|
If the subdomains are also located on different subnets things get more hairy than a Minoxidil spill.
Running things local, all should work with the host file entries for 'real' domains... <client>.myapp and <client>.myappservice is probably what I would pick.
I think maybe there is confusion about the routing happening server-side vs client?
Which really just depends on the code. If the code to hit the service is c# server-side vs something like an inline json call from js, then which DNS resolution (and which hosts file, client v server) is getting used would be different.
|
|
|
|
|
Hmm, localhost is not technically a domain name, so I guess that is why it is elephanting when trying to resolve a sub domain from it.
Two things I can think of to try:
1. use sub.127.0.0.1:1234 (or possibly sub."127.0.0.1":1234
2. add sub.localhost to your hosts file. (pointing to 127.0.0.1 or localhost)
Good luck
|
|
|
|
|
RainHat wrote: so I guess that is why it is elephanting when trying to resolve a sub domain from it But only under specific (unknown) circumstances, like being at the office or having a VPN.
I've thought about the hosts file, but that won't explain why it works in my browser, but I can't ping it and why it works at home, but not at the office and that my coworker has a varying mileage.
It doesn't work in Azure either, which is even weirder, since all subdomains are registered in a DNS within a "proper" domain.
|
|
|
|
|
When you say you cannot ping it, do you mean you get no response or you get no name resolution?
Try powershells from the machines where the app is running if you can...
Test-NetConnect <ip or fqdn> -p <port> ... I may be off on some of that syntax.
|
|
|
|
|
From comments at top of hosts file:
# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost
If I add a line to hosts file:
127.0.0.2 sub.localhost
then I can do:
>ping sub.localhost
Pinging sub.localhost [127.0.0.2] with 32 bytes of data:
Reply from 127.0.0.2: bytes=32 time<1ms TTL=128
Mircea
|
|
|
|
|
I've thought about the hosts file, but that won't explain why it works in my browser, but I can't ping it and why it works at home, but not at the office and that my coworker has a varying mileage.
It doesn't work in Azure either, which is even weirder, since all subdomains are registered in a DNS within a "proper" domain.
|
|
|
|
|
I think at least some browsers (Chrome, I'm looking at you!) have their own DNS resolver. VPN adds another level of weirdness and anyway localhost is not a valid domain name. Are you trying to solve all the possible interactions between these parts or you just want your app to work? If it's the first one, I'd like to hear the result, maybe in an article or tip here. If it's the second, just add a line to your hosts file. It has the highest priority in the DNS resolving order[^] and it just works.
Mircea
|
|
|
|
|
Sander Rossel wrote: I've thought about the hosts file, but that won't explain why it works in my browser, but I can't ping it and why it works at home, but not at the office and that my coworker has a varying mileage. A lot of servers disable pings to help prevent a DoS. Unless you're positive your server accepts pings, you'd be better of doing an ns lookup to see if it's going to be resolved or not.
Jeremy Falcon
|
|
|
|
|
I think your workplace might have some dodgy network group policies/filters.
Check out my IoT graphics library here:
https://honeythecodewitch.com/gfx
And my IoT UI/User Experience library here:
https://honeythecodewitch.com/uix
modified 7-Jun-24 10:01am.
|
|
|
|
|
I'm suspicious of that too, especially with new AI network monitors/thwarters... But it would be super weird for them to muck with overriding the hosts file though?
|
|
|
|
|
I amended my comment to include group policies, which can do strange things to a machine.
Check out my IoT graphics library here:
https://honeythecodewitch.com/gfx
And my IoT UI/User Experience library here:
https://honeythecodewitch.com/uix
|
|
|
|
|
That's true... and which domain you are logging onto and whether you're "inhouse" or ingressing through a VPN or something could change which get applied. It could send you to different DNS servers (to help hide internal resources in domains that were more "edge"-closer to DMZ).
|
|
|
|
|
The only difference is a different Wi-Fi (shared with other tenants).
We don't have a work network, domain controller, etc.
|
|
|
|
|
Well I guess the good news is that simplifies the situation considerably.
The bad news is I have no idea what your next troubleshooting move should be.
Check out my IoT graphics library here:
https://honeythecodewitch.com/gfx
And my IoT UI/User Experience library here:
https://honeythecodewitch.com/uix
|
|
|
|
|
It's not the Azure network gateway is it? Last weekend working away from home and needed to rdc into an Azure VM meant that I had to add the IP address where I was connected to the inbound Accept rules in order to connect. Just a thought... Good luck!
"Go forth into the source" - Neal Morse
"Hope is contagious"
|
|
|
|
|
Sander Rossel wrote: but my web app can't access the service ("no such host is known")...("no such host is known").
This is not a "service" problem.
It is a connectivity problem.
So you need to diagnose that and stop focusing on the service.
In the modern era you can and probably should always start with diagnosing connectivity using telnet.
Since all modern sites use IP/TCP telnet is an excellent tool to test that.
If you can connect via telnet then there is no connectivity issue. If not then there is. It is just that simple. Nothing else matters in that context. For example SSL/TLS has no impact on it.
Looks like you are also using a host name and not an IP address. You can use a DNS lookup tool like 'nslookup' to determine the IP.
DNS processing is a separate service which can fail all by itself. If you can verify the look up then after that you should use the IP only since it removes that extra service lookup (and failure possibility.) Again you use telnet with the IP to check.
Now if you verify that it is not a connectivity issue then you can look at the service. For example firewall rules can block specific http requests.
Also commenting on the thing about the hosts file and browsers. That was curious so I looked that up and found the following which doesn't make it all that clear what might be expected.
https://stackoverflow.com/questions/42636711/google-chrome-ignoring-hosts-file[^]
But what is clear is that using the IP makes al of that irrelevant.
As one other bit of advice when using the browser - do not leave any open browser windows when testing. So no other sites. Despite things like incognito it still caches stuff. So every single browser must be closed. Or at least that was true a few years ago.
|
|
|
|
|
It's the devil's work.
"A little time, a little trouble, your better day"
Badfinger
|
|
|
|
|
Sander Rossel wrote: When I'm at home, it works.
When I'm at home and on VPN it doesn't work.
It works with and without VPN for my coworker, but only from home.
At the office, it doesn't work with or without VPN for both of us. When something is all over the place like this, it's best to remove as many variables as possible. As such, if not yet done, a traceroute should be done in each and every environment both on and off the VPN. It could be anything from your coworker updating his hosts file without saying so or even a regional thing where you're hitting a different server. Who knows, but a traceroute will help figure that out.
Sander Rossel wrote: We've deployed both in an Azure app service with the subdomain properly registered in the DNS and a valid certificate. Exactly how though? A local or localhost domain generally doesn't go through DNS. I mean it can, but it's typically considered private. Is this a public DNS server or something internal only?
Sander Rossel wrote: When I remove the subdomain everything works. This is what I'm guessing the issue is. It's just a guess, but in DNS lingo a subdomain is a typically CNAME. A top level domain is an A record usually. If you try to add a "sub domain" as an A/SOA record, that's considered advanced and not needed for most situations where you're running things on the same server.
So perhaps Azure (assuming this is a public DNS server) just isn't happy with the way it was entered.
Jeremy Falcon
|
|
|
|
|
Jeremy Falcon wrote: Exactly how though? A local or localhost domain generally doesn't go through DNS. I mean it can, but it's typically considered private. Is this a public DNS server or something internal only? Yeah, that one isn't called localhost, obviously
sub.client.nl registered using CNAME.
Azure is quite strict about that kind of stuff.
|
|
|
|
|
That makes the whole situation even more confusing then... because if that's not the case then you're not using an DNS server at all. Yes, DNS supports a hosts file as part of the protocol but that's not the same thing as a server... which means every config is on a per machine basis.
Guessing this is your first time doing this? When I find myself overwhelmed I usually start again from scratch and take it one step at a time while ensuring every step along the way is working and verified. Perhaps that'll help?
Jeremy Falcon
|
|
|
|
|
Also, you should flush the DNS cache on every machine that attempts to access anything before even thinking about troubleshooting. DNS propagation isn't too long of a wait, but it's most certainly not instant. So, if you're debugging something, always flush your DNS cache first.
For Windows it's ipconfig /flushdns .
Also, it wouldn't hurt to know the TTL for the DNS server in question for each machine. This assuming you're not using your ISPs DNS server, which you most likely are. Although some ISPs will list their TTL.
Note, this doesn't apply to a host file, but it most certainly does for a DNS server.
Jeremy Falcon
|
|
|
|
|
A while ago, I had a test site setup with both A and AAAA records in DNS. Worked fine "from home", failed to connect "via VPN".
Guess what: My VPN config had IPv6 disabled, but still tried to connect using the AAAA IPv6 address.
|
|
|
|
|
tracert shows different paths to the domain?
|
|
|
|
|
So, were you able to sort this out?
I wouldn't mix in the localhost issue, it is probably something different and I'm assuming the goal is to have the Azure service running.
Have you run the sub through a DNS checker? I'm assuming you are using azure-dns.net as the DNS.
|
|
|
|
|
Hello,
I don't know whether you've solved this yet, and I'm definitely NOT the person to solve it. BUT: there was a comment about using nslookup to examine the actual DNS resolution.
And, also know that windows loads several default values into the routing table when you boot, and may retain some of these on reboots. You'll want to flush the table (as admin: netsh interface ip delete destinationcache).
Also know that there are a number of special-use domain names and extensions used for for the internet at large: see rfc6761.
"Works on my machine" is humorous adage for a reason.
Good luck.
Time is the differentiation of eternity devised by man to measure the passage of human events.
- Manly P. Hall
Mark
Just another cog in the wheel
|
|
|
|