# [Solved] DNS works on IPV6, but not on IPV4

## saturnalia0

At my place I have a router that gives me an IPV4 address. My Gentoo PC works fine but my Gentoo laptop stopped resolving names. I visited my parents and tried connecting to their router, which gives me an IPV6 address, and presto, everything was back to normal (given that I added the IPV6 equivalents of my nameservers to /etc/resolv.conf). Then I tried another router in my parent's network, which sits behind the IPV6 one but which gives me an IPV4 address, and then again I can't resolve names (though if I boot a Gentoo LiveCD I can, so it's a configuration issue on my laptop and related to IPV4). Yes, I re-added the IPV4 addresses back to /etc/resolv.conf, and I also tried leaving the IPV6 ones. I can ping addresses just fine, I just can't resolve names. What could be causing this and how could I fix it?

I started a new thread because the old one was polluted with confusing and irrelevant Q&A until I accidentally found out the relation to IPV4/6, sorry if this should be posted there nevertheless.

My resolv.conf (IPV4):

```

# dnsmasq - this has always worked, I also tried removing it and it doesn't solve anything, the issue has nothing to do with it

nameserver 127.0.0.1

# OpenNIC

nameserver 31.171.155.107

nameserver 79.133.43.124

```

IPV6 (working in the IPV6 router):

```

# dnsmasq

nameserver ::1

# OpenNIC

nameserver 2a05:dfc7:5::53

nameserver 2001:19f0:7001:929:5400:00ff:fe30:50af

```

Notice that the IPV4 one used to work on the IPV4 routers, it stopped working without me modifying it. Something else got modified and name resolving stopped working. My entire /etc folder (except ssl, shadow, etc) can be found hereLast edited by saturnalia0 on Thu Jan 05, 2017 9:39 am; edited 1 time in total

----------

## eccerr0r

Does your IPV4 stack work? can you ping IP addresses or even the nameservers?

You can try running nslookup google.com and see if it reports something?

Also you could temporarily try using Google's DNS server 8.8.8.8 and see if it changes behavior?

I have a caching nameserver so 127.0.0.1 makes sense for me...

----------

## saturnalia0

 *eccerr0r wrote:*   

> Does your IPV4 stack work? can you ping IP addresses or even the nameservers?

 

As mentioned in the other thread ping 8.8.8.8 works, I can ping all my nameservers as well. Not sure if this means "my ipv4 stack works", I'm a complete noob when it comes to networking!

 *eccerr0r wrote:*   

> You can try running nslookup google.com and see if it reports something?
> 
> Also you could temporarily try using Google's DNS server 8.8.8.8 and see if it changes behavior?

 

I did this and other tests in the aforelinked thread, the result is always the same:

$ nslookup google.com 8.8.8.8

connection timed out: no servers could be reached.

----------

## eccerr0r

You indeed have a very strange problem... mainly because it looks like it gives up on resolving the host without trying.

So all your ipv4 and ipv6 nameservers should be in /etc/resolv.conf, why you've split them I'm not sure. 

Can you clear out your /etc/sysctl.conf and see what happens without it (may need reboot)?

----------

## saturnalia0

I found the issue after a hint from a user at unix.stackexchange.org, it's very silly actually. It was an iptables nat rule that I used in a previous tor config to prevent DNS leaks, found at the Gentoo wiki: https://wiki.gentoo.org/wiki/Tor#TORDNS_Resolver

I thought `iptables -F ; iptables -X` was enough to get rid of it (and `iptables -L` didn't display anything). IPV6 worked because there were no ip6tables rules for it. I added information to the Gentoo wiki on how to properly disable the iptables rules so other noobs like me don't go though the same trouble. I also mentioned ip6tables, might be worth it. Thanks everyone for the help.

----------

## Hu

Your iptables -F ; iptables -X flushed and deleted user chains from the target table, which by default would be table filter.  It had no effect on any other tables, such as mangle, nat, raw, and security.  If you want to see all your iptables rules, you either need to run iptables -L on each table individually or use iptables-save, which will show all of them by default.

----------

