Web lists-archives.com

Re: Can't find the DNS Servers




On Tue, Oct 03, 2017 at 04:47:35PM -0700, Gary Roach wrote:
> Symptoms: Any package that needs access to the network sends an error
> message indicating that it doesn't have access to the internet. Ping doesn't
> work for names but does for ip addresses. All ip addresses both local and
> global.

Show, don't tell.

Run some basic diagnostic commands and paste THE COMMANDS and their
output here.

For example,

wooledg:~$ ls -ld /etc/resolv.conf
-rw-r--r-- 1 root root 112 Aug 21 08:29 /etc/resolv.conf

^^ This shows whether resolv.conf is a regular file or a symlink.


wooledg:~$ cat /etc/resolv.conf
domain eeg.ccf.org
search eeg.ccf.org
nameserver 10.76.142.103
nameserver 10.76.142.42
nameserver 172.28.254.24

^^ This shows the CONTENT of resolv.conf, i.e. what the resolver library
inside libc will try to use.


wooledg:~$ ping -c 1 10.76.142.103
PING 10.76.142.103 (10.76.142.103) 56(84) bytes of data.
64 bytes from 10.76.142.103: icmp_seq=1 ttl=63 time=0.431 ms

--- 10.76.142.103 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms

^^ This shows that I can ping my nameserver and get a response.


wooledg:~$ host www.debian.org
www.debian.org has address 149.20.4.15
www.debian.org has address 128.31.0.62
www.debian.org has IPv6 address 2001:4f8:1:c::15

^^ This shows a DNS name resolution attempt using resolv.conf but not
libc's resolver.


wooledg:~$ getent hosts www.debian.org
2001:4f8:1:c::15 www.debian.org

^^ This shows a "regular" name lookup attempt using libc's resolver.


wooledg:~$ dig @10.76.142.103 www.debian.org

; <<>> DiG 9.10.3-P4-Debian <<>> @10.76.142.103 www.debian.org
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16916
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 3, ADDITIONAL: 6

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.debian.org.                        IN      A

;; ANSWER SECTION:
www.debian.org.         59      IN      A       128.31.0.62
www.debian.org.         59      IN      A       149.20.4.15

;; AUTHORITY SECTION:
www.debian.org.         28559   IN      NS      geo2.debian.org.
www.debian.org.         28559   IN      NS      geo3.debian.org.
www.debian.org.         28559   IN      NS      geo1.debian.org.

;; ADDITIONAL SECTION:
geo1.debian.org.        14775   IN      A       82.195.75.105
geo2.debian.org.        14775   IN      A       209.87.16.31
geo2.debian.org.        14775   IN      AAAA    2607:f8f0:614:1::1274:31
geo3.debian.org.        14775   IN      A       194.177.211.201
geo3.debian.org.        14775   IN      AAAA    2001:648:2ffc:deb::211:201

;; Query time: 0 msec
;; SERVER: 10.76.142.103#53(10.76.142.103)
;; WHEN: Wed Oct 04 08:29:27 EDT 2017
;; MSG SIZE  rcvd: 236

^^ This shows an explicit DNS name resolution attempt, specifying
the exact nameserver IP to use, and showing full details.


wooledg:~$ dig @8.8.8.8 www.debian.org

; <<>> DiG 9.10.3-P4-Debian <<>> @8.8.8.8 www.debian.org
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20704
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;www.debian.org.                        IN      A

;; ANSWER SECTION:
www.debian.org.         295     IN      A       149.20.4.15
www.debian.org.         295     IN      A       128.31.0.62

;; Query time: 19 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Wed Oct 04 08:32:59 EDT 2017
;; MSG SIZE  rcvd: 75

^^ This shows an explicit DNS name resolution attempt using Google's
public nameserver.


> In short, there doesn't seem to be any access to a name server. My believe
> that my Actiontec router at 192.168.1.1 also acts as a name server.

In your diagnostic command-and-response session, be sure to include
the results of your attempts to ping your nameserver by IP address,
and of performing a DNS lookup using that nameserver.  See examples
above.

In the event that one of the commands does not work as expected, it's
helpful to try alternatives.  E.g. if you can't do name resolutions
through 192.168.1.1 then try through 8.8.8.8.

Most plastic routers don't run their own nameserver; instead, they just
forward your DNS requests to your ISP's nameservers, which may or may
not be functional on any given day.  So, if 192.168.1.1 fails but
8.8.8.8 works, then you know you're going to need to go down the road
of changing what resolv.conf contains to something usable, a topic upon
which we've already had a massive discussion within this thread.

If both 192.168.1.1 and 8.8.8.8 fail, then you may be facing a firewall
or routing issue.