[Solved] DNS works on IPV6, but not on IPV4

saturnalia0 · Tux's lil' helper Joined: 13 Oct 2016 Posts: 96

At my place I have a router that gives me an IPV4 address. My Gentoo PC works fine but my Gentoo laptop stopped resolving names. I visited my parents and tried connecting to their router, which gives me an IPV6 address, and presto, everything was back to normal (given that I added the IPV6 equivalents of my nameservers to /etc/resolv.conf). Then I tried another router in my parent's network, which sits behind the IPV6 one but which gives me an IPV4 address, and then again I can't resolve names (though if I boot a Gentoo LiveCD I can, so it's a configuration issue on my laptop and related to IPV4). Yes, I re-added the IPV4 addresses back to /etc/resolv.conf, and I also tried leaving the IPV6 ones. I can ping addresses just fine, I just can't resolve names. What could be causing this and how could I fix it?

I started a new thread because the old one was polluted with confusing and irrelevant Q&A until I accidentally found out the relation to IPV4/6, sorry if this should be posted there nevertheless.

My resolv.conf (IPV4):

eccerr0r · Posted: Sat Dec 31, 2016 5:29 am Post subject:

Does your IPV4 stack work? can you ping IP addresses or even the nameservers?

You can try running nslookup google.com and see if it reports something?

Also you could temporarily try using Google's DNS server 8.8.8.8 and see if it changes behavior?

I have a caching nameserver so 127.0.0.1 makes sense for me...
_________________
Intel Core i7 2700K@ 4.1GHz/HD3000 graphics/8GB DDR3/180GB SSD
What am I supposed watching?

saturnalia0 · Tux's lil' helper Joined: 13 Oct 2016 Posts: 96

eccerr0r · Posted: Wed Jan 04, 2017 5:23 pm Post subject:

You indeed have a very strange problem... mainly because it looks like it gives up on resolving the host without trying.

So all your ipv4 and ipv6 nameservers should be in /etc/resolv.conf, why you've split them I'm not sure.

Can you clear out your /etc/sysctl.conf and see what happens without it (may need reboot)?
_________________
Intel Core i7 2700K@ 4.1GHz/HD3000 graphics/8GB DDR3/180GB SSD
What am I supposed watching?

saturnalia0 · Tux's lil' helper Joined: 13 Oct 2016 Posts: 96

I found the issue after a hint from a user at unix.stackexchange.org, it's very silly actually. It was an iptables nat rule that I used in a previous tor config to prevent DNS leaks, found at the Gentoo wiki: https://wiki.gentoo.org/wiki/Tor#TORDNS_Resolver

I thought `iptables -F ; iptables -X` was enough to get rid of it (and `iptables -L` didn't display anything). IPV6 worked because there were no ip6tables rules for it. I added information to the Gentoo wiki on how to properly disable the iptables rules so other noobs like me don't go though the same trouble. I also mentioned ip6tables, might be worth it. Thanks everyone for the help.

Hu · Moderator Joined: 06 Mar 2007 Posts: 16462

Your iptables -F ; iptables -X flushed and deleted user chains from the target table, which by default would be table filter. It had no effect on any other tables, such as mangle, nat, raw, and security. If you want to see all your iptables rules, you either need to run iptables -L on each table individually or use iptables-save, which will show all of them by default.