I'm trying to setup a DNS appliance on my grid.


I created the appliance and verified that it works fine when I issue DNS queries from other appliances inside the network.
Next, I dragged the "IN" gateway appliance onto my grid and connected its "out" terminal to the "in" terminal of the DNS appliance. I configured the public IP, netmask and gateway on the "IN" appliance and verified that I can ping its IP from the Internet.
Finally, on the "IN" appliance, I set "iface1_protocol" to "udp" and "iface1_port" to 53.

The problem is, when I query the DNS server from the Internet, I get nothing. It just times out. Can anyone tell me what I'm doing wrong? I know DNS responses are sent on a random port > 1023. Could this be the problem? Do I need some kind of special firewall rule that would allow the DNS responses to pass through?

bkonia,

You may be hitting a defect, SCR 2049, in the IN/INSSL gateways in AppLogic 2.1.0. The problem seems to be that the IN appliance fails to provide return path for UDP traffic. Sorry for the trouble. The defect was fixed in the AppLogic 2.1.1 release, but if you are using 2.1.0 you can solve it easily.

You can also "fix" the IN gateway appliance by following these steps:
- branch the IN gateway in your app
- rename the IN class (the branched one) to IN2
- start the application, log into the IN2 appliance
- add the following to
/appliance/iptables-fwrules.sh directly below the same line for tcp:

iptables -A FORWARD -p udp -i $INTIF -s $INTIP -o $EXTIF -j ACCEPT
- (alternatively, replace the tcp line with
$IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT)
- restart the appliance or the whole app, verify it now works
- stop the app
- open the editor and move the IN2 appliance into the user catalog
- use the IN2 appliance in all apps that need UDP input

The problem is briefly mentioned in the release notes of 2.1.1 in http://doc.3tera.net/AppLogic2/ReleaseNotes-2-1-1.html#Important_Bug_Fixes_in_AppLogic.
The problem is fixed in AppLogic 2.1.1, so upgrading to 2.1.1 is also going to resolve the problem. If you use the fix now and later upgrade to AppLogic 2.1.1, you can easily replace the IN2 in your apps with the stock system catalog IN appliance (use shift-drag in the editor to replace appliance classes), then delete your IN2 when no longer needed.

Sorry for the frustration this has surely caused; let us know if the above resolved the issue.

Best regards,
-- Peter

Yes, that fixed it. Thanks!