Ubuntu 16.04 Cannot resolve hostnames Announcing the arrival of Valued Associate #679: Cesar...

2 sample t test for sample sizes - 30,000 and 150,000

Does the Pact of the Blade warlock feature allow me to customize the properties of the pact weapon I create?

If gravity precedes the formation of a solar system, where did the mass come from that caused the gravity?

Does traveling In The United States require a passport or can I use my green card if not a US citizen?

Proving inequality for positive definite matrix

Marquee sign letters

Is there a verb for listening stealthily?

Can I take recommendation from someone I met at a conference?

Is the Mordenkainen's Sword spell underpowered?

How is an IPA symbol that lacks a name (e.g. ɲ) called?

Who can become a wight?

Determine the generator of an ideal of ring of integers

Will I be more secure with my own router behind my ISP's router?

Meaning of this sentence, confused by まで

Is "ein Herz wie das meine" an antiquated or colloquial use of the possesive pronoun?

Lights are flickering on and off after accidentally bumping into light switch

Protagonist's race is hidden - should I reveal it?

Knights and Knaves question

Raising a bilingual kid. When should we introduce the majority language?

lm and glm function in R

When speaking, how do you change your mind mid-sentence?

What is the difference between 准时 and 按时?

Is Vivien of the Wilds + Wilderness Reclamation a competitive combo?

Etymology of 見舞い



Ubuntu 16.04 Cannot resolve hostnames



Announcing the arrival of Valued Associate #679: Cesar Manara
Planned maintenance scheduled April 23, 2019 at 23:30 UTC (7:30pm US/Eastern)Internet connection not working although it says it is connectedCannot ping localhost after a half day of uptimeJuju misconfigures neutron setup ?! Cannot connect to instances14.04 no internet connection when I up the bridge interface (for LXC container)Ubuntu 16.04 wifi not connectingWireless Interface Hard Blocked, Cannot Bring UpDual NIC not workingARP cannot resolve hostnames after adding dns entries in resolv.confVPN connects but no remote LAN accessCannot ping past gateway





.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ margin-bottom:0;
}







2















I have weird problem with resolving hostnames on Ubuntu 16.04. I'm searching for solution from friday (4 days!), so I think it's totally not duplicate to similar questions.



I have a server in local network with two interfaces: external (to the internet) and internal (to local network). Both are static configured. I'll show config below.



It was working perfectly since installed in March. Several times I've successfully made 'apt update' with no problem. On friday I tried to update it again, and here the main story begins...



apt update



Welcome to Ubuntu 16.04.2 LTS (GNU/Linux 4.4.0-93-generic x86_64)

~$ sudo apt update
Err:1 http://us.archive.ubuntu.com/ubuntu xenial InRelease
Temporary failure resolving 'us.archive.ubuntu.com'
Err:2 http://security.ubuntu.com/ubuntu xenial-security InRelease
Temporary failure resolving 'security.ubuntu.com'
Err:3 http://us.archive.ubuntu.com/ubuntu xenial-updates InRelease
Temporary failure resolving 'us.archive.ubuntu.com'
Err:4 http://us.archive.ubuntu.com/ubuntu xenial-backports InRelease
Temporary failure resolving 'us.archive.ubuntu.com'
Reading package lists... Done
Building dependency tree
Reading state information... Done
195 packages can be upgraded. Run 'apt list --upgradable' to see them.
W: Failed to fetch http://us.archive.ubuntu.com/ubuntu/dists/xenial/InRelease Temporary failure resolving 'us.archive.ubuntu.com'
W: Failed to fetch http://us.archive.ubuntu.com/ubuntu/dists/xenial-updates/InRelease Temporary failure resolving 'us.archive.ubuntu.com'
W: Failed to fetch http://us.archive.ubuntu.com/ubuntu/dists/xenial-backports/InRelease Temporary failure resolving 'us.archive.ubuntu.com'
W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/xenial-security/InRelease Temporary failure resolving 'security.ubuntu.com'
W: Some index files failed to download. They have been ignored, or old ones used instead.


ping/telnet



~$ ping google.com
ping: unknown host google.com

~$ ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=58 time=3.87 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=58 time=3.93 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=58 time=3.88 ms

--- 8.8.8.8 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 3.870/3.898/3.939/0.077 ms

~$ telnet 8.8.8.8 53
Trying 8.8.8.8...
Connected to 8.8.8.8.
Escape character is '^]'.
Connection closed by foreign host.


On previous updates there was no such problems with resolving hostnames. Server is primarily used in local network by ip address, so i don't know when this problem arise.
So here are some commands, that i executed (external ip address replaced with #):



ifconfig



~$ ifconfig
enp29s0 Link encap:Ethernet HWaddr 00:10:18:25:cd:40
inet addr:#.#.#.# Bcast:#.#.#.# Mask:255.255.255.248
inet6 addr: fe80::210:18ff:fe25:cd40/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:145862 errors:0 dropped:0 overruns:0 frame:0
TX packets:119991 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:14777641 (14.7 MB) TX bytes:22823397 (22.8 MB)


enp3s0 Link encap:Ethernet HWaddr 00:1a:64:c9:93:f8
inet addr:10.0.35.115 Bcast:10.255.255.255 Mask:255.0.0.0
inet6 addr: fe80::21a:64ff:fec9:93f8/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:779951 errors:0 dropped:0 overruns:0 frame:0
TX packets:608340 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:514425482 (514.4 MB) TX bytes:189891768 (189.8 MB)


lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:2145438 errors:0 dropped:0 overruns:0 frame:0
TX packets:2145438 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:1185976997 (1.1 GB) TX bytes:1185976997 (1.1 GB)


cat /etc/network/interfaces



~$ cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).


source /etc/network/interfaces.d/*


# The loopback network interface
auto lo
iface lo inet loopback


# The primary network interface - Internal
auto enp3s0
iface enp3s0 inet static
address 10.0.35.115
netmask 255.0.0.0
network 10.0.0.0
broadcast 10.255.255.255
# gateway 10.1.10.102
# # dns-* options are implemented by the resolvconf package, if installed
# dns-nameservers 10.1.10.102
metric 20


# The secondary network interface - External
auto enp29s0
iface enp29s0 inet static
address #.#.#.#
netmask 255.255.255.248
# network #.#.#.#
# broadcast #.#.#.#
gateway #.#.#.#
dns-nameservers 8.8.8.8 8.8.4.4
metric 10


#auto enp6s0
iface enp6s0 inet manual


/etc/resolv.conf



~$ ls -la /etc/resolv.conf
lrwxrwxrwx 1 root root 27 Oct 14 01:46 /etc/resolv.conf -> /run/resolvconf/resolv.conf


~$ cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 8.8.8.8
nameserver 8.8.4.4


But nmcli didn't show any DNS configured:
nmcli



~$ nmcli dev show | grep 'DNS'

~$ nmcli dev show | grep 'IP4'
IP4.ADDRESS[1]: #.#.#.#/29
IP4.GATEWAY: #.#.#.#


What i did:




  • several times restarted server.


  • several times restarted systemd-resolved, NetworkManager.


  • comment and uncomment "dns=dnsmasq" in /etc/NetworkManager/NetworkManager.conf (with restart service and server).


  • found advice about switch off DNSSEC, but as i found it's already switched off.


  • made /etc/resolv.conf static file (not symbolic link), get back to symbolic link - all with restarts.



Nothing of this helps...



Today 16 Oct



Today I've made 'apt update' and 'apt upgrade' with some trick: changed in /etc/apt/source.list domains names to their ip addresses. So system updated and become 16.04.3.
It doesn't help.



/etc/nsswitch.conf



Remove some settings for "hosts" and leave minimal values.



~$ cat /etc/nsswitch.conf
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.

passwd: compat
group: compat
shadow: compat
gshadow: files

#hosts: files mdns4_minimal [NOTFOUND=return] dns
hosts: files dns
networks: files

protocols: db files
services: db files
ethers: db files
rpc: db files

netgroup: nis


nslookup on custom DNS server



This thing finally drives me crazy. I run nslookup on custom DNS server...



~$ nslookup yandex.ru 208.67.222.222
;; connection timed out; no servers could be reached


tcpdump on 53 port



...check tcpdump - it was showing too much records with "bad udp cksum"...



~# sudo tcpdump -vvv -B 4096 -i enp29s0 host 208.67.222.222 and port 53
tcpdump: listening on enp29s0, link-type EN10MB (Ethernet), capture size 262144 bytes
16:01:57.043326 IP (tos 0x0, ttl 64, id 30657, offset 0, flags [none], proto UDP (17), length 55)
#.#.#.#.55778 > 208.67.222.222.domain: [bad udp cksum 0x445e -> 0x6d74!] 47660+ A? yandex.ru. (27)


ethtool



...execute ethtool to avoid such records...



~$ sudo ethtool --offload enp29s0 rx off tx off
Actual changes:
rx-checksumming: off
tx-checksumming: off
tx-checksum-ipv4: off
tcp-segmentation-offload: off
tx-tcp-segmentation: off [requested on]
tx-tcp-ecn-segmentation: off [requested on]


...and check tcpdump again:



~# cat tcpdump.log
15:26:08.451181 IP (tos 0x0, ttl 64, id 65257, offset 0, flags [none], proto UDP (17), length 55)
#.#.#.#.54228 > 208.67.222.222.domain: [udp sum ok] 23065+ A? yandex.ru. (27)
15:26:08.498299 IP (tos 0x0, ttl 57, id 4778, offset 0, flags [DF], proto UDP (17), length 119)
208.67.222.222.domain > #.#.#.#.54228: [udp sum ok] 23065 q: A? yandex.ru. 4/0/0 yandex.ru. [4m4s] A 77.88.55.80, yandex.ru. [4m4s] A 5.255.255.80, yandex.ru. [4m4s] A 77.88.55.50, yandex.ru. [4m4s] A 5.255.255.60 (91)
15:26:13.451133 IP (tos 0x0, ttl 64, id 537, offset 0, flags [none], proto UDP (17), length 55)
#.#.#.#.54228 > 208.67.222.222.domain: [udp sum ok] 23065+ A? yandex.ru. (27)
15:26:13.498225 IP (tos 0x0, ttl 57, id 5523, offset 0, flags [DF], proto UDP (17), length 119)
208.67.222.222.domain > #.#.#.#.54228: [udp sum ok] 23065 q: A? yandex.ru. 4/0/0 yandex.ru. [3m59s] A 5.255.255.80, yandex.ru. [3m59s] A 77.88.55.50, yandex.ru. [3m59s] A 5.255.255.60, yandex.ru. [3m59s] A 77.88.55.80 (91)
15:26:18.451231 IP (tos 0x0, ttl 64, id 1389, offset 0, flags [none], proto UDP (17), length 55)
#.#.#.#.54228 > 208.67.222.222.domain: [udp sum ok] 23065+ A? yandex.ru. (27)
15:26:18.498305 IP (tos 0x0, ttl 57, id 6088, offset 0, flags [DF], proto UDP (17), length 119)
208.67.222.222.domain > #.#.#.#.54228: [udp sum ok] 23065 q: A? yandex.ru. 4/0/0 yandex.ru. [3m54s] A 77.88.55.50, yandex.ru. [3m54s] A 5.255.255.60, yandex.ru. [3m54s] A 77.88.55.80, yandex.ru. [3m54s] A 5.255.255.80 (91)


So it seems that Ubuntu works well with DNS server, sending request, getting answers. But somehow cannot parse this answer...



For now I have no any more ideas how to get DNS resolving back to work.



Am I did all right, or something was not, and what else I can do to make it work?



Upd 17 Oct:



ip route output:



~$ ip route
default via x.x.x.41 dev enp29s0 metric 10 onlink
10.0.0.0/8 dev enp3s0 proto kernel scope link src 10.0.35.115
x.x.x.40/29 dev enp29s0 proto kernel scope link src x.x.x.42
169.254.0.0/16 dev enp3s0 scope link metric 1000

~$ ip route get 8.8.8.8
8.8.8.8 via x.x.x.41 dev enp29s0 src x.x.x.42
cache


traceroute to Google DNS:



~$ traceroute 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets
1 x.x.x.41 (x.x.x.41) 1.413 ms 1.404 ms 1.420 ms
2 89.221.63.15 (89.221.63.15) 3.451 ms 3.473 ms 3.463 ms
3 195.208.208.232 (195.208.208.232) 3.360 ms 2.851 ms 2.843 ms
4 108.170.250.129 (108.170.250.129) 3.582 ms 108.170.250.97 (108.170.250.97) 4.029 ms 108.170.250.33 (108.170.250.33) 3.737 ms
5 108.170.226.91 (108.170.226.91) 3.679 ms 66.249.94.195 (66.249.94.195) 4.103 ms 108.170.227.65 (108.170.227.65) 3.828 ms
6 8.8.8.8 (8.8.8.8) 4.506 ms 3.786 ms 3.979 ms


x.x.x.42 - server address.



x.x.x.40 and x.x.x.41 - "x" is the same as in server address.










share|improve this question




















  • 1





    What is the route used by your machine to access 8.8.8.8, the Google DNS server ? What is the response of ip route?

    – Jaime
    Oct 16 '17 at 15:11











  • @Jaime updated question with traceroute and ip route output.

    – Shniperson
    Oct 17 '17 at 7:13











  • The routes look ok. -- what happened when you use nslookup using the Google DNS in the command line ? It does not work ? -- have you tried to set the Google DNS in both interfaces at /etc/network/interfaces ?

    – Jaime
    Oct 17 '17 at 20:57











  • @Jaime Found the problem. See my own answer. Thanks!

    – Shniperson
    Oct 20 '17 at 9:06


















2















I have weird problem with resolving hostnames on Ubuntu 16.04. I'm searching for solution from friday (4 days!), so I think it's totally not duplicate to similar questions.



I have a server in local network with two interfaces: external (to the internet) and internal (to local network). Both are static configured. I'll show config below.



It was working perfectly since installed in March. Several times I've successfully made 'apt update' with no problem. On friday I tried to update it again, and here the main story begins...



apt update



Welcome to Ubuntu 16.04.2 LTS (GNU/Linux 4.4.0-93-generic x86_64)

~$ sudo apt update
Err:1 http://us.archive.ubuntu.com/ubuntu xenial InRelease
Temporary failure resolving 'us.archive.ubuntu.com'
Err:2 http://security.ubuntu.com/ubuntu xenial-security InRelease
Temporary failure resolving 'security.ubuntu.com'
Err:3 http://us.archive.ubuntu.com/ubuntu xenial-updates InRelease
Temporary failure resolving 'us.archive.ubuntu.com'
Err:4 http://us.archive.ubuntu.com/ubuntu xenial-backports InRelease
Temporary failure resolving 'us.archive.ubuntu.com'
Reading package lists... Done
Building dependency tree
Reading state information... Done
195 packages can be upgraded. Run 'apt list --upgradable' to see them.
W: Failed to fetch http://us.archive.ubuntu.com/ubuntu/dists/xenial/InRelease Temporary failure resolving 'us.archive.ubuntu.com'
W: Failed to fetch http://us.archive.ubuntu.com/ubuntu/dists/xenial-updates/InRelease Temporary failure resolving 'us.archive.ubuntu.com'
W: Failed to fetch http://us.archive.ubuntu.com/ubuntu/dists/xenial-backports/InRelease Temporary failure resolving 'us.archive.ubuntu.com'
W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/xenial-security/InRelease Temporary failure resolving 'security.ubuntu.com'
W: Some index files failed to download. They have been ignored, or old ones used instead.


ping/telnet



~$ ping google.com
ping: unknown host google.com

~$ ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=58 time=3.87 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=58 time=3.93 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=58 time=3.88 ms

--- 8.8.8.8 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 3.870/3.898/3.939/0.077 ms

~$ telnet 8.8.8.8 53
Trying 8.8.8.8...
Connected to 8.8.8.8.
Escape character is '^]'.
Connection closed by foreign host.


On previous updates there was no such problems with resolving hostnames. Server is primarily used in local network by ip address, so i don't know when this problem arise.
So here are some commands, that i executed (external ip address replaced with #):



ifconfig



~$ ifconfig
enp29s0 Link encap:Ethernet HWaddr 00:10:18:25:cd:40
inet addr:#.#.#.# Bcast:#.#.#.# Mask:255.255.255.248
inet6 addr: fe80::210:18ff:fe25:cd40/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:145862 errors:0 dropped:0 overruns:0 frame:0
TX packets:119991 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:14777641 (14.7 MB) TX bytes:22823397 (22.8 MB)


enp3s0 Link encap:Ethernet HWaddr 00:1a:64:c9:93:f8
inet addr:10.0.35.115 Bcast:10.255.255.255 Mask:255.0.0.0
inet6 addr: fe80::21a:64ff:fec9:93f8/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:779951 errors:0 dropped:0 overruns:0 frame:0
TX packets:608340 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:514425482 (514.4 MB) TX bytes:189891768 (189.8 MB)


lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:2145438 errors:0 dropped:0 overruns:0 frame:0
TX packets:2145438 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:1185976997 (1.1 GB) TX bytes:1185976997 (1.1 GB)


cat /etc/network/interfaces



~$ cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).


source /etc/network/interfaces.d/*


# The loopback network interface
auto lo
iface lo inet loopback


# The primary network interface - Internal
auto enp3s0
iface enp3s0 inet static
address 10.0.35.115
netmask 255.0.0.0
network 10.0.0.0
broadcast 10.255.255.255
# gateway 10.1.10.102
# # dns-* options are implemented by the resolvconf package, if installed
# dns-nameservers 10.1.10.102
metric 20


# The secondary network interface - External
auto enp29s0
iface enp29s0 inet static
address #.#.#.#
netmask 255.255.255.248
# network #.#.#.#
# broadcast #.#.#.#
gateway #.#.#.#
dns-nameservers 8.8.8.8 8.8.4.4
metric 10


#auto enp6s0
iface enp6s0 inet manual


/etc/resolv.conf



~$ ls -la /etc/resolv.conf
lrwxrwxrwx 1 root root 27 Oct 14 01:46 /etc/resolv.conf -> /run/resolvconf/resolv.conf


~$ cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 8.8.8.8
nameserver 8.8.4.4


But nmcli didn't show any DNS configured:
nmcli



~$ nmcli dev show | grep 'DNS'

~$ nmcli dev show | grep 'IP4'
IP4.ADDRESS[1]: #.#.#.#/29
IP4.GATEWAY: #.#.#.#


What i did:




  • several times restarted server.


  • several times restarted systemd-resolved, NetworkManager.


  • comment and uncomment "dns=dnsmasq" in /etc/NetworkManager/NetworkManager.conf (with restart service and server).


  • found advice about switch off DNSSEC, but as i found it's already switched off.


  • made /etc/resolv.conf static file (not symbolic link), get back to symbolic link - all with restarts.



Nothing of this helps...



Today 16 Oct



Today I've made 'apt update' and 'apt upgrade' with some trick: changed in /etc/apt/source.list domains names to their ip addresses. So system updated and become 16.04.3.
It doesn't help.



/etc/nsswitch.conf



Remove some settings for "hosts" and leave minimal values.



~$ cat /etc/nsswitch.conf
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.

passwd: compat
group: compat
shadow: compat
gshadow: files

#hosts: files mdns4_minimal [NOTFOUND=return] dns
hosts: files dns
networks: files

protocols: db files
services: db files
ethers: db files
rpc: db files

netgroup: nis


nslookup on custom DNS server



This thing finally drives me crazy. I run nslookup on custom DNS server...



~$ nslookup yandex.ru 208.67.222.222
;; connection timed out; no servers could be reached


tcpdump on 53 port



...check tcpdump - it was showing too much records with "bad udp cksum"...



~# sudo tcpdump -vvv -B 4096 -i enp29s0 host 208.67.222.222 and port 53
tcpdump: listening on enp29s0, link-type EN10MB (Ethernet), capture size 262144 bytes
16:01:57.043326 IP (tos 0x0, ttl 64, id 30657, offset 0, flags [none], proto UDP (17), length 55)
#.#.#.#.55778 > 208.67.222.222.domain: [bad udp cksum 0x445e -> 0x6d74!] 47660+ A? yandex.ru. (27)


ethtool



...execute ethtool to avoid such records...



~$ sudo ethtool --offload enp29s0 rx off tx off
Actual changes:
rx-checksumming: off
tx-checksumming: off
tx-checksum-ipv4: off
tcp-segmentation-offload: off
tx-tcp-segmentation: off [requested on]
tx-tcp-ecn-segmentation: off [requested on]


...and check tcpdump again:



~# cat tcpdump.log
15:26:08.451181 IP (tos 0x0, ttl 64, id 65257, offset 0, flags [none], proto UDP (17), length 55)
#.#.#.#.54228 > 208.67.222.222.domain: [udp sum ok] 23065+ A? yandex.ru. (27)
15:26:08.498299 IP (tos 0x0, ttl 57, id 4778, offset 0, flags [DF], proto UDP (17), length 119)
208.67.222.222.domain > #.#.#.#.54228: [udp sum ok] 23065 q: A? yandex.ru. 4/0/0 yandex.ru. [4m4s] A 77.88.55.80, yandex.ru. [4m4s] A 5.255.255.80, yandex.ru. [4m4s] A 77.88.55.50, yandex.ru. [4m4s] A 5.255.255.60 (91)
15:26:13.451133 IP (tos 0x0, ttl 64, id 537, offset 0, flags [none], proto UDP (17), length 55)
#.#.#.#.54228 > 208.67.222.222.domain: [udp sum ok] 23065+ A? yandex.ru. (27)
15:26:13.498225 IP (tos 0x0, ttl 57, id 5523, offset 0, flags [DF], proto UDP (17), length 119)
208.67.222.222.domain > #.#.#.#.54228: [udp sum ok] 23065 q: A? yandex.ru. 4/0/0 yandex.ru. [3m59s] A 5.255.255.80, yandex.ru. [3m59s] A 77.88.55.50, yandex.ru. [3m59s] A 5.255.255.60, yandex.ru. [3m59s] A 77.88.55.80 (91)
15:26:18.451231 IP (tos 0x0, ttl 64, id 1389, offset 0, flags [none], proto UDP (17), length 55)
#.#.#.#.54228 > 208.67.222.222.domain: [udp sum ok] 23065+ A? yandex.ru. (27)
15:26:18.498305 IP (tos 0x0, ttl 57, id 6088, offset 0, flags [DF], proto UDP (17), length 119)
208.67.222.222.domain > #.#.#.#.54228: [udp sum ok] 23065 q: A? yandex.ru. 4/0/0 yandex.ru. [3m54s] A 77.88.55.50, yandex.ru. [3m54s] A 5.255.255.60, yandex.ru. [3m54s] A 77.88.55.80, yandex.ru. [3m54s] A 5.255.255.80 (91)


So it seems that Ubuntu works well with DNS server, sending request, getting answers. But somehow cannot parse this answer...



For now I have no any more ideas how to get DNS resolving back to work.



Am I did all right, or something was not, and what else I can do to make it work?



Upd 17 Oct:



ip route output:



~$ ip route
default via x.x.x.41 dev enp29s0 metric 10 onlink
10.0.0.0/8 dev enp3s0 proto kernel scope link src 10.0.35.115
x.x.x.40/29 dev enp29s0 proto kernel scope link src x.x.x.42
169.254.0.0/16 dev enp3s0 scope link metric 1000

~$ ip route get 8.8.8.8
8.8.8.8 via x.x.x.41 dev enp29s0 src x.x.x.42
cache


traceroute to Google DNS:



~$ traceroute 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets
1 x.x.x.41 (x.x.x.41) 1.413 ms 1.404 ms 1.420 ms
2 89.221.63.15 (89.221.63.15) 3.451 ms 3.473 ms 3.463 ms
3 195.208.208.232 (195.208.208.232) 3.360 ms 2.851 ms 2.843 ms
4 108.170.250.129 (108.170.250.129) 3.582 ms 108.170.250.97 (108.170.250.97) 4.029 ms 108.170.250.33 (108.170.250.33) 3.737 ms
5 108.170.226.91 (108.170.226.91) 3.679 ms 66.249.94.195 (66.249.94.195) 4.103 ms 108.170.227.65 (108.170.227.65) 3.828 ms
6 8.8.8.8 (8.8.8.8) 4.506 ms 3.786 ms 3.979 ms


x.x.x.42 - server address.



x.x.x.40 and x.x.x.41 - "x" is the same as in server address.










share|improve this question




















  • 1





    What is the route used by your machine to access 8.8.8.8, the Google DNS server ? What is the response of ip route?

    – Jaime
    Oct 16 '17 at 15:11











  • @Jaime updated question with traceroute and ip route output.

    – Shniperson
    Oct 17 '17 at 7:13











  • The routes look ok. -- what happened when you use nslookup using the Google DNS in the command line ? It does not work ? -- have you tried to set the Google DNS in both interfaces at /etc/network/interfaces ?

    – Jaime
    Oct 17 '17 at 20:57











  • @Jaime Found the problem. See my own answer. Thanks!

    – Shniperson
    Oct 20 '17 at 9:06














2












2








2








I have weird problem with resolving hostnames on Ubuntu 16.04. I'm searching for solution from friday (4 days!), so I think it's totally not duplicate to similar questions.



I have a server in local network with two interfaces: external (to the internet) and internal (to local network). Both are static configured. I'll show config below.



It was working perfectly since installed in March. Several times I've successfully made 'apt update' with no problem. On friday I tried to update it again, and here the main story begins...



apt update



Welcome to Ubuntu 16.04.2 LTS (GNU/Linux 4.4.0-93-generic x86_64)

~$ sudo apt update
Err:1 http://us.archive.ubuntu.com/ubuntu xenial InRelease
Temporary failure resolving 'us.archive.ubuntu.com'
Err:2 http://security.ubuntu.com/ubuntu xenial-security InRelease
Temporary failure resolving 'security.ubuntu.com'
Err:3 http://us.archive.ubuntu.com/ubuntu xenial-updates InRelease
Temporary failure resolving 'us.archive.ubuntu.com'
Err:4 http://us.archive.ubuntu.com/ubuntu xenial-backports InRelease
Temporary failure resolving 'us.archive.ubuntu.com'
Reading package lists... Done
Building dependency tree
Reading state information... Done
195 packages can be upgraded. Run 'apt list --upgradable' to see them.
W: Failed to fetch http://us.archive.ubuntu.com/ubuntu/dists/xenial/InRelease Temporary failure resolving 'us.archive.ubuntu.com'
W: Failed to fetch http://us.archive.ubuntu.com/ubuntu/dists/xenial-updates/InRelease Temporary failure resolving 'us.archive.ubuntu.com'
W: Failed to fetch http://us.archive.ubuntu.com/ubuntu/dists/xenial-backports/InRelease Temporary failure resolving 'us.archive.ubuntu.com'
W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/xenial-security/InRelease Temporary failure resolving 'security.ubuntu.com'
W: Some index files failed to download. They have been ignored, or old ones used instead.


ping/telnet



~$ ping google.com
ping: unknown host google.com

~$ ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=58 time=3.87 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=58 time=3.93 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=58 time=3.88 ms

--- 8.8.8.8 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 3.870/3.898/3.939/0.077 ms

~$ telnet 8.8.8.8 53
Trying 8.8.8.8...
Connected to 8.8.8.8.
Escape character is '^]'.
Connection closed by foreign host.


On previous updates there was no such problems with resolving hostnames. Server is primarily used in local network by ip address, so i don't know when this problem arise.
So here are some commands, that i executed (external ip address replaced with #):



ifconfig



~$ ifconfig
enp29s0 Link encap:Ethernet HWaddr 00:10:18:25:cd:40
inet addr:#.#.#.# Bcast:#.#.#.# Mask:255.255.255.248
inet6 addr: fe80::210:18ff:fe25:cd40/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:145862 errors:0 dropped:0 overruns:0 frame:0
TX packets:119991 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:14777641 (14.7 MB) TX bytes:22823397 (22.8 MB)


enp3s0 Link encap:Ethernet HWaddr 00:1a:64:c9:93:f8
inet addr:10.0.35.115 Bcast:10.255.255.255 Mask:255.0.0.0
inet6 addr: fe80::21a:64ff:fec9:93f8/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:779951 errors:0 dropped:0 overruns:0 frame:0
TX packets:608340 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:514425482 (514.4 MB) TX bytes:189891768 (189.8 MB)


lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:2145438 errors:0 dropped:0 overruns:0 frame:0
TX packets:2145438 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:1185976997 (1.1 GB) TX bytes:1185976997 (1.1 GB)


cat /etc/network/interfaces



~$ cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).


source /etc/network/interfaces.d/*


# The loopback network interface
auto lo
iface lo inet loopback


# The primary network interface - Internal
auto enp3s0
iface enp3s0 inet static
address 10.0.35.115
netmask 255.0.0.0
network 10.0.0.0
broadcast 10.255.255.255
# gateway 10.1.10.102
# # dns-* options are implemented by the resolvconf package, if installed
# dns-nameservers 10.1.10.102
metric 20


# The secondary network interface - External
auto enp29s0
iface enp29s0 inet static
address #.#.#.#
netmask 255.255.255.248
# network #.#.#.#
# broadcast #.#.#.#
gateway #.#.#.#
dns-nameservers 8.8.8.8 8.8.4.4
metric 10


#auto enp6s0
iface enp6s0 inet manual


/etc/resolv.conf



~$ ls -la /etc/resolv.conf
lrwxrwxrwx 1 root root 27 Oct 14 01:46 /etc/resolv.conf -> /run/resolvconf/resolv.conf


~$ cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 8.8.8.8
nameserver 8.8.4.4


But nmcli didn't show any DNS configured:
nmcli



~$ nmcli dev show | grep 'DNS'

~$ nmcli dev show | grep 'IP4'
IP4.ADDRESS[1]: #.#.#.#/29
IP4.GATEWAY: #.#.#.#


What i did:




  • several times restarted server.


  • several times restarted systemd-resolved, NetworkManager.


  • comment and uncomment "dns=dnsmasq" in /etc/NetworkManager/NetworkManager.conf (with restart service and server).


  • found advice about switch off DNSSEC, but as i found it's already switched off.


  • made /etc/resolv.conf static file (not symbolic link), get back to symbolic link - all with restarts.



Nothing of this helps...



Today 16 Oct



Today I've made 'apt update' and 'apt upgrade' with some trick: changed in /etc/apt/source.list domains names to their ip addresses. So system updated and become 16.04.3.
It doesn't help.



/etc/nsswitch.conf



Remove some settings for "hosts" and leave minimal values.



~$ cat /etc/nsswitch.conf
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.

passwd: compat
group: compat
shadow: compat
gshadow: files

#hosts: files mdns4_minimal [NOTFOUND=return] dns
hosts: files dns
networks: files

protocols: db files
services: db files
ethers: db files
rpc: db files

netgroup: nis


nslookup on custom DNS server



This thing finally drives me crazy. I run nslookup on custom DNS server...



~$ nslookup yandex.ru 208.67.222.222
;; connection timed out; no servers could be reached


tcpdump on 53 port



...check tcpdump - it was showing too much records with "bad udp cksum"...



~# sudo tcpdump -vvv -B 4096 -i enp29s0 host 208.67.222.222 and port 53
tcpdump: listening on enp29s0, link-type EN10MB (Ethernet), capture size 262144 bytes
16:01:57.043326 IP (tos 0x0, ttl 64, id 30657, offset 0, flags [none], proto UDP (17), length 55)
#.#.#.#.55778 > 208.67.222.222.domain: [bad udp cksum 0x445e -> 0x6d74!] 47660+ A? yandex.ru. (27)


ethtool



...execute ethtool to avoid such records...



~$ sudo ethtool --offload enp29s0 rx off tx off
Actual changes:
rx-checksumming: off
tx-checksumming: off
tx-checksum-ipv4: off
tcp-segmentation-offload: off
tx-tcp-segmentation: off [requested on]
tx-tcp-ecn-segmentation: off [requested on]


...and check tcpdump again:



~# cat tcpdump.log
15:26:08.451181 IP (tos 0x0, ttl 64, id 65257, offset 0, flags [none], proto UDP (17), length 55)
#.#.#.#.54228 > 208.67.222.222.domain: [udp sum ok] 23065+ A? yandex.ru. (27)
15:26:08.498299 IP (tos 0x0, ttl 57, id 4778, offset 0, flags [DF], proto UDP (17), length 119)
208.67.222.222.domain > #.#.#.#.54228: [udp sum ok] 23065 q: A? yandex.ru. 4/0/0 yandex.ru. [4m4s] A 77.88.55.80, yandex.ru. [4m4s] A 5.255.255.80, yandex.ru. [4m4s] A 77.88.55.50, yandex.ru. [4m4s] A 5.255.255.60 (91)
15:26:13.451133 IP (tos 0x0, ttl 64, id 537, offset 0, flags [none], proto UDP (17), length 55)
#.#.#.#.54228 > 208.67.222.222.domain: [udp sum ok] 23065+ A? yandex.ru. (27)
15:26:13.498225 IP (tos 0x0, ttl 57, id 5523, offset 0, flags [DF], proto UDP (17), length 119)
208.67.222.222.domain > #.#.#.#.54228: [udp sum ok] 23065 q: A? yandex.ru. 4/0/0 yandex.ru. [3m59s] A 5.255.255.80, yandex.ru. [3m59s] A 77.88.55.50, yandex.ru. [3m59s] A 5.255.255.60, yandex.ru. [3m59s] A 77.88.55.80 (91)
15:26:18.451231 IP (tos 0x0, ttl 64, id 1389, offset 0, flags [none], proto UDP (17), length 55)
#.#.#.#.54228 > 208.67.222.222.domain: [udp sum ok] 23065+ A? yandex.ru. (27)
15:26:18.498305 IP (tos 0x0, ttl 57, id 6088, offset 0, flags [DF], proto UDP (17), length 119)
208.67.222.222.domain > #.#.#.#.54228: [udp sum ok] 23065 q: A? yandex.ru. 4/0/0 yandex.ru. [3m54s] A 77.88.55.50, yandex.ru. [3m54s] A 5.255.255.60, yandex.ru. [3m54s] A 77.88.55.80, yandex.ru. [3m54s] A 5.255.255.80 (91)


So it seems that Ubuntu works well with DNS server, sending request, getting answers. But somehow cannot parse this answer...



For now I have no any more ideas how to get DNS resolving back to work.



Am I did all right, or something was not, and what else I can do to make it work?



Upd 17 Oct:



ip route output:



~$ ip route
default via x.x.x.41 dev enp29s0 metric 10 onlink
10.0.0.0/8 dev enp3s0 proto kernel scope link src 10.0.35.115
x.x.x.40/29 dev enp29s0 proto kernel scope link src x.x.x.42
169.254.0.0/16 dev enp3s0 scope link metric 1000

~$ ip route get 8.8.8.8
8.8.8.8 via x.x.x.41 dev enp29s0 src x.x.x.42
cache


traceroute to Google DNS:



~$ traceroute 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets
1 x.x.x.41 (x.x.x.41) 1.413 ms 1.404 ms 1.420 ms
2 89.221.63.15 (89.221.63.15) 3.451 ms 3.473 ms 3.463 ms
3 195.208.208.232 (195.208.208.232) 3.360 ms 2.851 ms 2.843 ms
4 108.170.250.129 (108.170.250.129) 3.582 ms 108.170.250.97 (108.170.250.97) 4.029 ms 108.170.250.33 (108.170.250.33) 3.737 ms
5 108.170.226.91 (108.170.226.91) 3.679 ms 66.249.94.195 (66.249.94.195) 4.103 ms 108.170.227.65 (108.170.227.65) 3.828 ms
6 8.8.8.8 (8.8.8.8) 4.506 ms 3.786 ms 3.979 ms


x.x.x.42 - server address.



x.x.x.40 and x.x.x.41 - "x" is the same as in server address.










share|improve this question
















I have weird problem with resolving hostnames on Ubuntu 16.04. I'm searching for solution from friday (4 days!), so I think it's totally not duplicate to similar questions.



I have a server in local network with two interfaces: external (to the internet) and internal (to local network). Both are static configured. I'll show config below.



It was working perfectly since installed in March. Several times I've successfully made 'apt update' with no problem. On friday I tried to update it again, and here the main story begins...



apt update



Welcome to Ubuntu 16.04.2 LTS (GNU/Linux 4.4.0-93-generic x86_64)

~$ sudo apt update
Err:1 http://us.archive.ubuntu.com/ubuntu xenial InRelease
Temporary failure resolving 'us.archive.ubuntu.com'
Err:2 http://security.ubuntu.com/ubuntu xenial-security InRelease
Temporary failure resolving 'security.ubuntu.com'
Err:3 http://us.archive.ubuntu.com/ubuntu xenial-updates InRelease
Temporary failure resolving 'us.archive.ubuntu.com'
Err:4 http://us.archive.ubuntu.com/ubuntu xenial-backports InRelease
Temporary failure resolving 'us.archive.ubuntu.com'
Reading package lists... Done
Building dependency tree
Reading state information... Done
195 packages can be upgraded. Run 'apt list --upgradable' to see them.
W: Failed to fetch http://us.archive.ubuntu.com/ubuntu/dists/xenial/InRelease Temporary failure resolving 'us.archive.ubuntu.com'
W: Failed to fetch http://us.archive.ubuntu.com/ubuntu/dists/xenial-updates/InRelease Temporary failure resolving 'us.archive.ubuntu.com'
W: Failed to fetch http://us.archive.ubuntu.com/ubuntu/dists/xenial-backports/InRelease Temporary failure resolving 'us.archive.ubuntu.com'
W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/xenial-security/InRelease Temporary failure resolving 'security.ubuntu.com'
W: Some index files failed to download. They have been ignored, or old ones used instead.


ping/telnet



~$ ping google.com
ping: unknown host google.com

~$ ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=58 time=3.87 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=58 time=3.93 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=58 time=3.88 ms

--- 8.8.8.8 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 3.870/3.898/3.939/0.077 ms

~$ telnet 8.8.8.8 53
Trying 8.8.8.8...
Connected to 8.8.8.8.
Escape character is '^]'.
Connection closed by foreign host.


On previous updates there was no such problems with resolving hostnames. Server is primarily used in local network by ip address, so i don't know when this problem arise.
So here are some commands, that i executed (external ip address replaced with #):



ifconfig



~$ ifconfig
enp29s0 Link encap:Ethernet HWaddr 00:10:18:25:cd:40
inet addr:#.#.#.# Bcast:#.#.#.# Mask:255.255.255.248
inet6 addr: fe80::210:18ff:fe25:cd40/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:145862 errors:0 dropped:0 overruns:0 frame:0
TX packets:119991 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:14777641 (14.7 MB) TX bytes:22823397 (22.8 MB)


enp3s0 Link encap:Ethernet HWaddr 00:1a:64:c9:93:f8
inet addr:10.0.35.115 Bcast:10.255.255.255 Mask:255.0.0.0
inet6 addr: fe80::21a:64ff:fec9:93f8/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:779951 errors:0 dropped:0 overruns:0 frame:0
TX packets:608340 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:514425482 (514.4 MB) TX bytes:189891768 (189.8 MB)


lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:2145438 errors:0 dropped:0 overruns:0 frame:0
TX packets:2145438 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:1185976997 (1.1 GB) TX bytes:1185976997 (1.1 GB)


cat /etc/network/interfaces



~$ cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).


source /etc/network/interfaces.d/*


# The loopback network interface
auto lo
iface lo inet loopback


# The primary network interface - Internal
auto enp3s0
iface enp3s0 inet static
address 10.0.35.115
netmask 255.0.0.0
network 10.0.0.0
broadcast 10.255.255.255
# gateway 10.1.10.102
# # dns-* options are implemented by the resolvconf package, if installed
# dns-nameservers 10.1.10.102
metric 20


# The secondary network interface - External
auto enp29s0
iface enp29s0 inet static
address #.#.#.#
netmask 255.255.255.248
# network #.#.#.#
# broadcast #.#.#.#
gateway #.#.#.#
dns-nameservers 8.8.8.8 8.8.4.4
metric 10


#auto enp6s0
iface enp6s0 inet manual


/etc/resolv.conf



~$ ls -la /etc/resolv.conf
lrwxrwxrwx 1 root root 27 Oct 14 01:46 /etc/resolv.conf -> /run/resolvconf/resolv.conf


~$ cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 8.8.8.8
nameserver 8.8.4.4


But nmcli didn't show any DNS configured:
nmcli



~$ nmcli dev show | grep 'DNS'

~$ nmcli dev show | grep 'IP4'
IP4.ADDRESS[1]: #.#.#.#/29
IP4.GATEWAY: #.#.#.#


What i did:




  • several times restarted server.


  • several times restarted systemd-resolved, NetworkManager.


  • comment and uncomment "dns=dnsmasq" in /etc/NetworkManager/NetworkManager.conf (with restart service and server).


  • found advice about switch off DNSSEC, but as i found it's already switched off.


  • made /etc/resolv.conf static file (not symbolic link), get back to symbolic link - all with restarts.



Nothing of this helps...



Today 16 Oct



Today I've made 'apt update' and 'apt upgrade' with some trick: changed in /etc/apt/source.list domains names to their ip addresses. So system updated and become 16.04.3.
It doesn't help.



/etc/nsswitch.conf



Remove some settings for "hosts" and leave minimal values.



~$ cat /etc/nsswitch.conf
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.

passwd: compat
group: compat
shadow: compat
gshadow: files

#hosts: files mdns4_minimal [NOTFOUND=return] dns
hosts: files dns
networks: files

protocols: db files
services: db files
ethers: db files
rpc: db files

netgroup: nis


nslookup on custom DNS server



This thing finally drives me crazy. I run nslookup on custom DNS server...



~$ nslookup yandex.ru 208.67.222.222
;; connection timed out; no servers could be reached


tcpdump on 53 port



...check tcpdump - it was showing too much records with "bad udp cksum"...



~# sudo tcpdump -vvv -B 4096 -i enp29s0 host 208.67.222.222 and port 53
tcpdump: listening on enp29s0, link-type EN10MB (Ethernet), capture size 262144 bytes
16:01:57.043326 IP (tos 0x0, ttl 64, id 30657, offset 0, flags [none], proto UDP (17), length 55)
#.#.#.#.55778 > 208.67.222.222.domain: [bad udp cksum 0x445e -> 0x6d74!] 47660+ A? yandex.ru. (27)


ethtool



...execute ethtool to avoid such records...



~$ sudo ethtool --offload enp29s0 rx off tx off
Actual changes:
rx-checksumming: off
tx-checksumming: off
tx-checksum-ipv4: off
tcp-segmentation-offload: off
tx-tcp-segmentation: off [requested on]
tx-tcp-ecn-segmentation: off [requested on]


...and check tcpdump again:



~# cat tcpdump.log
15:26:08.451181 IP (tos 0x0, ttl 64, id 65257, offset 0, flags [none], proto UDP (17), length 55)
#.#.#.#.54228 > 208.67.222.222.domain: [udp sum ok] 23065+ A? yandex.ru. (27)
15:26:08.498299 IP (tos 0x0, ttl 57, id 4778, offset 0, flags [DF], proto UDP (17), length 119)
208.67.222.222.domain > #.#.#.#.54228: [udp sum ok] 23065 q: A? yandex.ru. 4/0/0 yandex.ru. [4m4s] A 77.88.55.80, yandex.ru. [4m4s] A 5.255.255.80, yandex.ru. [4m4s] A 77.88.55.50, yandex.ru. [4m4s] A 5.255.255.60 (91)
15:26:13.451133 IP (tos 0x0, ttl 64, id 537, offset 0, flags [none], proto UDP (17), length 55)
#.#.#.#.54228 > 208.67.222.222.domain: [udp sum ok] 23065+ A? yandex.ru. (27)
15:26:13.498225 IP (tos 0x0, ttl 57, id 5523, offset 0, flags [DF], proto UDP (17), length 119)
208.67.222.222.domain > #.#.#.#.54228: [udp sum ok] 23065 q: A? yandex.ru. 4/0/0 yandex.ru. [3m59s] A 5.255.255.80, yandex.ru. [3m59s] A 77.88.55.50, yandex.ru. [3m59s] A 5.255.255.60, yandex.ru. [3m59s] A 77.88.55.80 (91)
15:26:18.451231 IP (tos 0x0, ttl 64, id 1389, offset 0, flags [none], proto UDP (17), length 55)
#.#.#.#.54228 > 208.67.222.222.domain: [udp sum ok] 23065+ A? yandex.ru. (27)
15:26:18.498305 IP (tos 0x0, ttl 57, id 6088, offset 0, flags [DF], proto UDP (17), length 119)
208.67.222.222.domain > #.#.#.#.54228: [udp sum ok] 23065 q: A? yandex.ru. 4/0/0 yandex.ru. [3m54s] A 77.88.55.50, yandex.ru. [3m54s] A 5.255.255.60, yandex.ru. [3m54s] A 77.88.55.80, yandex.ru. [3m54s] A 5.255.255.80 (91)


So it seems that Ubuntu works well with DNS server, sending request, getting answers. But somehow cannot parse this answer...



For now I have no any more ideas how to get DNS resolving back to work.



Am I did all right, or something was not, and what else I can do to make it work?



Upd 17 Oct:



ip route output:



~$ ip route
default via x.x.x.41 dev enp29s0 metric 10 onlink
10.0.0.0/8 dev enp3s0 proto kernel scope link src 10.0.35.115
x.x.x.40/29 dev enp29s0 proto kernel scope link src x.x.x.42
169.254.0.0/16 dev enp3s0 scope link metric 1000

~$ ip route get 8.8.8.8
8.8.8.8 via x.x.x.41 dev enp29s0 src x.x.x.42
cache


traceroute to Google DNS:



~$ traceroute 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets
1 x.x.x.41 (x.x.x.41) 1.413 ms 1.404 ms 1.420 ms
2 89.221.63.15 (89.221.63.15) 3.451 ms 3.473 ms 3.463 ms
3 195.208.208.232 (195.208.208.232) 3.360 ms 2.851 ms 2.843 ms
4 108.170.250.129 (108.170.250.129) 3.582 ms 108.170.250.97 (108.170.250.97) 4.029 ms 108.170.250.33 (108.170.250.33) 3.737 ms
5 108.170.226.91 (108.170.226.91) 3.679 ms 66.249.94.195 (66.249.94.195) 4.103 ms 108.170.227.65 (108.170.227.65) 3.828 ms
6 8.8.8.8 (8.8.8.8) 4.506 ms 3.786 ms 3.979 ms


x.x.x.42 - server address.



x.x.x.40 and x.x.x.41 - "x" is the same as in server address.







16.04 networking network-manager dns resolv.conf






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Oct 17 '17 at 7:15







Shniperson

















asked Oct 16 '17 at 13:39









ShnipersonShniperson

3115




3115








  • 1





    What is the route used by your machine to access 8.8.8.8, the Google DNS server ? What is the response of ip route?

    – Jaime
    Oct 16 '17 at 15:11











  • @Jaime updated question with traceroute and ip route output.

    – Shniperson
    Oct 17 '17 at 7:13











  • The routes look ok. -- what happened when you use nslookup using the Google DNS in the command line ? It does not work ? -- have you tried to set the Google DNS in both interfaces at /etc/network/interfaces ?

    – Jaime
    Oct 17 '17 at 20:57











  • @Jaime Found the problem. See my own answer. Thanks!

    – Shniperson
    Oct 20 '17 at 9:06














  • 1





    What is the route used by your machine to access 8.8.8.8, the Google DNS server ? What is the response of ip route?

    – Jaime
    Oct 16 '17 at 15:11











  • @Jaime updated question with traceroute and ip route output.

    – Shniperson
    Oct 17 '17 at 7:13











  • The routes look ok. -- what happened when you use nslookup using the Google DNS in the command line ? It does not work ? -- have you tried to set the Google DNS in both interfaces at /etc/network/interfaces ?

    – Jaime
    Oct 17 '17 at 20:57











  • @Jaime Found the problem. See my own answer. Thanks!

    – Shniperson
    Oct 20 '17 at 9:06








1




1





What is the route used by your machine to access 8.8.8.8, the Google DNS server ? What is the response of ip route?

– Jaime
Oct 16 '17 at 15:11





What is the route used by your machine to access 8.8.8.8, the Google DNS server ? What is the response of ip route?

– Jaime
Oct 16 '17 at 15:11













@Jaime updated question with traceroute and ip route output.

– Shniperson
Oct 17 '17 at 7:13





@Jaime updated question with traceroute and ip route output.

– Shniperson
Oct 17 '17 at 7:13













The routes look ok. -- what happened when you use nslookup using the Google DNS in the command line ? It does not work ? -- have you tried to set the Google DNS in both interfaces at /etc/network/interfaces ?

– Jaime
Oct 17 '17 at 20:57





The routes look ok. -- what happened when you use nslookup using the Google DNS in the command line ? It does not work ? -- have you tried to set the Google DNS in both interfaces at /etc/network/interfaces ?

– Jaime
Oct 17 '17 at 20:57













@Jaime Found the problem. See my own answer. Thanks!

– Shniperson
Oct 20 '17 at 9:06





@Jaime Found the problem. See my own answer. Thanks!

– Shniperson
Oct 20 '17 at 9:06










2 Answers
2






active

oldest

votes


















2














Finally I found the problem place: it was iptables issue.
I didn't remember where I change this rule, but all UDP packets were set to DROP:



iptables -A INPUT -p udp -i $EXT_INTERFACE -j DROP


Setting to ACCEPT resolve problem:



iptables -A INPUT -p udp -i $EXT_INTERFACE -j ACCEPT





share|improve this answer































    0














    After doing a apt update & apt upgrade my server (Ubuntu 16.04) was unable to resolve hosts as well.



    Quite annoying as it broke my delegate node's ability to generate blocks...



    Anyways. I stumbled upon this topic.



    Instead of accepting udp via iptables (I utilize ufw)...



    I used this command: sudo ufw reset to clear out previous rules.



    Then recreate my rules. I didn't have that many.



    Then sudo ufw enable to restart the firewall.



    Works again :)






    share|improve this answer








    New contributor




    MSwezey is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
    Check out our Code of Conduct.





















      Your Answer








      StackExchange.ready(function() {
      var channelOptions = {
      tags: "".split(" "),
      id: "89"
      };
      initTagRenderer("".split(" "), "".split(" "), channelOptions);

      StackExchange.using("externalEditor", function() {
      // Have to fire editor after snippets, if snippets enabled
      if (StackExchange.settings.snippets.snippetsEnabled) {
      StackExchange.using("snippets", function() {
      createEditor();
      });
      }
      else {
      createEditor();
      }
      });

      function createEditor() {
      StackExchange.prepareEditor({
      heartbeatType: 'answer',
      autoActivateHeartbeat: false,
      convertImagesToLinks: true,
      noModals: true,
      showLowRepImageUploadWarning: true,
      reputationToPostImages: 10,
      bindNavPrevention: true,
      postfix: "",
      imageUploader: {
      brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
      contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
      allowUrls: true
      },
      onDemand: true,
      discardSelector: ".discard-answer"
      ,immediatelyShowMarkdownHelp:true
      });


      }
      });














      draft saved

      draft discarded


















      StackExchange.ready(
      function () {
      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f965416%2fubuntu-16-04-cannot-resolve-hostnames%23new-answer', 'question_page');
      }
      );

      Post as a guest















      Required, but never shown

























      2 Answers
      2






      active

      oldest

      votes








      2 Answers
      2






      active

      oldest

      votes









      active

      oldest

      votes






      active

      oldest

      votes









      2














      Finally I found the problem place: it was iptables issue.
      I didn't remember where I change this rule, but all UDP packets were set to DROP:



      iptables -A INPUT -p udp -i $EXT_INTERFACE -j DROP


      Setting to ACCEPT resolve problem:



      iptables -A INPUT -p udp -i $EXT_INTERFACE -j ACCEPT





      share|improve this answer




























        2














        Finally I found the problem place: it was iptables issue.
        I didn't remember where I change this rule, but all UDP packets were set to DROP:



        iptables -A INPUT -p udp -i $EXT_INTERFACE -j DROP


        Setting to ACCEPT resolve problem:



        iptables -A INPUT -p udp -i $EXT_INTERFACE -j ACCEPT





        share|improve this answer


























          2












          2








          2







          Finally I found the problem place: it was iptables issue.
          I didn't remember where I change this rule, but all UDP packets were set to DROP:



          iptables -A INPUT -p udp -i $EXT_INTERFACE -j DROP


          Setting to ACCEPT resolve problem:



          iptables -A INPUT -p udp -i $EXT_INTERFACE -j ACCEPT





          share|improve this answer













          Finally I found the problem place: it was iptables issue.
          I didn't remember where I change this rule, but all UDP packets were set to DROP:



          iptables -A INPUT -p udp -i $EXT_INTERFACE -j DROP


          Setting to ACCEPT resolve problem:



          iptables -A INPUT -p udp -i $EXT_INTERFACE -j ACCEPT






          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Oct 20 '17 at 9:05









          ShnipersonShniperson

          3115




          3115

























              0














              After doing a apt update & apt upgrade my server (Ubuntu 16.04) was unable to resolve hosts as well.



              Quite annoying as it broke my delegate node's ability to generate blocks...



              Anyways. I stumbled upon this topic.



              Instead of accepting udp via iptables (I utilize ufw)...



              I used this command: sudo ufw reset to clear out previous rules.



              Then recreate my rules. I didn't have that many.



              Then sudo ufw enable to restart the firewall.



              Works again :)






              share|improve this answer








              New contributor




              MSwezey is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
              Check out our Code of Conduct.

























                0














                After doing a apt update & apt upgrade my server (Ubuntu 16.04) was unable to resolve hosts as well.



                Quite annoying as it broke my delegate node's ability to generate blocks...



                Anyways. I stumbled upon this topic.



                Instead of accepting udp via iptables (I utilize ufw)...



                I used this command: sudo ufw reset to clear out previous rules.



                Then recreate my rules. I didn't have that many.



                Then sudo ufw enable to restart the firewall.



                Works again :)






                share|improve this answer








                New contributor




                MSwezey is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                Check out our Code of Conduct.























                  0












                  0








                  0







                  After doing a apt update & apt upgrade my server (Ubuntu 16.04) was unable to resolve hosts as well.



                  Quite annoying as it broke my delegate node's ability to generate blocks...



                  Anyways. I stumbled upon this topic.



                  Instead of accepting udp via iptables (I utilize ufw)...



                  I used this command: sudo ufw reset to clear out previous rules.



                  Then recreate my rules. I didn't have that many.



                  Then sudo ufw enable to restart the firewall.



                  Works again :)






                  share|improve this answer








                  New contributor




                  MSwezey is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                  Check out our Code of Conduct.










                  After doing a apt update & apt upgrade my server (Ubuntu 16.04) was unable to resolve hosts as well.



                  Quite annoying as it broke my delegate node's ability to generate blocks...



                  Anyways. I stumbled upon this topic.



                  Instead of accepting udp via iptables (I utilize ufw)...



                  I used this command: sudo ufw reset to clear out previous rules.



                  Then recreate my rules. I didn't have that many.



                  Then sudo ufw enable to restart the firewall.



                  Works again :)







                  share|improve this answer








                  New contributor




                  MSwezey is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                  Check out our Code of Conduct.









                  share|improve this answer



                  share|improve this answer






                  New contributor




                  MSwezey is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                  Check out our Code of Conduct.









                  answered 6 hours ago









                  MSwezeyMSwezey

                  1012




                  1012




                  New contributor




                  MSwezey is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                  Check out our Code of Conduct.





                  New contributor





                  MSwezey is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                  Check out our Code of Conduct.






                  MSwezey is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                  Check out our Code of Conduct.






























                      draft saved

                      draft discarded




















































                      Thanks for contributing an answer to Ask Ubuntu!


                      • Please be sure to answer the question. Provide details and share your research!

                      But avoid



                      • Asking for help, clarification, or responding to other answers.

                      • Making statements based on opinion; back them up with references or personal experience.


                      To learn more, see our tips on writing great answers.




                      draft saved


                      draft discarded














                      StackExchange.ready(
                      function () {
                      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f965416%2fubuntu-16-04-cannot-resolve-hostnames%23new-answer', 'question_page');
                      }
                      );

                      Post as a guest















                      Required, but never shown





















































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown

































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown







                      Popular posts from this blog

                      Why do type traits not work with types in namespace scope?What are POD types in C++?Why can templates only be...

                      Will tsunami waves travel forever if there was no land?Why do tsunami waves begin with the water flowing away...

                      Simple Scan not detecting my scanner (Brother DCP-7055W)Brother MFC-L2700DW printer can print, can't...