Post Reply 
 
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
DNS problem
2013-07-01, 21:09
Post: #1
DNS problem
Hi, I am setting up some chain loading environment (VMWare auto deploy) and I have the following:
----------------------------
iPXE 1.0.0+ (9361) -- Open Source Network Boot Firmware -- http://ipxe.org
Features: HTTP HTTPS iSCSI DNS TFTP AoE bzImage ELF MBOOT PXE PXEXT Menu

iPXE> dhcp net0
DHCP (net0 b8:ac:6f:82:9d:2a)...... ok
iPXE> show ip
net0.dhcp/ip:ipv4 = 192.168.0.50
iPXE> show dns
net0.dhcp/dns:ipv4 = 192.168.0.1
iPXE> show gateway
net0.dhcp/gateway:ipv4 = 192.168.0.1
iPXE> show next-server
net0.dhcp/next-server:ipv4 = 192.168.0.1
iPXE> show netmask
net0.dhcp/netmask:ipv4 = 255.255.255.0
iPXE> show domain
net0.dhcp/domain:string = test.com
iPXE> chain https://192.168.0.52:6501/vmw/rbd/tramp
https://192.168.0.52:6501/vmw/rbd/tramp... Error 0x3e11613b (http://ipxe.org/3e11613b)
------------------------------------
When i looked up it is "Error: DNS name does not exist". Clearly dns is visible here..
Find all posts by this user
Quote this message in a reply
2013-07-02, 08:15
Post: #2
RE: DNS problem
Yes, you have DNS available, but you're trying to do HTTPS on an IP-address. HTTPS expects the host in the URL to be a domain name, or else it can't validate that the certificate matches. So what it actually tries to pretend is a DNS hostname is the literal string "192.168.0.52", which it obviously is not. Configure a hostname for the server at 192.168.0.52 in your DNS and stick that name in your script instead of the IP. Obviously you must also make sure that the certificate you're using on the web server matches that name. See http://ipxe.org/crypto for more details on the HTTPS support.
Visit this user's website Find all posts by this user
Quote this message in a reply
2013-07-02, 09:38
Post: #3
RE: DNS problem
(2013-07-02 08:15)robinsmidsrod Wrote:  HTTPS expects the host in the URL to be a domain name, or else it can't validate that the certificate matches

er, you can have an SSL certificate with an IP address as a host name, you're unlikely to get a commercial CA to provide a certificate with an IP address, but an internal private CA is a different kettle of fish
Find all posts by this user
Quote this message in a reply
2013-07-02, 23:48
Post: #4
RE: DNS problem
Well, that might be, but have you verified that the iPXE HTTPS implementation allows such a setup? I suggest you try with a DNS name and see if you get a different type of error just to rule out that possibility. My guess HTTPS with IP address is not supported. I haven't checked the source, though, so I might be wrong.
Visit this user's website Find all posts by this user
Quote this message in a reply
2013-07-22, 02:00
Post: #5
RE: DNS problem
Just so that no one is stuck here..

The problem is indeed in https x509 validation.
The code looks for the same name in the certificate; as the chain loading URL. In my case it was different.
Find all posts by this user
Quote this message in a reply
Post Reply 




User(s) browsing this thread: 3 Guest(s)