DNS not working, Can't detect External IP

General Help
1

I have a system running FreePBX 13 and Asterisk 13. The system can’t resolve urls, if you try to put in a url for a sip trunk asterisk chokes and dies. If I press the detect external ip button, it can not retrieve that information. If I put in an IP for the sip trunks everything is golden call wise but I can’t update my modules without dns.

I’m sitting behind a CISCO router/firewall. The system is on a 10.0.10.0/24 and the data is on a 10.0.20.0/24.

My DNS in System Admin Pro is 127.0.0.1, 8.8.8.8 and 8.8.4.4

Any ideas what might be going on network wise? Thanks

2

Forget about FreePBX and Asterisk, go to shell and check what the operating systems sees.

3

From the shell if I ping an IP it works. If I ping a url then I get an unknown host

ping: unknown host google.com

4

I don’t have the pro version but one time (after a backup restore to a new system),
System Admin just did not want to save the new Network settings
and I had to go to the shell to fix things. At the shell (root) prompt type system-config-network
and check that your settings are as follows.

DEVICE CONFIG
Name                    eth0
Device                  eth0
Use DHCP                [ ]
Static IP               x.x.x.x
Netmask                 255.255.x.x
Default gateway IP      x.x.x.x

DNS CONFIG
Hostname                system.name
Primary DNS             127.0.0.1
Secondary DNS           8.8.8.8
Tertiary DNS            8.8.4.4
5

Update: From the shell command line I can ping mirror1.freepbx.org but when I go to module admin and check for updates I receive Warning: Cannot connect to online repository(s) (http://mirror1.freepbx.org,http://mirror2.freepbx.org). Online modules are not available.

6

two NICs or one in the pbx?

7

Two, but I believe only one is active and in use.

8

since you can ping ip addresses but not url’s i suspect the firewall is blocking your dns requests. see what it is doing for port 53

9

Using a port checking tool it appears port 53 is open for inbound traffic. Maybe it is not open for outbound requests?

10

DNS request are, by default, done in UDP and not TCP…

It usually switches to TCP when the reply is too long or during zone transfers IIRC…

It does feel like your firewall is blocking those DNS requests by the way.

Is your PBX in a (real) DMZ (ie one in which not every outbound request is usually allowed by default?

Have a nice day!

Nick

11

What is so odd is that from the command line I can ping mirror1.freepbx.org but when I go to module update I’m told the system can not connect to mirror1.freepbx.org. Although perhaps pinging the address is not the same as being able to connect to it and grab files.

12

It is definitely not…

Pinging an address usually does an ICMP echo request (8)…

Of course, if you give a name it will ask for that name to be resolved…

(usually by DNS or an host file)

Downloading however is most likely done using an HTTP (port 80 TCP usually) or HTTPS (port 443 TCP usually) request…

If your PBX is in a DMZ which limits its external accesses you need to allow this traffic…

Good luck and have a nice day!

Nick

13

My own PBX is in a (real) DMZ and I have rules in my firewall (not the FreePBX one, the one which protects my whole network) to allow:

Outbound SMTP (port 25 TCP)
Outbound SIP traffic (the usual SIP ports + all UDP for RTP traffic)
Outbound HTTP (port 80 TCP)
Outbound HTTPS (port 443 TCP)
Outbound NTP (port 123 UDP)
Outbound GPG (port 11371 TCP)
and of course DNS (UDP and TCP port 53) but this is handled a little differently than the rest…

SMTP is for the email notifications, NTP for time synchronization and GPG for the module signatures IIRC…

If your PBX is in the same situation (a DMZ that doesn’t allow all outbound traffic by default) you would need to open the same ports…

Good luck and have a nice day!

Nick

14

if you enter the command ping mirror1.freepbx.org it should resolve mirror1.freepbx.org to an ip address. does it? try the same with google.com. perhaps try dig www.google.com - this should show you what it is using to try to resolve the address. for FreePBX this should show 127.0.0.1 which by the way should be the first dns server configured (system admin -> DNS)