3f76bc9507
- MASTER_INDEX: Last Updated 2026-03-06; status 59/59 contracts; add NEXT_STEPS_LIST, CONTRACT_NEXT_STEPS_LIST - docs/README, NEXT_STEPS_INDEX, 06-besu/MASTER_INDEX: Last Updated 2026-03-06 - Contract check script: 59 addresses (PMM, vault/reserve, CompliantFiatTokens); canonical CCIP/router - New docs: EXECUTION_CHECKLIST, NEXT_STEPS_LIST, DOTENV_AUDIT, ADDITIONAL_PATHS, deployer gas runbook, WEMIX_ACQUISITION_TABLED, etc. - Config: deployer-gas-routes, cro-wemix-swap-routes, routing-registry, token-mapping - Scripts: check-contracts-on-chain-138, check-pmm-pool-balances-chain138, deployer-gas-auto-route, acquire-cro-and-wemix-gas - Operator rule: operator-lan-access-check.mdc Made-with: Cursor
3.7 KiB
E2E DNS from LAN (no public DNS) runbook
When the E2E domain sweep runs from a machine where *.sankofa.nexus, *.d-bis.org, etc. do not resolve (e.g. no Cloudflare/split-horizon DNS, no VPN), all tests fail at DNS (Could not resolve host). This runbook gives three ways to unblock.
Option 1: Temporary /etc/hosts (recommended for this machine)
Use the generated hosts file so this machine resolves all E2E hostnames to the LAN proxy (NPMplus).
-
Append E2E hosts to
/etc/hosts(from repo root):sudo cp /etc/hosts /etc/hosts.bak.$(date +%Y%m%d) cat config/e2e-hosts-append.txt | sudo tee -a /etc/hostsOr generate fresh:
./scripts/verify/generate-e2e-hosts.sh | sudo tee -a /etc/hosts -
Run E2E using the system resolver (so
getent/hosts are used instead ofdig @8.8.8.8):E2E_USE_SYSTEM_RESOLVER=1 ./scripts/verify/verify-end-to-end-routing.sh -
Revert when done (optional): run the dedicated script to remove the E2E block:
sudo ./scripts/verify/remove-e2e-hosts-from-etc-hosts.shOr restore from backup:
sudo cp /etc/hosts.bak.YYYYMMDD /etc/hosts
Mappings used: Most domains → NPMplus primary 192.168.11.167. Gitea/dev/codespaces → NPMplus Fourth 192.168.11.170. Proxmox UI → pve.ml110 (.10), pve.r630-01 (.11), pve.r630-02 (.12). See config/ip-addresses.conf and scripts/verify/generate-e2e-hosts.sh.
Option 2: Working DNS path to *.sankofa.nexus (and other zones)
- Cloudflare: Ensure the zones (e.g.
sankofa.nexus,d-bis.org) have A/CNAME records pointing to the correct public IPs (e.g.76.53.10.36for main NPMplus,76.53.10.40for Fourth). Then from any machine with internet, DNS will resolve and E2E can use the defaultdig @8.8.8.8(no/etc/hostsorE2E_USE_SYSTEM_RESOLVER). - Split-horizon / internal DNS: If you have an internal DNS server that serves these names (e.g. Pi-hole, dnsmasq) with the same mappings as
e2e-hosts-append.txt, point this machine’s resolver to it and run E2E normally (or withACCEPT_ANY_DNS=1if resolved IPs differ fromPUBLIC_IP). - VPN: If a VPN makes these hostnames resolve (e.g. via internal DNS), connect and run E2E; you may need
ACCEPT_ANY_DNS=1if the VPN resolves to private IPs.
Option 3: Bastion / jump host
Run the E2E sweep from a host where the domains already resolve and are reachable (e.g. a VM on the same LAN that has /etc/hosts or internal DNS, or a jump host that uses the right resolver). Copy the repo (or mount it), then:
# On bastion (with /etc/hosts or DNS already set)
cd /path/to/proxmox
E2E_USE_SYSTEM_RESOLVER=1 ./scripts/verify/verify-end-to-end-routing.sh
No need to change the script if the bastion’s resolver returns the correct IPs.
Summary
| Goal | Action |
|---|---|
| Run E2E on this machine now | Use Option 1: append config/e2e-hosts-append.txt to /etc/hosts, then E2E_USE_SYSTEM_RESOLVER=1 ./scripts/verify/verify-end-to-end-routing.sh |
| Fix DNS for everyone | Option 2: Configure Cloudflare or internal DNS for the E2E hostnames |
| Run E2E from another host | Option 3: Use a bastion/jump host that already resolves the domains |
References
- E2E script:
scripts/verify/verify-end-to-end-routing.sh - Hosts generator:
scripts/verify/generate-e2e-hosts.sh - Hosts append file:
config/e2e-hosts-append.txt - Revert script:
scripts/verify/remove-e2e-hosts-from-etc-hosts.sh - IP source of truth:
config/ip-addresses.conf