iPXE discussion forum

iPXE discussion forum > iPXE user forums > General > DNS problem
Full Version: DNS problem
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

Game

2013-07-01, 21:09
Hi, I am setting up some chain loading environment (VMWare auto deploy) and I have the following:
----------------------------
iPXE 1.0.0+ (9361) -- Open Source Network Boot Firmware -- http://ipxe.org
Features: HTTP HTTPS iSCSI DNS TFTP AoE bzImage ELF MBOOT PXE PXEXT Menu

iPXE> dhcp net0
DHCP (net0 b8:ac:6f:82:9d:2a)...... ok
iPXE> show ip
net0.dhcp/ip:ipv4 = 192.168.0.50
iPXE> show dns
net0.dhcp/dns:ipv4 = 192.168.0.1
iPXE> show gateway
net0.dhcp/gateway:ipv4 = 192.168.0.1
iPXE> show next-server
net0.dhcp/next-server:ipv4 = 192.168.0.1
iPXE> show netmask
net0.dhcp/netmask:ipv4 = 255.255.255.0
iPXE> show domain
net0.dhcp/domain:string = test.com
iPXE> chain https://192.168.0.52:6501/vmw/rbd/tramp
https://192.168.0.52:6501/vmw/rbd/tramp... Error 0x3e11613b (http://ipxe.org/3e11613b)
------------------------------------
When i looked up it is "Error: DNS name does not exist". Clearly dns is visible here..

robinsmidsrod

2013-07-02, 08:15
Yes, you have DNS available, but you're trying to do HTTPS on an IP-address. HTTPS expects the host in the URL to be a domain name, or else it can't validate that the certificate matches. So what it actually tries to pretend is a DNS hostname is the literal string "192.168.0.52", which it obviously is not. Configure a hostname for the server at 192.168.0.52 in your DNS and stick that name in your script instead of the IP. Obviously you must also make sure that the certificate you're using on the web server matches that name. See http://ipxe.org/crypto for more details on the HTTPS support.

ArneLovius

2013-07-02, 09:38
(2013-07-02 08:15)robinsmidsrod Wrote: [ -> ]HTTPS expects the host in the URL to be a domain name, or else it can't validate that the certificate matches

er, you can have an SSL certificate with an IP address as a host name, you're unlikely to get a commercial CA to provide a certificate with an IP address, but an internal private CA is a different kettle of fish

robinsmidsrod

2013-07-02, 23:48
Well, that might be, but have you verified that the iPXE HTTPS implementation allows such a setup? I suggest you try with a DNS name and see if you get a different type of error just to rule out that possibility. My guess HTTPS with IP address is not supported. I haven't checked the source, though, so I might be wrong.

Game

2013-07-22, 02:00
Just so that no one is stuck here..

The problem is indeed in https x509 validation.
The code looks for the same name in the certificate; as the chain loading URL. In my case it was different.
iPXE discussion forum > iPXE user forums > General > DNS problem
Reference URL's