Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[Solved] Can't resolve names
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
saturnalia0
Tux's lil' helper
Tux's lil' helper


Joined: 13 Oct 2016
Posts: 95

PostPosted: Sun Dec 11, 2016 7:34 pm    Post subject: [Solved] Can't resolve names Reply with quote

Please refer to https://forums.gentoo.org/viewtopic-t-1056820.html for the solution.

After playing around with airmon-ng and tor my laptop can't resolve names all of the sudden. After rebooting it I can ping `8.8.8.8` and the like, but I can't resolve any names. `/etc/resolv.conf` reads

Code:

domain domain.name
nameserver 127.0.0.1
nameserver 8.8.8.8
nameserver 8.8.4.4


I also tried removing the first two lines and stopping dnsmasq (I also tired disabling the dnsmasq service and rebooting). I tried my ISPs nameservers also. I made sure wlp3s0 (my wireless interface) is in managed and not monitor mode (ifconfig wlp3s0 down ; iwconfig wlp3s0 mode managed; ifconfig wlp3s0 up, checked it reads Mode: Managed via ifconfig). I also tried removing it from promiscuous mode because I saw a message about it on /var/log/messages (via ifconfig wlp3s0 -promisc). nslookup google.com 8.8.8.8 says ;; connection timed out: no servers could be reached. I flushed all iptables rules and set all policies to ACCEPT. No other network related services are running. tor is not running, nothing aircrack-related is running (also used airmon-ng check kill). I can ping my nameservers.

I'm connecting to my wireless AP via wpa_supplicant and ip as I always have (I don't use DHCP). I also tried connecting to a different wireless AP that uses WEP instead of WPA via iwconfig and dhcpcd (as I have in the past and it used to work), to no avail. I check /etc/resolv.conf every time and every time it was correct. I tried rebooting an doing all from scratch several times, to no avail.

I have also tried enabling DHCP and using dhpcd, tried connecting to a *wired* interface, same issue occurs. Other devices connected to the same network (either wired or wireless) work just fine. I did not change the contents of nsswitch.conf: http://pastebin.com/gEqL5TRc... Not sure what to do next


Last edited by saturnalia0 on Thu Jan 05, 2017 9:40 am; edited 3 times in total
Back to top
View user's profile Send private message
lexflex
Guru
Guru


Joined: 05 Mar 2006
Posts: 359
Location: the Netherlands

PostPosted: Sun Dec 11, 2016 8:14 pm    Post subject: Reply with quote

Hi,

Unless you run your own local nameserver I would comment out the 127.0.0.1 line. (maybe also domain domain.name, what is that supposed to do ?).

Can you try 'dig' , since this should show if names are resolved, and also by what nameserver.
So:
Code:

dig gentoo.org

should give some more info.

Also ifconfig might help (depending on the actual problem).

Alex.
Back to top
View user's profile Send private message
saturnalia0
Tux's lil' helper
Tux's lil' helper


Joined: 13 Oct 2016
Posts: 95

PostPosted: Mon Dec 12, 2016 1:13 pm    Post subject: Reply with quote

I have dnsmasq, hence the localhost on /etc/resolv.conf. As I've mentioned I have tried disabling it and removing those lines.

I did try dig instead of nslookup, the results are the same (even with dig @8.8.8.8 gentoo.org): ";; connection timed out: no servers could be reached". As a reminder, I can ping 8.8.8.8 just fine.

I also ran `strace -e open dig @8.8.8.8 gentoo.org` and the last thing it does is open /etc/resolv.conf (successfully):

Code:

open("/etc/resolv.conf", O_RDONLY)      = 6


ifconfig when connected using wlp3s0:

Code:

enp0s25: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500                           
        ether 00:26:2d:fa:56:2f  txqueuelen 1000  (Ethernet)                   
        RX packets 0  bytes 0 (0.0 B)                                           
        RX errors 0  dropped 0  overruns 0  frame 0                             
        TX packets 0  bytes 0 (0.0 B)                                           
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0             
        device interrupt 20  memory 0xf2600000-f2620000                         
                                                                               
lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536                                   
        inet 127.0.0.1  netmask 255.0.0.0                                       
        inet6 ::1  prefixlen 128  scopeid 0x10<host>                           
        loop  txqueuelen 1  (Local Loopback)                                   
        RX packets 840  bytes 72288 (70.5 KiB)                                 
        RX errors 0  dropped 0  overruns 0  frame 0                             
        TX packets 840  bytes 72288 (70.5 KiB)                                 
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0             
                                                                               
wlp3s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500                   
        inet 192.168.25.11  netmask 255.255.255.0  broadcast 192.168.25.255     
        inet6 fe80::16ec:71f7:dcc5:f175  prefixlen 64  scopeid 0x20<link>       
        ether 00:07:c8:82:a2:96  txqueuelen 1000  (Ethernet)                   
        RX packets 6  bytes 568 (568.0 B)                                       
        RX errors 0  dropped 0  overruns 0  frame 0                             
        TX packets 24  bytes 4038 (3.9 KiB)                                     
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0             
                                                                   


Below is ifconfig from the computer I'm posting this from.

Code:

enp3s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.25.10  netmask 255.255.255.0  broadcast 192.168.25.255
        inet6 fe80::6ef0:49ff:fef7:734  prefixlen 64  scopeid 0x20<link>
        ether 6c:f0:49:f7:07:34  txqueuelen 1000  (Ethernet)
        RX packets 932765  bytes 1201480324 (1.1 GiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 385159  bytes 130490709 (124.4 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 1  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1  (Local Loopback)
        RX packets 18108  bytes 1071152 (1.0 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 18108  bytes 1071152 (1.0 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0


I thought there could be something to do with ipv6, so I tried disabling ipv6 (echo 1 > /proc/sys/net/ipv6/conf/eth0/disable_ipv6, also via sysctl) and bringing wlp3s0 down and up again (also brought down enp3s0 just to eliminate it from the output):

Code:

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536                                   
        inet 127.0.0.1  netmask 255.0.0.0                                       
        inet6 ::1  prefixlen 128  scopeid 0x10<host>                           
        loop  txqueuelen 1  (Local Loopback)                                   
        RX packets 2556  bytes 217478 (212.3 KiB)                               
        RX errors 0  dropped 0  overruns 0  frame 0                             
        TX packets 2556  bytes 217478 (212.3 KiB)                               
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0             
                                                                               
wlp3s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500                   
        inet 192.168.25.11  netmask 255.255.255.0  broadcast 192.168.25.255     
        ether 00:1a:25:cd:8f:aa  txqueuelen 1000  (Ethernet)                   
        RX packets 53  bytes 7704 (7.5 KiB)                                     
        RX errors 0  dropped 0  overruns 0  frame 0                             
        TX packets 109  bytes 23533 (22.9 KiB)                                 
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0


To no avail...

PS: I tried removing net-misc/tor and net-wireless/aircrack-ng via `emerge -c`, to no avail either.
Back to top
View user's profile Send private message
lexflex
Guru
Guru


Joined: 05 Mar 2006
Posts: 359
Location: the Netherlands

PostPosted: Mon Dec 12, 2016 3:08 pm    Post subject: Reply with quote

Hi,

Is there a chance that port 53 is fire-walled, is any traffic going out?

You can try tcpdump while trying to resolve something to see if the request leaves your machine (not eth in your case).
Code:

tcpdump -i eth0 port 53


Alex.
Back to top
View user's profile Send private message
saturnalia0
Tux's lil' helper
Tux's lil' helper


Joined: 13 Oct 2016
Posts: 95

PostPosted: Mon Dec 12, 2016 10:10 pm    Post subject: Reply with quote

I don't know how it could be firewalled. iptables -L reads:

Code:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination


Same for ip6tables. I do not have any other firewall that I know of. It is not firewalled in the router - other devices work just fine and I did not made any changes as of late.

tcpdump registers nothing when trying to ping a hostname (e.g. ping google.com while running the command you mentioned (using the correct interface)). The same command without the port specification also registers nothing, but does register the ICMP echos when pinging an IP directly, as expected.


Last edited by saturnalia0 on Tue Dec 13, 2016 9:00 am; edited 1 time in total
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 14180

PostPosted: Tue Dec 13, 2016 2:26 am    Post subject: Reply with quote

If tcpdump shows no traffic when you use ping, then (assuming you used the correct interface for tcpdump) no traffic was sent. The failure happened locally. To be sure we are examining the right problem, please post the exact tcpdump commands you tried, the exact ping command you ran and its output, the output of cat -n /etc/resolv.conf at the time you ran ping, and the output of ip route. I want to be sure that your failure is a name resolution failure and that your tcpdump monitored the interface that the DNS request would have been routed out.
Back to top
View user's profile Send private message
saturnalia0
Tux's lil' helper
Tux's lil' helper


Joined: 13 Oct 2016
Posts: 95

PostPosted: Tue Dec 13, 2016 9:15 am    Post subject: Reply with quote

Hu wrote:
If tcpdump shows no traffic when you use ping, then (assuming you used the correct interface for tcpdump) no traffic was sent. The failure happened locally. To be sure we are examining the right problem, please post the exact tcpdump commands you tried, the exact ping command you ran and its output, the output of cat -n /etc/resolv.conf at the time you ran ping, and the output of ip route. I want to be sure that your failure is a name resolution failure and that your tcpdump monitored the interface that the DNS request would have been routed out.


Sure thing. First, running tcpdump and pinging hostnames:

Code:

sula:~ ping gentoo.org
ping: unknown host gentoo.org
sula:~ ping google.com
ping: unknown host google.com


Code:

sula:~ tcpdump -i wlp3s0 port 53
dropped privs to tcpdump
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on wlp3s0, link-type EN10MB (Ethernet), capture size 262144 bytes
^C
0 packets captured
0 packets received by filter
0 packets dropped by kernel


The same thing happens when not specifying the port in tcpdump. Now tcpdump when pinging an IP address:

Code:

sula:~ ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=48 time=74.0 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=48 time=73.7 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=48 time=73.7 ms
^C
--- 8.8.8.8 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 73.708/73.810/74.012/0.344 ms


Code:

sula:~ tcpdump -i wlp3s0
dropped privs to tcpdump
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on wlp3s0, link-type EN10MB (Ethernet), capture size 262144 bytes
07:05:55.807483 IP 192.168.25.11 > 8.8.8.8: ICMP echo request, id 5903, seq 1, length 64
07:05:55.881446 IP 8.8.8.8 > 192.168.25.11: ICMP echo reply, id 5903, seq 1, length 64
07:05:56.808617 IP 192.168.25.11 > 8.8.8.8: ICMP echo request, id 5903, seq 2, length 64
07:05:56.882287 IP 8.8.8.8 > 192.168.25.11: ICMP echo reply, id 5903, seq 2, length 64
07:05:57.810421 IP 192.168.25.11 > 8.8.8.8: ICMP echo request, id 5903, seq 3, length 64
07:05:57.884089 IP 8.8.8.8 > 192.168.25.11: ICMP echo reply, id 5903, seq 3, length 64
^C
6 packets captured
6 packets received by filter
0 packets dropped by kernel


resolv.conf:

Code:

sula:~ cat -n /etc/resolv.conf
     1  #
     2  # /etc/resolv.conf.head can replace this line
     3  domain domain.name
     4  nameserver 127.0.0.1
     5  # GVT (my ISP)
     6  nameserver 200.175.89.139
     7  nameserver 200.175.5.139
     8  # OpenNIC
     9  #nameserver 31.171.155.107
    10  #nameserver 79.133.43.124
    11  # Google
    12  #nameserver 8.8.8.8
    13  #nameserver 8.8.4.4
    14  # /etc/resolv.conf.tail can replace this line


I also tried:

Code:

sula:~ echo 'nameserver 8.8.8.8'>/etc/resolv.conf
sula:~ echo 'nameserver 8.8.4.4'>>/etc/resolv.conf
sula:~ cat -n /etc/resolv.conf
     1  nameserver 8.8.8.8
     2  nameserver 8.8.4.4
sula:~ ping google.com
ping: unknown host google.com
sula:~ ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=48 time=73.9 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=48 time=75.4 ms
^C
--- 8.8.8.8 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 73.981/74.703/75.426/0.772 ms


Finally, ip route:

Code:

sula:~ ip route
default via 192.168.25.1 dev wlp3s0
169.254.0.0/16 dev wlp3s0  proto kernel  scope link  src 169.254.144.184  metric 304
192.168.25.0/24 dev wlp3s0  proto kernel  scope link  src 192.168.25.11


192.168.25.1 is my router and 192.168.25.11 is the troublesome computer.
Back to top
View user's profile Send private message
lexflex
Guru
Guru


Joined: 05 Mar 2006
Posts: 359
Location: the Netherlands

PostPosted: Tue Dec 13, 2016 2:38 pm    Post subject: Reply with quote

weird...

Is there anything in /etc/conf.d/net ?
I think that would be the place to define custom dns resolvers per interface.
Back to top
View user's profile Send private message
Jaglover
Watchman
Watchman


Joined: 29 May 2005
Posts: 7262
Location: Saint Amant, Acadiana

PostPosted: Tue Dec 13, 2016 3:04 pm    Post subject: Reply with quote

What's in /etc/nsswitch.conf ?
_________________
Please learn how to denote units correctly!
Back to top
View user's profile Send private message
saturnalia0
Tux's lil' helper
Tux's lil' helper


Joined: 13 Oct 2016
Posts: 95

PostPosted: Tue Dec 13, 2016 3:38 pm    Post subject: Reply with quote

/etc/conf.d/net

Code:

# Work                                                                         
#config_enp0s25="dhcp"                                                         
                                                                               
# Home                                                                         
config_enp0s25="192.168.25.11/24"                                               
routes_enp0s25="default via 192.168.25.1"


I didn't even remember that, so I tried removing it and rebooting, to no avail.

/etc/nsswitch.conf

Code:

# /etc/nsswitch.conf:                                                           
# $Header: /var/cvsroot/gentoo/src/patchsets/glibc/extra/etc/nsswitch.conf,v 1.1 2006/09/29 23:52:23 vapier Exp $
                                                                               
passwd:      compat                                                             
shadow:      compat                                                             
group:       compat                                                             
                                                                               
# passwd:    db files nis                                                       
# shadow:    db files nis                                                       
# group:     db files nis                                                       
                                                                               
hosts:       files dns                                                         
networks:    files dns                                                         
                                                                               
services:    db files                                                           
protocols:   db files                                                           
rpc:         db files                                                           
ethers:      db files                                                           
netmasks:    files                                                             
netgroup:    files                                                             
bootparams:  files                                                             
                                                                               
automount:   files                                                             
aliases:     files
Back to top
View user's profile Send private message
lexflex
Guru
Guru


Joined: 05 Mar 2006
Posts: 359
Location: the Netherlands

PostPosted: Tue Dec 13, 2016 4:23 pm    Post subject: Reply with quote

Hi,

saturnalia0 wrote:
/etc/conf.d/net
Code:

# Work                                                                         
#config_enp0s25="dhcp"                                                                                                                     
# Home                                                                         
config_enp0s25="192.168.25.11/24"                                               
routes_enp0s25="default via 192.168.25.1"


You can try to define dns servers in there per interface, like:
Code:
dns_servers_enp0s25=( "8.8.8.8" )


However, I am not sure why that whould be needed if resolve.conf is correct ( but you might want to try).
You have to restart the interfaces before any changes take effect.

Alex.
Back to top
View user's profile Send private message
khayyam
Watchman
Watchman


Joined: 07 Jun 2012
Posts: 6228
Location: Room 101

PostPosted: Tue Dec 13, 2016 5:34 pm    Post subject: Reply with quote

lexflex wrote:
You can try to define dns servers in there per interface, like:

Code:
dns_servers_enp0s25=( "8.8.8.8" )

However, I am not sure why that whould be needed if resolve.conf is correct ( but you might want to try).

lexflex ... bash arrays are depreciated (and so that should read dns_servers_enp0s25="8.8.8.8") but anyhow, I'm wondering why in the resolv.conf saturnalia0 provided above there is "nameserver 127.0.0.1", that shouldn't be there because wlp3s0 isn't configured with 'dhcp_wlp3s0="nodns"' and 'dns_servers_wlp3s0="127.0.0.1"' (or rather, it isn't configured at all). The fact that we are told that "I don't use DHCP", makes me wonder, becuase in absence of any configuration it will default to dhcp (and so aquire the nameserver and modify resolv.conf) ... something is wrong with that picture. I suspect that there are some crossed wires with the information provided, so to make things simpler, please, stop, and remove, enp0s25 from the runlevel, then add the following to /etc/conf.d/net:

Code:
modules_wlp3s0="!plug wpa_supplicant"
config_wlp3s0="192.168.25.11/24"
routes_wlp3s0="default via 192.168.25.1"
wpa_supplicant_wlp3s0="-Dnl80211 -qq"
dns_servers_wlp3s0="127.0.0.1"
enable_ipv6_wlp2s0="false"

(re-)start wlp3s0 and check /etc/resolv.conf only has 'nameserver 127.0.0.1', then test ip, ping, and dig/nslookup.

I'm also wondering why in the above 'ip route' wlp3s0 has both a class C address and a self-asigned APIPA address (169.x) ... is there something else in the runlevel (ie, NM or dhcpcd)?

HTH & best ... khay
Back to top
View user's profile Send private message
saturnalia0
Tux's lil' helper
Tux's lil' helper


Joined: 13 Oct 2016
Posts: 95

PostPosted: Mon Dec 19, 2016 9:32 pm    Post subject: Reply with quote

It seems that I have not been clear about what's going on.

- I can connect to my router both through the wireless interface (wlp3s0) and the wired one (enp0s25)
- I am connecting the same way I have always done, and it works just fine. There is no problem here.
- I can ping IPs just fine, as expected, but! I cannot resolve names. This is the problem.

Setup:

- I do not have a DHCP server set up on my router.
- I have dnsmasq running on my computer acting as a DNS server (cache), thus the localhost entry on /etc/resolv.conf
- I have tried disabling dnsmasq and removing that entry from resolv.conf, despite the fact that this setup has always worked for me
- Not that it matters, but I connect using the wireless interface manually:

Code:

ifconfig wlp3s0 down
macchanger -a wlp3s0
ifconfig wlp3s0 up
wpa_supplicant -iwlp3s0 -c/home/afh/.wpa_home &
ip addr add 192.168.25.11/24 broadcast 192.168.25.255 dev wlp3s0
ip route add default via 192.168.25.1


- The wired interface is brought up on boot. If I want to (re)connect to it later I use `rc-service net.enp3s25 restart`. I do not do the same for the wireless interface and nothing is done with it on boot. I use the aforementioned script (and some variations of it for other APs) and they work just fine. This is besides the point, I'm just clearing up what's going on.
- iptables is set to allow everything (ip6tables also), as mentioned in a previous post

Fun facts:

- Other devices on the same network resolve names just fine
- Connecting to other networks with the troublesome device does not solve the issue
- A LiveCD booted in the troublesome device can resolve names (using Google's DNS servers, which I can ping just fine!)

It must be **a configuration issue**, that appeared without me manually changing anything AFAIK. It has nothing to do with the way I connect to the wireless interface, it doesn't seem to have anything to do with dnsmasq, and it certainly doesn't have anything to do with DHCP.

Here is a tarball of my entire /etc except shadow- and the like (and /etc/ssl).

It's worth mentioning for the sake of avoiding further confusion that dnsmasq starts dhcpcd even if configured not to do so (see https://forums.gentoo.org/viewtopic-t-1052954.html - I wanted to disable this behavior but found no solution that didn't involve "don't use the scripts you want to use, do this instead!")... This is also besides the point as it has never presented any issues.
Back to top
View user's profile Send private message
saturnalia0
Tux's lil' helper
Tux's lil' helper


Joined: 13 Oct 2016
Posts: 95

PostPosted: Sun Dec 25, 2016 5:15 pm    Post subject: Reply with quote

Any ideas? I'm seriously considering reinstalling the whole system.
Back to top
View user's profile Send private message
Jaglover
Watchman
Watchman


Joined: 29 May 2005
Posts: 7262
Location: Saint Amant, Acadiana

PostPosted: Sun Dec 25, 2016 5:25 pm    Post subject: Reply with quote

Can you get to any nameserver? Like
Code:
dig @8.8.4.4

_________________
Please learn how to denote units correctly!
Back to top
View user's profile Send private message
saturnalia0
Tux's lil' helper
Tux's lil' helper


Joined: 13 Oct 2016
Posts: 95

PostPosted: Mon Dec 26, 2016 6:19 am    Post subject: Reply with quote

I put an IPV6 address on /etc/resolv.conf and it works again, put the same nameserver but IPV4 and it breaks again.

Now here's the thing: I connect to one router in network A and it works as above.

I connect to another router from the same network and it breaks as I have been explaining all along, putting an IPV6 address doesn't help.

I'm pretty sure my connection only works if my router is IPV6 but I have no idea how that works and what I should do about it.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum