Ubuntu DNS Lookup Failure
Your /etc/resolv.conf
should look like this:
### OPENDNS ###
nameserver 208.67.222.222
nameserver 208.67.220.220
### GOOGLE NS ###
#nameserver 8.8.8.8
#nameserver 8.8.4.4
Without the nameserver
keyword, the IP addresses on their own don't mean anything.
![Lee](https://i.stack.imgur.com/Hqpy1.png?s=256&g=1)
Lee
Updated on September 18, 2022Comments
-
Lee almost 2 years
Some one installed and configured ubuntu on a virtual machine hosted on a machine in our network. I've recently noticed that all DNS lookup's fail but i cant find a solution to this. I've tried a multitude of nameservers, edited the interfaces file 100's of times with suggestions from google but nothing works.
Below is some information and if someone has any idea's i would greatly appreciate it. Thanks
nslookup
administrator@redmine:~$ nslookup google.com ;; connection timed out; no servers could be reached administrator@redmine:~$ nslookup localhost ;; connection timed out; no servers could be reached
tcpdump of nslookup [takes 3 lookups to get any tcpdump output] - edited
administrator@redmine:~$ sudo tcpdump -vvv -i any port 53 tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size 96 bytes 10:26:51.965297 IP (tos 0x0, ttl 64, id 9167, offset 0, flags [none], proto UDP (17), length 56) 10.80.15.5.56365 > 208.67.222.222.domain: [bad udp cksum 988f!] 61133+ A? google.com. (28) 10:26:51.965595 IP (tos 0x0, ttl 64, id 25587, offset 0, flags [DF], proto UDP (17), length 73) 10.80.15.5.57551 > 208.67.222.222.domain: [bad udp cksum ff0c!] 9477+ PTR? 222.222.67.208.in-addr.arpa. (45) 10:26:52.965437 IP (tos 0x0, ttl 64, id 37960, offset 0, flags [none], proto UDP (17), length 56) 10.80.15.5.45006 > 208.67.220.220.domain: [bad udp cksum fbbf!] 61133+ A? google.com. (28) 10:26:56.967724 IP (tos 0x0, ttl 64, id 26087, offset 0, flags [DF], proto UDP (17), length 73) 10.80.15.5.38794 > 208.67.220.220.domain: [bad udp cksum 485a!] 9477+ PTR? 222.222.67.208.in-addr.arpa. (45) 10:26:57.965482 IP (tos 0x0, ttl 64, id 9168, offset 0, flags [none], proto UDP (17), length 56) 10.80.15.5.56365 > 208.67.222.222.domain: [bad udp cksum 988f!] 61133+ A? google.com. (28) 10:26:58.965605 IP (tos 0x0, ttl 64, id 37961, offset 0, flags [none], proto UDP (17), length 56) 10.80.15.5.45006 > 208.67.220.220.domain: [bad udp cksum fbbf!] 61133+ A? google.com. (28) 10:27:01.972798 IP (tos 0x0, ttl 64, id 25588, offset 0, flags [DF], proto UDP (17), length 73) 10.80.15.5.57551 > 208.67.222.222.domain: [bad udp cksum ff0c!] 9477+ PTR? 222.222.67.208.in-addr.arpa. (45) 10:27:03.965726 IP (tos 0x0, ttl 64, id 9169, offset 0, flags [none], proto UDP (17), length 56) 10.80.15.5.56365 > 208.67.222.222.domain: [bad udp cksum 988f!] 61133+ A? google.com. (28) 10:27:04.965844 IP (tos 0x0, ttl 64, id 37962, offset 0, flags [none], proto UDP (17), length 56) 10.80.15.5.45006 > 208.67.220.220.domain: [bad udp cksum fbbf!] 61133+ A? google.com. (28) 10:27:06.974911 IP (tos 0x0, ttl 64, id 26088, offset 0, flags [DF], proto UDP (17), length 73) 10.80.15.5.38794 > 208.67.220.220.domain: [bad udp cksum 485a!] 9477+ PTR? 222.222.67.208.in-addr.arpa. (45) 10:27:11.255383 IP (tos 0x0, ttl 64, id 9170, offset 0, flags [none], proto UDP (17), length 56) 10.80.15.5.46416 > 208.67.222.222.domain: [bad udp cksum 1dab!] 64037+ A? google.com. (28) 10:27:11.980136 IP (tos 0x0, ttl 64, id 27588, offset 0, flags [DF], proto UDP (17), length 69) 10.80.15.5.41940 > 208.67.222.222.domain: [bad udp cksum 12f8!] 57952+ PTR? 5.15.80.10.in-addr.arpa. (41) 10:27:12.255497 IP (tos 0x0, ttl 64, id 37963, offset 0, flags [none], proto UDP (17), length 56) 10.80.15.5.34434 > 208.67.220.220.domain: [bad udp cksum efdd!] 64037+ A? google.com. (28) 10:27:16.983093 IP (tos 0x0, ttl 64, id 28089, offset 0, flags [DF], proto UDP (17), length 69) 10.80.15.5.33410 > 208.67.220.220.domain: [bad udp cksum 691d!] 57952+ PTR? 5.15.80.10.in-addr.arpa. (41) 10:27:17.255564 IP (tos 0x0, ttl 64, id 9171, offset 0, flags [none], proto UDP (17), length 56) 10.80.15.5.46416 > 208.67.222.222.domain: [bad udp cksum 1dab!] 64037+ A? google.com. (28) 10:27:18.255675 IP (tos 0x0, ttl 64, id 37964, offset 0, flags [none], proto UDP (17), length 56) 10.80.15.5.34434 > 208.67.220.220.domain: [bad udp cksum efdd!] 64037+ A? google.com. (28) 10:27:21.988171 IP (tos 0x0, ttl 64, id 27589, offset 0, flags [DF], proto UDP (17), length 69) 10.80.15.5.41940 > 208.67.222.222.domain: [bad udp cksum 12f8!] 57952+ PTR? 5.15.80.10.in-addr.arpa. (41) 10:27:23.255805 IP (tos 0x0, ttl 64, id 9172, offset 0, flags [none], proto UDP (17), length 56) 10.80.15.5.46416 > 208.67.222.222.domain: [bad udp cksum 1dab!] 64037+ A? google.com. (28) 10:27:24.255925 IP (tos 0x0, ttl 64, id 37965, offset 0, flags [none], proto UDP (17), length 56) 10.80.15.5.34434 > 208.67.220.220.domain: [bad udp cksum efdd!] 64037+ A? google.com. (28) 10:27:26.991768 IP (tos 0x0, ttl 64, id 28090, offset 0, flags [DF], proto UDP (17), length 69) 10.80.15.5.33410 > 208.67.220.220.domain: [bad udp cksum 691d!] 57952+ PTR? 5.15.80.10.in-addr.arpa. (41) 10:27:31.165191 IP (tos 0x0, ttl 64, id 9173, offset 0, flags [none], proto UDP (17), length 56) 10.80.15.5.47147 > 208.67.222.222.domain: [bad udp cksum 55b3!] 61202+ A? google.com. (28) 10:27:31.997034 IP (tos 0x0, ttl 64, id 29590, offset 0, flags [DF], proto UDP (17), length 73) 10.80.15.5.37414 > 208.67.222.222.domain: [bad udp cksum 3353!] 11646+ PTR? 220.220.67.208.in-addr.arpa. (45) 10:27:32.165303 IP (tos 0x0, ttl 64, id 37966, offset 0, flags [none], proto UDP (17), length 56) 10.80.15.5.57432 > 208.67.220.220.domain: [bad udp cksum 2c8f!] 61202+ A? google.com. (28) 10:27:36.999487 IP (tos 0x0, ttl 64, id 30090, offset 0, flags [DF], proto UDP (17), length 73) 10.80.15.5.34374 > 208.67.220.220.domain: [bad udp cksum 1763!] 11646+ PTR? 220.220.67.208.in-addr.arpa. (45) 10:27:37.165381 IP (tos 0x0, ttl 64, id 9174, offset 0, flags [none], proto UDP (17), length 56) 10.80.15.5.47147 > 208.67.222.222.domain: [bad udp cksum 55b3!] 61202+ A? google.com. (28) 10:27:38.165507 IP (tos 0x0, ttl 64, id 37967, offset 0, flags [none], proto UDP (17), length 56) 10.80.15.5.57432 > 208.67.220.220.domain: [bad udp cksum 2c8f!] 61202+ A? google.com. (28) 10:27:42.004572 IP (tos 0x0, ttl 64, id 29591, offset 0, flags [DF], proto UDP (17), length 73) 10.80.15.5.37414 > 208.67.222.222.domain: [bad udp cksum 3353!] 11646+ PTR? 220.220.67.208.in-addr.arpa. (45) 10:27:43.165623 IP (tos 0x0, ttl 64, id 9175, offset 0, flags [none], proto UDP (17), length 56) 10.80.15.5.47147 > 208.67.222.222.domain: [bad udp cksum 55b3!] 61202+ A? google.com. (28) 10:27:44.165729 IP (tos 0x0, ttl 64, id 37968, offset 0, flags [none], proto UDP (17), length 56) 10.80.15.5.57432 > 208.67.220.220.domain: [bad udp cksum 2c8f!] 61202+ A? google.com. (28) 10:27:47.009170 IP (tos 0x0, ttl 64, id 30091, offset 0, flags [DF], proto UDP (17), length 73) 10.80.15.5.34374 > 208.67.220.220.domain: [bad udp cksum 1763!] 11646+ PTR? 220.220.67.208.in-addr.arpa. (45)
/etc/hosts
administrator@redmine:~$ cat /etc/hosts 127.0.0.1 localhost localhost.localdomain redmine redmine.hiddendomain.com
/etc/resolv.conf
administrator@redmine:~$ cat /etc/resolv.conf ### OPENDNS ### nameserver 208.67.222.222 nameserver 208.67.220.220 ### GOOGLE NS ### #nameserver 8.8.8.8 #nameserver 8.8.4.4
/etc/network/interfaces
administrator@redmine:~$ cat /etc/network/interfaces # This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). # The loopback network interface auto lo iface lo inet loopback #The primary network auto eth0 iface eth0 inet static address 10.80.15.5 netmask 255.255.255.0 network 10.80.15.0 broadcast 10.80.15.255 gateway 10.80.15.254 ## Try this just in case resolv.conf isn't being read properly dns-nameserver 8.8.8.8
/etc/nsswitch.conf
cat /etc/nsswitch.conf # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc-reference' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. passwd: compat group: compat shadow: compat hosts: files dns networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: nis
/etc/host.conf
multi on
i CAN however telnet, so its not a firewall (but you already knew that from the tcpdump)
administrator@redmine:~$ telnet 8.8.8.8 53 Trying 8.8.8.8... Connected to 8.8.8.8. Escape character is '^]'. Connection closed by foreign host.
Update: Thanks to ladadada* for spotting my silly mistake. However now im back to my original problem. Its using the correct DNS server (as youc an see from the tcpdump) however nslookup/dig still say no servers could be reached. I have tested and i can telnet on port 53 to both opendns server's. One weird thing is that i have to run nslookup 3 times before i got any output from tcpdump, the first 2 lookups didnt output nothing via tcpdump (not sure if thats relevant).
Once again, any help, advice, e.c.t. would be appreciated.
-
Lee about 12 yearsGood spot, can't believe i did that. However now it's using the dns server from resolv, connecting takes ages (reverse dns failure no doubt) and still nslookup fails. This was the original issue (as you can see i tested with google servers before opendns). But at least you've stopped me looking at false positives. I will update the thread after a little more investigation. Thanks again!
-
Lee about 12 yearsHi ladadadada, ive updated the above post with new tcpdump info and some more information at the bottom. If you have any idea's that would be great.
-
Ladadadada about 12 yearsI see requests there but no responses. Sounds like a firewall but not on your box (because
tcpdump
attaches outside the firewall on the box). You should contact your hosting provider and ask them why DNS requests (or responses) are being blocked. Note thattelnet
is not a valid test because it works on TCP and DNS works on UDP.dig @8.8.8.8 example.com
is a valid test. -
Lee about 12 yearsah we do have an outsourced networking company. i'll send them a message. thanks for that, could you explain how you know there isnt a response. I'm pretty new to working with tcpdump
-
Ladadadada about 12 yearsCertainly. Every tcpdump output line for IP packets has two IP addresses, the source and the destination. The source is always on the left and the destination on the right. In your sample dump, all the IP addresses on the left are
10.80.15.5
and all the ones on the right are from OpenDNS. When you get a response, the OpenDNS IP address will be on the left and yours will be on the right. tcpdump can also print out other types of packets that are not IP but that's an advanced topic. Your sample covers 54 seconds which is more than long enough to expect a response to arrive. -
Lee about 12 yearsAh seems obvious now, i guess it comes with experience and knowing what to look for. Thanks for that, i'll have to play with tcpdump some more. At least i learned something new from the whole ordeal. Thanks once again for your help :)