# [Solved] Can't resolve names

## saturnalia0

Please refer to https://forums.gentoo.org/viewtopic-t-1056820.html for the solution.

After playing around with airmon-ng and tor my laptop can't resolve names all of the sudden. After rebooting it I can ping `8.8.8.8` and the like, but I can't resolve any names. `/etc/resolv.conf` reads

```

domain domain.name

nameserver 127.0.0.1

nameserver 8.8.8.8

nameserver 8.8.4.4

```

I also tried removing the first two lines and stopping dnsmasq (I also tired disabling the dnsmasq service and rebooting). I tried my ISPs nameservers also. I made sure wlp3s0 (my wireless interface) is in managed and not monitor mode (ifconfig wlp3s0 down ; iwconfig wlp3s0 mode managed; ifconfig wlp3s0 up, checked it reads Mode: Managed via ifconfig). I also tried removing it from promiscuous mode because I saw a message about it on /var/log/messages (via ifconfig wlp3s0 -promisc). nslookup google.com 8.8.8.8 says ;; connection timed out: no servers could be reached. I flushed all iptables rules and set all policies to ACCEPT. No other network related services are running. tor is not running, nothing aircrack-related is running (also used airmon-ng check kill). I can ping my nameservers.

I'm connecting to my wireless AP via wpa_supplicant and ip as I always have (I don't use DHCP). I also tried connecting to a different wireless AP that uses WEP instead of WPA via iwconfig and dhcpcd (as I have in the past and it used to work), to no avail. I check /etc/resolv.conf every time and every time it was correct. I tried rebooting an doing all from scratch several times, to no avail.

I have also tried enabling DHCP and using dhpcd, tried connecting to a *wired* interface, same issue occurs. Other devices connected to the same network (either wired or wireless) work just fine. I did not change the contents of nsswitch.conf: http://pastebin.com/gEqL5TRc... Not sure what to do nextLast edited by saturnalia0 on Thu Jan 05, 2017 9:40 am; edited 3 times in total

----------

## lexflex

Hi, 

Unless you run your own local nameserver I would comment out the 127.0.0.1 line. (maybe also domain domain.name, what is that supposed to do ?).

Can you try 'dig' , since this should show if names are resolved, and also by what nameserver.

So:

```

dig gentoo.org

```

should give some more info.

Also ifconfig might help (depending on the actual problem).

Alex.

----------

## saturnalia0

I have dnsmasq, hence the localhost on /etc/resolv.conf. As I've mentioned I have tried disabling it and removing those lines.

I did try dig instead of nslookup, the results are the same (even with dig @8.8.8.8 gentoo.org): ";; connection timed out: no servers could be reached". As a reminder, I can ping 8.8.8.8 just fine.

I also ran `strace -e open dig @8.8.8.8 gentoo.org` and the last thing it does is open /etc/resolv.conf (successfully): 

```

open("/etc/resolv.conf", O_RDONLY)      = 6

```

ifconfig when connected using wlp3s0:

```

enp0s25: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500                           

        ether 00:26:2d:fa:56:2f  txqueuelen 1000  (Ethernet)                    

        RX packets 0  bytes 0 (0.0 B)                                           

        RX errors 0  dropped 0  overruns 0  frame 0                             

        TX packets 0  bytes 0 (0.0 B)                                           

        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0              

        device interrupt 20  memory 0xf2600000-f2620000                         

                                                                                

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536                                    

        inet 127.0.0.1  netmask 255.0.0.0                                       

        inet6 ::1  prefixlen 128  scopeid 0x10<host>                            

        loop  txqueuelen 1  (Local Loopback)                                    

        RX packets 840  bytes 72288 (70.5 KiB)                                  

        RX errors 0  dropped 0  overruns 0  frame 0                             

        TX packets 840  bytes 72288 (70.5 KiB)                                  

        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0              

                                                                                

wlp3s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500                    

        inet 192.168.25.11  netmask 255.255.255.0  broadcast 192.168.25.255     

        inet6 fe80::16ec:71f7:dcc5:f175  prefixlen 64  scopeid 0x20<link>       

        ether 00:07:c8:82:a2:96  txqueuelen 1000  (Ethernet)                    

        RX packets 6  bytes 568 (568.0 B)                                       

        RX errors 0  dropped 0  overruns 0  frame 0                             

        TX packets 24  bytes 4038 (3.9 KiB)                                     

        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0              

                                                                   

```

Below is ifconfig from the computer I'm posting this from.

```

enp3s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500

        inet 192.168.25.10  netmask 255.255.255.0  broadcast 192.168.25.255

        inet6 fe80::6ef0:49ff:fef7:734  prefixlen 64  scopeid 0x20<link>

        ether 6c:f0:49:f7:07:34  txqueuelen 1000  (Ethernet)

        RX packets 932765  bytes 1201480324 (1.1 GiB)

        RX errors 0  dropped 0  overruns 0  frame 0

        TX packets 385159  bytes 130490709 (124.4 MiB)

        TX errors 0  dropped 0 overruns 0  carrier 1  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536

        inet 127.0.0.1  netmask 255.0.0.0

        inet6 ::1  prefixlen 128  scopeid 0x10<host>

        loop  txqueuelen 1  (Local Loopback)

        RX packets 18108  bytes 1071152 (1.0 MiB)

        RX errors 0  dropped 0  overruns 0  frame 0

        TX packets 18108  bytes 1071152 (1.0 MiB)

        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

```

I thought there could be something to do with ipv6, so I tried disabling ipv6 (echo 1 > /proc/sys/net/ipv6/conf/eth0/disable_ipv6, also via sysctl) and bringing wlp3s0 down and up again (also brought down enp3s0 just to eliminate it from the output):

```

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536                                    

        inet 127.0.0.1  netmask 255.0.0.0                                       

        inet6 ::1  prefixlen 128  scopeid 0x10<host>                            

        loop  txqueuelen 1  (Local Loopback)                                    

        RX packets 2556  bytes 217478 (212.3 KiB)                               

        RX errors 0  dropped 0  overruns 0  frame 0                             

        TX packets 2556  bytes 217478 (212.3 KiB)                               

        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0              

                                                                                

wlp3s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500                    

        inet 192.168.25.11  netmask 255.255.255.0  broadcast 192.168.25.255     

        ether 00:1a:25:cd:8f:aa  txqueuelen 1000  (Ethernet)                    

        RX packets 53  bytes 7704 (7.5 KiB)                                     

        RX errors 0  dropped 0  overruns 0  frame 0                             

        TX packets 109  bytes 23533 (22.9 KiB)                                  

        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

```

To no avail...

PS: I tried removing net-misc/tor and net-wireless/aircrack-ng via `emerge -c`, to no avail either.

----------

## lexflex

Hi,

Is there a chance that port 53 is fire-walled, is any traffic going out? 

You can try tcpdump while trying to resolve something to see if the request leaves your machine (not eth in your case).

```

tcpdump -i eth0 port 53

```

Alex.

----------

## saturnalia0

I don't know how it could be firewalled. iptables -L reads:

```

Chain INPUT (policy ACCEPT)

target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)

target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)

target     prot opt source               destination

```

Same for ip6tables. I do not have any other firewall that I know of. It is not firewalled in the router - other devices work just fine and I did not made any changes as of late.

tcpdump registers nothing when trying to ping a hostname (e.g. ping google.com while running the command you mentioned (using the correct interface)). The same command without the port specification also registers nothing, but does register the ICMP echos when pinging an IP directly, as expected.Last edited by saturnalia0 on Tue Dec 13, 2016 9:00 am; edited 1 time in total

----------

## Hu

If tcpdump shows no traffic when you use ping, then (assuming you used the correct interface for tcpdump) no traffic was sent.  The failure happened locally.  To be sure we are examining the right problem, please post the exact tcpdump commands you tried, the exact ping command you ran and its output, the output of cat -n /etc/resolv.conf at the time you ran ping, and the output of ip route.  I want to be sure that your failure is a name resolution failure and that your tcpdump monitored the interface that the DNS request would have been routed out.

----------

## saturnalia0

 *Hu wrote:*   

> If tcpdump shows no traffic when you use ping, then (assuming you used the correct interface for tcpdump) no traffic was sent.  The failure happened locally.  To be sure we are examining the right problem, please post the exact tcpdump commands you tried, the exact ping command you ran and its output, the output of cat -n /etc/resolv.conf at the time you ran ping, and the output of ip route.  I want to be sure that your failure is a name resolution failure and that your tcpdump monitored the interface that the DNS request would have been routed out.

 

Sure thing. First, running tcpdump and pinging hostnames:

```

sula:~ ping gentoo.org

ping: unknown host gentoo.org

sula:~ ping google.com

ping: unknown host google.com

```

```

sula:~ tcpdump -i wlp3s0 port 53

dropped privs to tcpdump

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

listening on wlp3s0, link-type EN10MB (Ethernet), capture size 262144 bytes

^C

0 packets captured

0 packets received by filter

0 packets dropped by kernel

```

The same thing happens when not specifying the port in tcpdump. Now tcpdump when pinging an IP address:

```

sula:~ ping 8.8.8.8

PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.

64 bytes from 8.8.8.8: icmp_seq=1 ttl=48 time=74.0 ms

64 bytes from 8.8.8.8: icmp_seq=2 ttl=48 time=73.7 ms

64 bytes from 8.8.8.8: icmp_seq=3 ttl=48 time=73.7 ms

^C

--- 8.8.8.8 ping statistics ---

3 packets transmitted, 3 received, 0% packet loss, time 2002ms

rtt min/avg/max/mdev = 73.708/73.810/74.012/0.344 ms

```

```

sula:~ tcpdump -i wlp3s0

dropped privs to tcpdump

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

listening on wlp3s0, link-type EN10MB (Ethernet), capture size 262144 bytes

07:05:55.807483 IP 192.168.25.11 > 8.8.8.8: ICMP echo request, id 5903, seq 1, length 64

07:05:55.881446 IP 8.8.8.8 > 192.168.25.11: ICMP echo reply, id 5903, seq 1, length 64

07:05:56.808617 IP 192.168.25.11 > 8.8.8.8: ICMP echo request, id 5903, seq 2, length 64

07:05:56.882287 IP 8.8.8.8 > 192.168.25.11: ICMP echo reply, id 5903, seq 2, length 64

07:05:57.810421 IP 192.168.25.11 > 8.8.8.8: ICMP echo request, id 5903, seq 3, length 64

07:05:57.884089 IP 8.8.8.8 > 192.168.25.11: ICMP echo reply, id 5903, seq 3, length 64

^C

6 packets captured

6 packets received by filter

0 packets dropped by kernel

```

resolv.conf:

```

sula:~ cat -n /etc/resolv.conf

     1  #

     2  # /etc/resolv.conf.head can replace this line

     3  domain domain.name

     4  nameserver 127.0.0.1

     5  # GVT (my ISP)

     6  nameserver 200.175.89.139

     7  nameserver 200.175.5.139

     8  # OpenNIC

     9  #nameserver 31.171.155.107

    10  #nameserver 79.133.43.124

    11  # Google

    12  #nameserver 8.8.8.8

    13  #nameserver 8.8.4.4

    14  # /etc/resolv.conf.tail can replace this line

```

I also tried:

```

sula:~ echo 'nameserver 8.8.8.8'>/etc/resolv.conf

sula:~ echo 'nameserver 8.8.4.4'>>/etc/resolv.conf

sula:~ cat -n /etc/resolv.conf

     1  nameserver 8.8.8.8

     2  nameserver 8.8.4.4

sula:~ ping google.com

ping: unknown host google.com

sula:~ ping 8.8.8.8

PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.

64 bytes from 8.8.8.8: icmp_seq=1 ttl=48 time=73.9 ms

64 bytes from 8.8.8.8: icmp_seq=2 ttl=48 time=75.4 ms

^C

--- 8.8.8.8 ping statistics ---

2 packets transmitted, 2 received, 0% packet loss, time 1001ms

rtt min/avg/max/mdev = 73.981/74.703/75.426/0.772 ms

```

Finally, ip route:

```

sula:~ ip route

default via 192.168.25.1 dev wlp3s0 

169.254.0.0/16 dev wlp3s0  proto kernel  scope link  src 169.254.144.184  metric 304 

192.168.25.0/24 dev wlp3s0  proto kernel  scope link  src 192.168.25.11

```

192.168.25.1 is my router and 192.168.25.11 is the troublesome computer.

----------

## lexflex

weird...

Is there anything in /etc/conf.d/net ?

I think that would be the place to define custom dns resolvers per interface.

----------

## Jaglover

What's in /etc/nsswitch.conf ?

----------

## saturnalia0

/etc/conf.d/net

```

# Work                                                                          

#config_enp0s25="dhcp"                                                          

                                                                                

# Home                                                                          

config_enp0s25="192.168.25.11/24"                                               

routes_enp0s25="default via 192.168.25.1" 

```

I didn't even remember that, so I tried removing it and rebooting, to no avail.

/etc/nsswitch.conf

```

# /etc/nsswitch.conf:                                                           

# $Header: /var/cvsroot/gentoo/src/patchsets/glibc/extra/etc/nsswitch.conf,v 1.1 2006/09/29 23:52:23 vapier Exp $

                                                                                

passwd:      compat                                                             

shadow:      compat                                                             

group:       compat                                                             

                                                                                

# passwd:    db files nis                                                       

# shadow:    db files nis                                                       

# group:     db files nis                                                       

                                                                                

hosts:       files dns                                                          

networks:    files dns                                                          

                                                                                

services:    db files                                                           

protocols:   db files                                                           

rpc:         db files                                                           

ethers:      db files                                                           

netmasks:    files                                                              

netgroup:    files                                                              

bootparams:  files                                                              

                                                                                

automount:   files                                                              

aliases:     files 

```

----------

## lexflex

Hi,

 *saturnalia0 wrote:*   

> /etc/conf.d/net
> 
> ```
> 
> # Work                                                                          
> ...

 

You can try to define dns servers in there per interface, like:

```
dns_servers_enp0s25=( "8.8.8.8" )
```

However, I am not sure why that whould be needed if resolve.conf is correct ( but you might want to try).

You have to restart the interfaces before any changes take effect.

Alex.

----------

## khayyam

 *lexflex wrote:*   

> You can try to define dns servers in there per interface, like:
> 
> ```
> dns_servers_enp0s25=( "8.8.8.8" )
> ```
> ...

 

lexflex ... bash arrays are depreciated (and so that should read dns_servers_enp0s25="8.8.8.8") but anyhow, I'm wondering why in the resolv.conf saturnalia0 provided above there is "nameserver 127.0.0.1", that shouldn't be there because wlp3s0 isn't configured with 'dhcp_wlp3s0="nodns"' and 'dns_servers_wlp3s0="127.0.0.1"' (or rather, it isn't configured at all). The fact that we are told that "I don't use DHCP", makes me wonder, becuase in absence of any configuration it will default to dhcp (and so aquire the nameserver and modify resolv.conf) ... something is wrong with that picture. I suspect that there are some crossed wires with the information provided, so to make things simpler, please, stop, and remove, enp0s25 from the runlevel, then add the following to /etc/conf.d/net:

```
modules_wlp3s0="!plug wpa_supplicant"

config_wlp3s0="192.168.25.11/24"

routes_wlp3s0="default via 192.168.25.1"

wpa_supplicant_wlp3s0="-Dnl80211 -qq"

dns_servers_wlp3s0="127.0.0.1"

enable_ipv6_wlp2s0="false"
```

(re-)start wlp3s0 and check /etc/resolv.conf only has 'nameserver 127.0.0.1', then test ip, ping, and dig/nslookup.

I'm also wondering why in the above 'ip route' wlp3s0 has both a class C address and a self-asigned APIPA address (169.x) ... is there something else in the runlevel (ie, NM or dhcpcd)?

HTH & best ... khay

----------

## saturnalia0

It seems that I have not been clear about what's going on.

- I can connect to my router both through the wireless interface (wlp3s0) and the wired one (enp0s25)

- I am connecting the same way I have always done, and it works just fine. There is no problem here.

- I can ping IPs just fine, as expected, but! I cannot resolve names. This is the problem.

Setup:

- I do not have a DHCP server set up on my router.

- I have dnsmasq running on my computer acting as a DNS server (cache), thus the localhost entry on /etc/resolv.conf

- I have tried disabling dnsmasq and removing that entry from resolv.conf, despite the fact that this setup has always worked for me

- Not that it matters, but I connect using the wireless interface manually:

```

ifconfig wlp3s0 down

macchanger -a wlp3s0

ifconfig wlp3s0 up

wpa_supplicant -iwlp3s0 -c/home/afh/.wpa_home &

ip addr add 192.168.25.11/24 broadcast 192.168.25.255 dev wlp3s0

ip route add default via 192.168.25.1

```

- The wired interface is brought up on boot. If I want to (re)connect to it later I use `rc-service net.enp3s25 restart`. I do not do the same for the wireless interface and nothing is done with it on boot. I use the aforementioned script (and some variations of it for other APs) and they work just fine. This is besides the point, I'm just clearing up what's going on.

- iptables is set to allow everything (ip6tables also), as mentioned in a previous post

Fun facts:

- Other devices on the same network resolve names just fine

- Connecting to other networks with the troublesome device does not solve the issue

- A LiveCD booted in the troublesome device can resolve names (using Google's DNS servers, which I can ping just fine!)

It must be **a configuration issue**, that appeared without me manually changing anything AFAIK. It has nothing to do with the way I connect to the wireless interface, it doesn't seem to have anything to do with dnsmasq, and it certainly doesn't have anything to do with DHCP.

Here is a tarball of my entire /etc except shadow- and the like (and /etc/ssl).

It's worth mentioning for the sake of avoiding further confusion that dnsmasq starts dhcpcd even if configured not to do so (see https://forums.gentoo.org/viewtopic-t-1052954.html - I wanted to disable this behavior but found no solution that didn't involve "don't use the scripts you want to use, do this instead!")... This is also besides the point as it has never presented any issues.

----------

## saturnalia0

Any ideas? I'm seriously considering reinstalling the whole system.

----------

## Jaglover

Can you get to any nameserver? Like 

```
dig @8.8.4.4
```

----------

## saturnalia0

I put an IPV6 address on /etc/resolv.conf and it works again, put the same nameserver but IPV4 and it breaks again.

Now here's the thing: I connect to one router in network A and it works as above.

I connect to another router from the same network and it breaks as I have been explaining all along, putting an IPV6 address doesn't help.

I'm pretty sure my connection only works if my router is IPV6 but I have no idea how that works and what I should do about it.

----------

