Ubuntu DNS Lookup Failure

internal-dns linux ubuntu domain-name-system nslookup
21,491

Your /etc/resolv.conf should look like this:

### OPENDNS ###
nameserver 208.67.222.222
nameserver 208.67.220.220

### GOOGLE NS ###
#nameserver 8.8.8.8
#nameserver 8.8.4.4

Without the nameserver keyword, the IP addresses on their own don't mean anything.

Share:
21,491
Lee
Author by

Lee

Updated on September 18, 2022

Comments

  • Lee
    Lee almost 2 years

    Some one installed and configured ubuntu on a virtual machine hosted on a machine in our network. I've recently noticed that all DNS lookup's fail but i cant find a solution to this. I've tried a multitude of nameservers, edited the interfaces file 100's of times with suggestions from google but nothing works.

    Below is some information and if someone has any idea's i would greatly appreciate it. Thanks

    nslookup

    administrator@redmine:~$ nslookup google.com
;; connection timed out; no servers could be reached

administrator@redmine:~$ nslookup localhost
;; connection timed out; no servers could be reached

    tcpdump of nslookup [takes 3 lookups to get any tcpdump output] - edited

        administrator@redmine:~$ sudo tcpdump -vvv -i any port 53
tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size 96 bytes
10:26:51.965297 IP (tos 0x0, ttl 64, id 9167, offset 0, flags [none], proto UDP (17), length 56)
    10.80.15.5.56365 > 208.67.222.222.domain: [bad udp cksum 988f!] 61133+ A? google.com. (28)
10:26:51.965595 IP (tos 0x0, ttl 64, id 25587, offset 0, flags [DF], proto UDP (17), length 73)
    10.80.15.5.57551 > 208.67.222.222.domain: [bad udp cksum ff0c!] 9477+ PTR? 222.222.67.208.in-addr.arpa. (45)
10:26:52.965437 IP (tos 0x0, ttl 64, id 37960, offset 0, flags [none], proto UDP (17), length 56)
    10.80.15.5.45006 > 208.67.220.220.domain: [bad udp cksum fbbf!] 61133+ A? google.com. (28)
10:26:56.967724 IP (tos 0x0, ttl 64, id 26087, offset 0, flags [DF], proto UDP (17), length 73)
    10.80.15.5.38794 > 208.67.220.220.domain: [bad udp cksum 485a!] 9477+ PTR? 222.222.67.208.in-addr.arpa. (45)
10:26:57.965482 IP (tos 0x0, ttl 64, id 9168, offset 0, flags [none], proto UDP (17), length 56)
    10.80.15.5.56365 > 208.67.222.222.domain: [bad udp cksum 988f!] 61133+ A? google.com. (28)
10:26:58.965605 IP (tos 0x0, ttl 64, id 37961, offset 0, flags [none], proto UDP (17), length 56)
    10.80.15.5.45006 > 208.67.220.220.domain: [bad udp cksum fbbf!] 61133+ A? google.com. (28)
10:27:01.972798 IP (tos 0x0, ttl 64, id 25588, offset 0, flags [DF], proto UDP (17), length 73)
    10.80.15.5.57551 > 208.67.222.222.domain: [bad udp cksum ff0c!] 9477+ PTR? 222.222.67.208.in-addr.arpa. (45)
10:27:03.965726 IP (tos 0x0, ttl 64, id 9169, offset 0, flags [none], proto UDP (17), length 56)
    10.80.15.5.56365 > 208.67.222.222.domain: [bad udp cksum 988f!] 61133+ A? google.com. (28)
10:27:04.965844 IP (tos 0x0, ttl 64, id 37962, offset 0, flags [none], proto UDP (17), length 56)
    10.80.15.5.45006 > 208.67.220.220.domain: [bad udp cksum fbbf!] 61133+ A? google.com. (28)
10:27:06.974911 IP (tos 0x0, ttl 64, id 26088, offset 0, flags [DF], proto UDP (17), length 73)
    10.80.15.5.38794 > 208.67.220.220.domain: [bad udp cksum 485a!] 9477+ PTR? 222.222.67.208.in-addr.arpa. (45)
10:27:11.255383 IP (tos 0x0, ttl 64, id 9170, offset 0, flags [none], proto UDP (17), length 56)
    10.80.15.5.46416 > 208.67.222.222.domain: [bad udp cksum 1dab!] 64037+ A? google.com. (28)
10:27:11.980136 IP (tos 0x0, ttl 64, id 27588, offset 0, flags [DF], proto UDP (17), length 69)
    10.80.15.5.41940 > 208.67.222.222.domain: [bad udp cksum 12f8!] 57952+ PTR? 5.15.80.10.in-addr.arpa. (41)
10:27:12.255497 IP (tos 0x0, ttl 64, id 37963, offset 0, flags [none], proto UDP (17), length 56)
    10.80.15.5.34434 > 208.67.220.220.domain: [bad udp cksum efdd!] 64037+ A? google.com. (28)
10:27:16.983093 IP (tos 0x0, ttl 64, id 28089, offset 0, flags [DF], proto UDP (17), length 69)
    10.80.15.5.33410 > 208.67.220.220.domain: [bad udp cksum 691d!] 57952+ PTR? 5.15.80.10.in-addr.arpa. (41)
10:27:17.255564 IP (tos 0x0, ttl 64, id 9171, offset 0, flags [none], proto UDP (17), length 56)
    10.80.15.5.46416 > 208.67.222.222.domain: [bad udp cksum 1dab!] 64037+ A? google.com. (28)
10:27:18.255675 IP (tos 0x0, ttl 64, id 37964, offset 0, flags [none], proto UDP (17), length 56)
    10.80.15.5.34434 > 208.67.220.220.domain: [bad udp cksum efdd!] 64037+ A? google.com. (28)
10:27:21.988171 IP (tos 0x0, ttl 64, id 27589, offset 0, flags [DF], proto UDP (17), length 69)
    10.80.15.5.41940 > 208.67.222.222.domain: [bad udp cksum 12f8!] 57952+ PTR? 5.15.80.10.in-addr.arpa. (41)
10:27:23.255805 IP (tos 0x0, ttl 64, id 9172, offset 0, flags [none], proto UDP (17), length 56)
    10.80.15.5.46416 > 208.67.222.222.domain: [bad udp cksum 1dab!] 64037+ A? google.com. (28)
10:27:24.255925 IP (tos 0x0, ttl 64, id 37965, offset 0, flags [none], proto UDP (17), length 56)
    10.80.15.5.34434 > 208.67.220.220.domain: [bad udp cksum efdd!] 64037+ A? google.com. (28)
10:27:26.991768 IP (tos 0x0, ttl 64, id 28090, offset 0, flags [DF], proto UDP (17), length 69)
    10.80.15.5.33410 > 208.67.220.220.domain: [bad udp cksum 691d!] 57952+ PTR? 5.15.80.10.in-addr.arpa. (41)
10:27:31.165191 IP (tos 0x0, ttl 64, id 9173, offset 0, flags [none], proto UDP (17), length 56)
    10.80.15.5.47147 > 208.67.222.222.domain: [bad udp cksum 55b3!] 61202+ A? google.com. (28)
10:27:31.997034 IP (tos 0x0, ttl 64, id 29590, offset 0, flags [DF], proto UDP (17), length 73)
    10.80.15.5.37414 > 208.67.222.222.domain: [bad udp cksum 3353!] 11646+ PTR? 220.220.67.208.in-addr.arpa. (45)
10:27:32.165303 IP (tos 0x0, ttl 64, id 37966, offset 0, flags [none], proto UDP (17), length 56)
    10.80.15.5.57432 > 208.67.220.220.domain: [bad udp cksum 2c8f!] 61202+ A? google.com. (28)
10:27:36.999487 IP (tos 0x0, ttl 64, id 30090, offset 0, flags [DF], proto UDP (17), length 73)
    10.80.15.5.34374 > 208.67.220.220.domain: [bad udp cksum 1763!] 11646+ PTR? 220.220.67.208.in-addr.arpa. (45)
10:27:37.165381 IP (tos 0x0, ttl 64, id 9174, offset 0, flags [none], proto UDP (17), length 56)
    10.80.15.5.47147 > 208.67.222.222.domain: [bad udp cksum 55b3!] 61202+ A? google.com. (28)
10:27:38.165507 IP (tos 0x0, ttl 64, id 37967, offset 0, flags [none], proto UDP (17), length 56)
    10.80.15.5.57432 > 208.67.220.220.domain: [bad udp cksum 2c8f!] 61202+ A? google.com. (28)
10:27:42.004572 IP (tos 0x0, ttl 64, id 29591, offset 0, flags [DF], proto UDP (17), length 73)
    10.80.15.5.37414 > 208.67.222.222.domain: [bad udp cksum 3353!] 11646+ PTR? 220.220.67.208.in-addr.arpa. (45)
10:27:43.165623 IP (tos 0x0, ttl 64, id 9175, offset 0, flags [none], proto UDP (17), length 56)
    10.80.15.5.47147 > 208.67.222.222.domain: [bad udp cksum 55b3!] 61202+ A? google.com. (28)
10:27:44.165729 IP (tos 0x0, ttl 64, id 37968, offset 0, flags [none], proto UDP (17), length 56)
    10.80.15.5.57432 > 208.67.220.220.domain: [bad udp cksum 2c8f!] 61202+ A? google.com. (28)
10:27:47.009170 IP (tos 0x0, ttl 64, id 30091, offset 0, flags [DF], proto UDP (17), length 73)
    10.80.15.5.34374 > 208.67.220.220.domain: [bad udp cksum 1763!] 11646+ PTR? 220.220.67.208.in-addr.arpa. (45)

    /etc/hosts

    administrator@redmine:~$ cat /etc/hosts
127.0.0.1       localhost localhost.localdomain redmine redmine.hiddendomain.com

    /etc/resolv.conf

    administrator@redmine:~$ cat /etc/resolv.conf
### OPENDNS ###
nameserver 208.67.222.222
nameserver 208.67.220.220

### GOOGLE NS ###
#nameserver 8.8.8.8
#nameserver 8.8.4.4

    /etc/network/interfaces

    administrator@redmine:~$ cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

#The primary network
auto eth0
iface eth0 inet static
address 10.80.15.5
netmask 255.255.255.0
network 10.80.15.0
broadcast 10.80.15.255
gateway 10.80.15.254

## Try this just in case resolv.conf isn't being read properly
dns-nameserver 8.8.8.8

    /etc/nsswitch.conf

    cat /etc/nsswitch.conf
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.

passwd:         compat
group:          compat
shadow:         compat

hosts:          files dns
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis

    /etc/host.conf

    multi on

    i CAN however telnet, so its not a firewall (but you already knew that from the tcpdump)

    administrator@redmine:~$ telnet 8.8.8.8 53
Trying 8.8.8.8...
Connected to 8.8.8.8.
Escape character is '^]'.
Connection closed by foreign host.

    Update: Thanks to ladadada* for spotting my silly mistake. However now im back to my original problem. Its using the correct DNS server (as youc an see from the tcpdump) however nslookup/dig still say no servers could be reached. I have tested and i can telnet on port 53 to both opendns server's. One weird thing is that i have to run nslookup 3 times before i got any output from tcpdump, the first 2 lookups didnt output nothing via tcpdump (not sure if thats relevant).

    Once again, any help, advice, e.c.t. would be appreciated.

  • Lee
    Lee about 12 years
    Good spot, can't believe i did that. However now it's using the dns server from resolv, connecting takes ages (reverse dns failure no doubt) and still nslookup fails. This was the original issue (as you can see i tested with google servers before opendns). But at least you've stopped me looking at false positives. I will update the thread after a little more investigation. Thanks again!
  • Lee
    Lee about 12 years
    Hi ladadadada, ive updated the above post with new tcpdump info and some more information at the bottom. If you have any idea's that would be great.
  • Ladadadada
    Ladadadada about 12 years
    I see requests there but no responses. Sounds like a firewall but not on your box (because tcpdump attaches outside the firewall on the box). You should contact your hosting provider and ask them why DNS requests (or responses) are being blocked. Note that telnet is not a valid test because it works on TCP and DNS works on UDP. dig @8.8.8.8 example.com is a valid test.
  • Lee
    Lee about 12 years
    ah we do have an outsourced networking company. i'll send them a message. thanks for that, could you explain how you know there isnt a response. I'm pretty new to working with tcpdump
  • Ladadadada
    Ladadadada about 12 years
    Certainly. Every tcpdump output line for IP packets has two IP addresses, the source and the destination. The source is always on the left and the destination on the right. In your sample dump, all the IP addresses on the left are 10.80.15.5 and all the ones on the right are from OpenDNS. When you get a response, the OpenDNS IP address will be on the left and yours will be on the right. tcpdump can also print out other types of packets that are not IP but that's an advanced topic. Your sample covers 54 seconds which is more than long enough to expect a response to arrive.
  • Lee
    Lee about 12 years
    Ah seems obvious now, i guess it comes with experience and knowing what to look for. Thanks for that, i'll have to play with tcpdump some more. At least i learned something new from the whole ordeal. Thanks once again for your help :)

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

nslookup reported "can't resolve '(null)': Name does not resolve" though it successfully resolved the DNS names
Why does my domain resolve incorrectly on the server's network?
Bind9 SERVFAIL on Ubuntu 12.04 LTS
DNS Problems (NIGHTMARES!) with BIND and Virtualmin
Bind slave slow to update zones
How to get the DHCP-controlled DNS domain name for my Ubuntu machines in a Windows network?
How does an internal DNS server work in relation to our local servers and domain names?
How to setup equivalent USVIDEO.ORG DNS-Proxy on Linux
Bind 9.7.3 not forwarding to ISP DNS server (only local resolving successful)
Install Zimbra, can't use current hosts file