostbyname of the name server (nsals.lbl.gov) works
> but dns check doesn’t
>
> S
>
>
>
> > On Apr 25, 2019, at 12:39 PM, Parisi, Justin <Justin.Parisi@netapp.com>
> wrote:
> >
> > So, ping and traceroute won't really check what you need to check for
> DNS connectivity; that's access to the IP over port 53.
> >
> > DNS check will test round trip time to the DNS server by doing a simple
> DNS lookup of example.domain.com and reports the time it took for that
> request.
> >
> > "Operation timed out" means either that the DNS query couldn't be made
> or it took longer than the DNS timeout you have set. Try increasing the
> timeout from 2 seconds to 10 seconds and retry the check. A packet trace
> will also be useful to see why/how the requests are failing.
> >
> > -----Original Message-----
> > From: toasters-bounces@teaparty.net <toasters-bounces@teaparty.net> On
> Behalf Of Scott Classen
> > Sent: Thursday, April 25, 2019 2:48 PM
> > To: toasters@teaparty.net
> > Subject: DNS woes
> >
> > NetApp Security WARNING: This is an external email. Do not click links
> or open attachments unless you recognize the sender and know the content is
> safe.
> >
> >
> >
> >
> > Hello,
> >
> > Can anyone help me with this before I open a case with NetApp?
> >
> > dns check on one of my sververs fails (see below where I get an
> “Operation timed out” error), but I can ping and traceroute from the
> vserver to the gateway and the DNS servers.
> >
> >
> >
> > sibyls2::*> dns show -vserver als-enable-ds1
> >
> > Vserver: als-enable-ds1
> > Domains: als.lbl.gov, lbl.gov
> > Name Servers: 131.243.5.1, 131.243.5.2
> > Timeout (secs): 2
> > Maximum Attempts: 1
> > Is TLD Query Enabled?: true Require Source and Reply IPs
> to Match: true
> > Require Packet Queries to Match: true
> >
> >
> > sibyls2::*> dns check -vserver als-enable-ds1
> > Name Server
> > Vserver Name Server Status Status Details
> > ------------- --------------- ------------ --------------------------
> > als-enable-ds1 down Operation timed out.
> > 131.243.5.1
> > als-enable-ds1 down Operation timed out.
> > 131.243.5.2
> > 2 entries were displayed.
> >
> >
> > sibyls2::*> ping -node sibyls2-03 -destination 131.243.78.1 -vserver
> als-enable-ds1 -wait-response 2000 -count 3
> > 131.243.78.1 is alive
> >
> > sibyls2::*> ping -node sibyls2-03 -destination 131.243.5.1 -vserver
> als-enable-ds1 -wait-response 2000 -count 3
> > 131.243.5.1 is alive
> >
> > sibyls2::*> ping -node sibyls2-03 -destination 131.243.5.2 -vserver
> als-enable-ds1 -wait-response 2000 -count 3
> > 131.243.5.2 is alive
> >
> > sibyls2::*> ping -node sibyls2-04 -destination 131.243.78.1 -vserver
> als-enable-ds1 -wait-response 2000 -count 3
> > 131.243.78.1 is alive
> >
> > sibyls2::*> ping -node sibyls2-04 -destination 131.243.5.1 -vserver
> als-enable-ds1 -wait-response 2000 -count 3
> > 131.243.5.1 is alive
> >
> > sibyls2::*> ping -node sibyls2-04 -destination 131.243.5.2 -vserver
> als-enable-ds1 -wait-response 2000 -count 3
> > 131.243.5.2 is alive
> >
> > sibyls2::*> traceroute -node sibyls2-03 -vserver als-enable-ds1
> -destination 131.243.78.1 traceroute to 131.243.78.1 (131.243.78.1), 64
> hops max, 40 byte packets
> > 1 vlan3078.irals.lbl.gov (131.243.78.1) 0.521 ms * 0.484 ms
> >
> >
> > sibyls2::*> traceroute -node sibyls2-03 -vserver als-enable-ds1
> -destination 131.243.5.1 traceroute to 131.243.5.1 (131.243.5.1), 64 hops
> max, 40 byte packets
> > 1 vlan3078.irals.lbl.gov (131.243.78.1) 0.478 ms 0.369 ms 0.376 ms
> > 2 xe-2-2-1.er1-n1.lbl.gov (131.243.244.140) 0.411 ms 0.391 ms 0.330
> ms
> > 3 t5-4.ir1-n1.lbl.gov (131.243.244.131) 0.796 ms 1.365 ms 0.524 ms
> > 4 ns.lbl.gov (131.243.5.1) 0.402 ms 0.765 ms 0.936 ms
> >
> >
> > sibyls2::*> traceroute -node sibyls2-03 -vserver als-enable-ds1
> -destination 131.243.5.2 traceroute to 131.243.5.2 (131.243.5.2), 64 hops
> max, 40 byte packets
> > 1 vlan3078.irals.lbl.gov (131.243.78.1) 0.446 ms 0.409 ms 0.375 ms
> > 2 nsals.lbl.gov (131.243.5.2) 0.649 ms 1.047 ms 1.080 ms
> >
> > sibyls2::*> traceroute -node sibyls2-04 -vserver als-enable-ds1
> -destination 131.243.78.1 traceroute to 131.243.78.1 (131.243.78.1), 64
> hops max, 40 byte packets
> > 1 vlan3078.irals.lbl.gov (131.243.78.1) 0.443 ms * 0.502 ms
> >
> > sibyls2::*> traceroute -node sibyls2-04 -vserver als-enable-ds1
> -destination 131.243.5.1 traceroute to 131.243.5.1 (131.243.5.1), 64 hops
> max, 40 byte packets
> > 1 vlan3078.irals.lbl.gov (131.243.78.1) 0.515 ms 0.402 ms 0.388 ms
> > 2 xe-2-2-1.er1-n1.lbl.gov (131.243.244.140) 0.513 ms 0.344 ms 0.326
> ms
> > 3 t5-4.ir3-n2.lbl.gov (131.243.244.129) 1.737 ms 1.618 ms
> > t5-4.ir4-n3.lbl.gov (131.243.244.133) 0.582 ms
> > 4 ns.lbl.gov (131.243.5.1) 0.898 ms 1.213 ms 0.517 ms
> >
> > sibyls2::*> traceroute -node sibyls2-04 -vserver als-enable-ds1
> -destination 131.243.5.2 traceroute to 131.243.5.2 (131.243.5.2), 64 hops
> max, 40 byte packets
> > 1 vlan3078.irals.lbl.gov (131.243.78.1) 2.075 ms 1.451 ms 0.403 ms
> > 2 nsals.lbl.gov (131.243.5.2) 1.198 ms 0.410 ms 0.911 ms
> _______________________________________________
> > Toasters mailing list
> > Toasters@teaparty.net
> > http://www.teaparty.net/mailman/listinfo/toasters
>
>
> _______________________________________________
> Toasters mailing list
> Toasters@teaparty.net
> http://www.teaparty.net/mailman/listinfo/toasters
>

Well he's able to do hostname lookups, which means port 53 seems to be working...

________________________________
From: tmac <tmacmd@gmail.com>
Sent: Thursday, April 25, 2019 4:09:24 PM
To: NGC-sclassen-lbl.gov
Cc: Parisi, Justin; toasters@teaparty.net
Subject: Re: DNS woes

So, not going to explain how to here....
But if you know how, unlock the diag user and set a password.
Open a systemshell to a node
try: telnet 131.243.5.1 53

My example:
(fails)
home-01% telnet 192.168.1.208 53
Trying 192.168.1.208...
telnet: connect to address 192.168.1.208<http://192.168.1.208>: Connection refused
telnet: Unable to connect to remote host
(works)
home-01% telnet 192.168.1.159 53
Trying 192.168.1.159...
Connected to homeauto.ddns.net<http://homeauto.ddns.net>.
^CConnection closed by foreign host.
(fails)
home-01% telnet 192.168.1.155 53
Trying 192.168.1.155...
telnet: connect to address 192.168.1.155<http://192.168.1.155>: Connection refused
telnet: Unable to connect to remote host
home-01% exit

The failures are what happens when the port is either blocked or not communicating on port 53 (dns)

--tmac

Tim McCarthy, Principal Consultant

Proud Member of the #NetAppATeam<https://twitter.com/NetAppATeam>

I Blog at TMACsRack<https://tmacsrack.wordpress.com/>



On Thu, Apr 25, 2019 at 3:53 PM Scott Classen <sclassen@lbl.gov<mailto:sclassen@lbl.gov>> wrote:
sibyls2::*> dns modify -vserver als-enable-ds1 -domains als.lbl.gov<http://als.lbl.gov>,lbl.gov<http://lbl.gov> -name-servers 131.243.5.2 -timeout 10

Error: "10" is an invalid value for field "-timeout <1..5>"

sibyls2::*> dns modify -vserver als-enable-ds1 -domains bl1231.als.lbl.gov<http://bl1231.als.lbl.gov>,als.lbl.gov<http://als.lbl.gov>,lbl.gov<http://lbl.gov> -name-servers 131.243.5.2 -timeout 5

Error: Failed to verify the specified DNS configuration.
131.243.5.2<http://131.243.5.2>: Operation timed out.
command failed: Verify that the network configuration is correct and that DNS servers are available. Specify "-skip-config-validation" to skip the configuration validation.


sibyls2::*> dns modify -vserver als-enable-ds1 -domains bl1231.als.lbl.gov<http://bl1231.als.lbl.gov>,als.lbl.gov<http://als.lbl.gov>,lbl.gov<http://lbl.gov> -name-servers 131.243.5.2 -timeout 5 -skip-config-validation

sibyls2::*> dns check -vserver als-enable-ds1
Name Server
Vserver Name Server Status Status Details
------------- --------------- ------------ --------------------------
als-enable-ds1 down Operation timed out.
131.243.5.2

sibyls2::*> vserver services name-service getxxbyyy gethostbyname -node sibyls2-03 -vserver als-enable-ds1 -hostname nsals.lbl.gov<http://nsals.lbl.gov>
Host name: nsals.lbl.gov<http://nsals.lbl.gov>
Canonical name: nsals.lbl.gov<http://nsals.lbl.gov>
IPv4: 131.243.5.2


Seems odd that a gethostbyname of the name server (nsals.lbl.gov<http://nsals.lbl.gov>) works but dns check doesn?t

S



> On Apr 25, 2019, at 12:39 PM, Parisi, Justin <Justin.Parisi@netapp.com<mailto:Justin.Parisi@netapp.com>> wrote:
>
> So, ping and traceroute won't really check what you need to check for DNS connectivity; that's access to the IP over port 53.
>
> DNS check will test round trip time to the DNS server by doing a simple DNS lookup of example.domain.com<http://example.domain.com> and reports the time it took for that request.
>
> "Operation timed out" means either that the DNS query couldn't be made or it took longer than the DNS timeout you have set. Try increasing the timeout from 2 seconds to 10 seconds and retry the check. A packet trace will also be useful to see why/how the requests are failing.
>
> -----Original Message-----
> From: toasters-bounces@teaparty.net<mailto:toasters-bounces@teaparty.net> <toasters-bounces@teaparty.net<mailto:toasters-bounces@teaparty.net>> On Behalf Of Scott Classen
> Sent: Thursday, April 25, 2019 2:48 PM
> To: toasters@teaparty.net<mailto:toasters@teaparty.net>
> Subject: DNS woes
>
> NetApp Security WARNING: This is an external email. Do not click links or open attachments unless you recognize the sender and know the content is safe.
>
>
>
>
> Hello,
>
> Can anyone help me with this before I open a case with NetApp?
>
> dns check on one of my sververs fails (see below where I get an ?Operation timed out? error), but I can ping and traceroute from the vserver to the gateway and the DNS servers.
>
>
>
> sibyls2::*> dns show -vserver als-enable-ds1
>
> Vserver: als-enable-ds1
> Domains: als.lbl.gov<http://als.lbl.gov>, lbl.gov<http://lbl.gov>
> Name Servers: 131.243.5.1, 131.243.5.2
> Timeout (secs): 2
> Maximum Attempts: 1
> Is TLD Query Enabled?: true Require Source and Reply IPs to Match: true
> Require Packet Queries to Match: true
>
>
> sibyls2::*> dns check -vserver als-enable-ds1
> Name Server
> Vserver Name Server Status Status Details
> ------------- --------------- ------------ --------------------------
> als-enable-ds1 down Operation timed out.
> 131.243.5.1
> als-enable-ds1 down Operation timed out.
> 131.243.5.2
> 2 entries were displayed.
>
>
> sibyls2::*> ping -node sibyls2-03 -destination 131.243.78.1 -vserver als-enable-ds1 -wait-response 2000 -count 3
> 131.243.78.1 is alive
>
> sibyls2::*> ping -node sibyls2-03 -destination 131.243.5.1 -vserver als-enable-ds1 -wait-response 2000 -count 3
> 131.243.5.1 is alive
>
> sibyls2::*> ping -node sibyls2-03 -destination 131.243.5.2 -vserver als-enable-ds1 -wait-response 2000 -count 3
> 131.243.5.2 is alive
>
> sibyls2::*> ping -node sibyls2-04 -destination 131.243.78.1 -vserver als-enable-ds1 -wait-response 2000 -count 3
> 131.243.78.1 is alive
>
> sibyls2::*> ping -node sibyls2-04 -destination 131.243.5.1 -vserver als-enable-ds1 -wait-response 2000 -count 3
> 131.243.5.1 is alive
>
> sibyls2::*> ping -node sibyls2-04 -destination 131.243.5.2 -vserver als-enable-ds1 -wait-response 2000 -count 3
> 131.243.5.2 is alive
>
> sibyls2::*> traceroute -node sibyls2-03 -vserver als-enable-ds1 -destination 131.243.78.1 traceroute to 131.243.78.1 (131.243.78.1), 64 hops max, 40 byte packets
> 1 vlan3078.irals.lbl.gov<http://vlan3078.irals.lbl.gov> (131.243.78.1) 0.521 ms * 0.484 ms
>
>
> sibyls2::*> traceroute -node sibyls2-03 -vserver als-enable-ds1 -destination 131.243.5.1 traceroute to 131.243.5.1 (131.243.5.1), 64 hops max, 40 byte packets
> 1 vlan3078.irals.lbl.gov<http://vlan3078.irals.lbl.gov> (131.243.78.1) 0.478 ms 0.369 ms 0.376 ms
> 2 xe-2-2-1.er1-n1.lbl.gov<http://xe-2-2-1.er1-n1.lbl.gov> (131.243.244.140) 0.411 ms 0.391 ms 0.330 ms
> 3 t5-4.ir1-n1.lbl.gov<http://t5-4.ir1-n1.lbl.gov> (131.243.244.131) 0.796 ms 1.365 ms 0.524 ms
> 4 ns.lbl.gov<http://ns.lbl.gov> (131.243.5.1) 0.402 ms 0.765 ms 0.936 ms
>
>
> sibyls2::*> traceroute -node sibyls2-03 -vserver als-enable-ds1 -destination 131.243.5.2 traceroute to 131.243.5.2 (131.243.5.2), 64 hops max, 40 byte packets
> 1 vlan3078.irals.lbl.gov<http://vlan3078.irals.lbl.gov> (131.243.78.1) 0.446 ms 0.409 ms 0.375 ms
> 2 nsals.lbl.gov<http://nsals.lbl.gov> (131.243.5.2) 0.649 ms 1.047 ms 1.080 ms
>
> sibyls2::*> traceroute -node sibyls2-04 -vserver als-enable-ds1 -destination 131.243.78.1 traceroute to 131.243.78.1 (131.243.78.1), 64 hops max, 40 byte packets
> 1 vlan3078.irals.lbl.gov<http://vlan3078.irals.lbl.gov> (131.243.78.1) 0.443 ms * 0.502 ms
>
> sibyls2::*> traceroute -node sibyls2-04 -vserver als-enable-ds1 -destination 131.243.5.1 traceroute to 131.243.5.1 (131.243.5.1), 64 hops max, 40 byte packets
> 1 vlan3078.irals.lbl.gov<http://vlan3078.irals.lbl.gov> (131.243.78.1) 0.515 ms 0.402 ms 0.388 ms
> 2 xe-2-2-1.er1-n1.lbl.gov<http://xe-2-2-1.er1-n1.lbl.gov> (131.243.244.140) 0.513 ms 0.344 ms 0.326 ms
> 3 t5-4.ir3-n2.lbl.gov<http://t5-4.ir3-n2.lbl.gov> (131.243.244.129) 1.737 ms 1.618 ms
> t5-4.ir4-n3.lbl.gov<http://t5-4.ir4-n3.lbl.gov> (131.243.244.133) 0.582 ms
> 4 ns.lbl.gov<http://ns.lbl.gov> (131.243.5.1) 0.898 ms 1.213 ms 0.517 ms
>
> sibyls2::*> traceroute -node sibyls2-04 -vserver als-enable-ds1 -destination 131.243.5.2 traceroute to 131.243.5.2 (131.243.5.2), 64 hops max, 40 byte packets
> 1 vlan3078.irals.lbl.gov<http://vlan3078.irals.lbl.gov> (131.243.78.1) 2.075 ms 1.451 ms 0.403 ms
> 2 nsals.lbl.gov<http://nsals.lbl.gov> (131.243.5.2) 1.198 ms 0.410 ms 0.911 ms _______________________________________________
> Toasters mailing list
> Toasters@teaparty.net<mailto:Toasters@teaparty.net>
> http://www.teaparty.net/mailman/listinfo/toasters


_______________________________________________
Toasters mailing list
Toasters@teaparty.net<mailto:Toasters@teaparty.net>
http://www.teaparty.net/mailman/listinfo/toasters

I can telnet to the dns servers on port 53 from other hosts on the 131.243.78 subnet so I don’t think that’s the problem.

I will attempt to do a packet trace as per Justin’s suggestion and get back to the list.

Thanks,
Scott


> On Apr 25, 2019, at 1:09 PM, tmac <tmacmd@gmail.com> wrote:
>
> So, not going to explain how to here....
> But if you know how, unlock the diag user and set a password.
> Open a systemshell to a node
> try: telnet 131.243.5.1 53
>
> My example:
> (fails)
> home-01% telnet 192.168.1.208 53
> Trying 192.168.1.208...
> telnet: connect to address 192.168.1.208 <http://192.168.1.208/>: Connection refused
> telnet: Unable to connect to remote host
> (works)
> home-01% telnet 192.168.1.159 53
> Trying 192.168.1.159...
> Connected to homeauto.ddns.net <http://homeauto.ddns.net/>.
> ^CConnection closed by foreign host.
> (fails)
> home-01% telnet 192.168.1.155 53
> Trying 192.168.1.155...
> telnet: connect to address 192.168.1.155 <http://192.168.1.155/>: Connection refused
> telnet: Unable to connect to remote host
> home-01% exit
>
> The failures are what happens when the port is either blocked or not communicating on port 53 (dns)
>
> --tmac
>
> Tim McCarthy, Principal Consultant
> Proud Member of the #NetAppATeam <https://twitter.com/NetAppATeam>
> I Blog at TMACsRack <https://tmacsrack.wordpress.com/>
>
>
>
> On Thu, Apr 25, 2019 at 3:53 PM Scott Classen <sclassen@lbl.gov <mailto:sclassen@lbl.gov>> wrote:
> sibyls2::*> dns modify -vserver als-enable-ds1 -domains als.lbl.gov <http://als.lbl.gov/>,lbl.gov <http://lbl.gov/> -name-servers 131.243.5.2 -timeout 10
>
> Error: "10" is an invalid value for field "-timeout <1..5>"
>
> sibyls2::*> dns modify -vserver als-enable-ds1 -domains bl1231.als.lbl.gov <http://bl1231.als.lbl.gov/>,als.lbl.gov <http://als.lbl.gov/>,lbl.gov <http://lbl.gov/> -name-servers 131.243.5.2 -timeout 5
>
> Error: Failed to verify the specified DNS configuration.
> 131.243.5.2 <http://131.243.5.2/>: Operation timed out.
> command failed: Verify that the network configuration is correct and that DNS servers are available. Specify "-skip-config-validation" to skip the configuration validation.
>
>
> sibyls2::*> dns modify -vserver als-enable-ds1 -domains bl1231.als.lbl.gov <http://bl1231.als.lbl.gov/>,als.lbl.gov <http://als.lbl.gov/>,lbl.gov <http://lbl.gov/> -name-servers 131.243.5.2 -timeout 5 -skip-config-validation
>
> sibyls2::*> dns check -vserver als-enable-ds1
> Name Server
> Vserver Name Server Status Status Details
> ------------- --------------- ------------ --------------------------
> als-enable-ds1 down Operation timed out.
> 131.243.5.2
>
> sibyls2::*> vserver services name-service getxxbyyy gethostbyname -node sibyls2-03 -vserver als-enable-ds1 -hostname nsals.lbl.gov <http://nsals.lbl.gov/>
> Host name: nsals.lbl.gov <http://nsals.lbl.gov/>
> Canonical name: nsals.lbl.gov <http://nsals.lbl.gov/>
> IPv4: 131.243.5.2
>
>
> Seems odd that a gethostbyname of the name server (nsals.lbl.gov <http://nsals.lbl.gov/>) works but dns check doesn’t
>
> S
>
>
>
> > On Apr 25, 2019, at 12:39 PM, Parisi, Justin <Justin.Parisi@netapp.com <mailto:Justin.Parisi@netapp.com>> wrote:
> >
> > So, ping and traceroute won't really check what you need to check for DNS connectivity; that's access to the IP over port 53.
> >
> > DNS check will test round trip time to the DNS server by doing a simple DNS lookup of example.domain.com <http://example.domain.com/> and reports the time it took for that request.
> >
> > "Operation timed out" means either that the DNS query couldn't be made or it took longer than the DNS timeout you have set. Try increasing the timeout from 2 seconds to 10 seconds and retry the check. A packet trace will also be useful to see why/how the requests are failing.
> >
> > -----Original Message-----
> > From: toasters-bounces@teaparty.net <mailto:toasters-bounces@teaparty.net> <toasters-bounces@teaparty.net <mailto:toasters-bounces@teaparty.net>> On Behalf Of Scott Classen
> > Sent: Thursday, April 25, 2019 2:48 PM
> > To: toasters@teaparty.net <mailto:toasters@teaparty.net>
> > Subject: DNS woes
> >
> > NetApp Security WARNING: This is an external email. Do not click links or open attachments unless you recognize the sender and know the content is safe.
> >
> >
> >
> >
> > Hello,
> >
> > Can anyone help me with this before I open a case with NetApp?
> >
> > dns check on one of my sververs fails (see below where I get an “Operation timed out” error), but I can ping and traceroute from the vserver to the gateway and the DNS servers.
> >
> >
> >
> > sibyls2::*> dns show -vserver als-enable-ds1
> >
> > Vserver: als-enable-ds1
> > Domains: als.lbl.gov <http://als.lbl.gov/>, lbl.gov <http://lbl.gov/>
> > Name Servers: 131.243.5.1, 131.243.5.2
> > Timeout (secs): 2
> > Maximum Attempts: 1
> > Is TLD Query Enabled?: true Require Source and Reply IPs to Match: true
> > Require Packet Queries to Match: true
> >
> >
> > sibyls2::*> dns check -vserver als-enable-ds1
> > Name Server
> > Vserver Name Server Status Status Details
> > ------------- --------------- ------------ --------------------------
> > als-enable-ds1 down Operation timed out.
> > 131.243.5.1
> > als-enable-ds1 down Operation timed out.
> > 131.243.5.2
> > 2 entries were displayed.
> >
> >
> > sibyls2::*> ping -node sibyls2-03 -destination 131.243.78.1 -vserver als-enable-ds1 -wait-response 2000 -count 3
> > 131.243.78.1 is alive
> >
> > sibyls2::*> ping -node sibyls2-03 -destination 131.243.5.1 -vserver als-enable-ds1 -wait-response 2000 -count 3
> > 131.243.5.1 is alive
> >
> > sibyls2::*> ping -node sibyls2-03 -destination 131.243.5.2 -vserver als-enable-ds1 -wait-response 2000 -count 3
> > 131.243.5.2 is alive
> >
> > sibyls2::*> ping -node sibyls2-04 -destination 131.243.78.1 -vserver als-enable-ds1 -wait-response 2000 -count 3
> > 131.243.78.1 is alive
> >
> > sibyls2::*> ping -node sibyls2-04 -destination 131.243.5.1 -vserver als-enable-ds1 -wait-response 2000 -count 3
> > 131.243.5.1 is alive
> >
> > sibyls2::*> ping -node sibyls2-04 -destination 131.243.5.2 -vserver als-enable-ds1 -wait-response 2000 -count 3
> > 131.243.5.2 is alive
> >
> > sibyls2::*> traceroute -node sibyls2-03 -vserver als-enable-ds1 -destination 131.243.78.1 traceroute to 131.243.78.1 (131.243.78.1), 64 hops max, 40 byte packets
> > 1 vlan3078.irals.lbl.gov <http://vlan3078.irals.lbl.gov/> (131.243.78.1) 0.521 ms * 0.484 ms
> >
> >
> > sibyls2::*> traceroute -node sibyls2-03 -vserver als-enable-ds1 -destination 131.243.5.1 traceroute to 131.243.5.1 (131.243.5.1), 64 hops max, 40 byte packets
> > 1 vlan3078.irals.lbl.gov <http://vlan3078.irals.lbl.gov/> (131.243.78.1) 0.478 ms 0.369 ms 0.376 ms
> > 2 xe-2-2-1.er1-n1.lbl.gov <http://xe-2-2-1.er1-n1.lbl.gov/> (131.243.244.140) 0.411 ms 0.391 ms 0.330 ms
> > 3 t5-4.ir1-n1.lbl.gov <http://t5-4.ir1-n1.lbl.gov/> (131.243.244.131) 0.796 ms 1.365 ms 0.524 ms
> > 4 ns.lbl.gov <http://ns.lbl.gov/> (131.243.5.1) 0.402 ms 0.765 ms 0.936 ms
> >
> >
> > sibyls2::*> traceroute -node sibyls2-03 -vserver als-enable-ds1 -destination 131.243.5.2 traceroute to 131.243.5.2 (131.243.5.2), 64 hops max, 40 byte packets
> > 1 vlan3078.irals.lbl.gov <http://vlan3078.irals.lbl.gov/> (131.243.78.1) 0.446 ms 0.409 ms 0.375 ms
> > 2 nsals.lbl.gov <http://nsals.lbl.gov/> (131.243.5.2) 0.649 ms 1.047 ms 1.080 ms
> >
> > sibyls2::*> traceroute -node sibyls2-04 -vserver als-enable-ds1 -destination 131.243.78.1 traceroute to 131.243.78.1 (131.243.78.1), 64 hops max, 40 byte packets
> > 1 vlan3078.irals.lbl.gov <http://vlan3078.irals.lbl.gov/> (131.243.78.1) 0.443 ms * 0.502 ms
> >
> > sibyls2::*> traceroute -node sibyls2-04 -vserver als-enable-ds1 -destination 131.243.5.1 traceroute to 131.243.5.1 (131.243.5.1), 64 hops max, 40 byte packets
> > 1 vlan3078.irals.lbl.gov <http://vlan3078.irals.lbl.gov/> (131.243.78.1) 0.515 ms 0.402 ms 0.388 ms
> > 2 xe-2-2-1.er1-n1.lbl.gov <http://xe-2-2-1.er1-n1.lbl.gov/> (131.243.244.140) 0.513 ms 0.344 ms 0.326 ms
> > 3 t5-4.ir3-n2.lbl.gov <http://t5-4.ir3-n2.lbl.gov/> (131.243.244.129) 1.737 ms 1.618 ms
> > t5-4.ir4-n3.lbl.gov <http://t5-4.ir4-n3.lbl.gov/> (131.243.244.133) 0.582 ms
> > 4 ns.lbl.gov <http://ns.lbl.gov/> (131.243.5.1) 0.898 ms 1.213 ms 0.517 ms
> >
> > sibyls2::*> traceroute -node sibyls2-04 -vserver als-enable-ds1 -destination 131.243.5.2 traceroute to 131.243.5.2 (131.243.5.2), 64 hops max, 40 byte packets
> > 1 vlan3078.irals.lbl.gov <http://vlan3078.irals.lbl.gov/> (131.243.78.1) 2.075 ms 1.451 ms 0.403 ms
> > 2 nsals.lbl.gov <http://nsals.lbl.gov/> (131.243.5.2) 1.198 ms 0.410 ms 0.911 ms _______________________________________________
> > Toasters mailing list
> > Toasters@teaparty.net <mailto:Toasters@teaparty.net>
> > http://www.teaparty.net/mailman/listinfo/toasters <http://www.teaparty.net/mailman/listinfo/toasters>
>
>
> _______________________________________________
> Toasters mailing list
> Toasters@teaparty.net <mailto:Toasters@teaparty.net>
> http://www.teaparty.net/mailman/listinfo/toasters <http://www.teaparty.net/mailman/listinfo/toasters>