You are not logged in.
- Topics: Active | Unanswered
#1 2010-10-16 19:56:22
- aaronfitz
- Member
- Registered: 2010-10-16
- Posts: 3
[SOLVED] Broken DNS Resolving--Caused by OpenVPN Install?
Hello,
I performed a full system update on Thursday night, and after rebooting my DNS resolving is now broken. It seemed to work after the update but before the reboot, but not after the reboot. My system is a virtual server hosted by Linode, and I've cross-posted a (not identically worded) question over in their forums (but the network forum doesn't seem to be very high traffic: http://www.linode.com/forums/viewtopic. … 2881#32881 )
I also installed OpenVPN before rebooting, but the 'route' output below makes me think that's not the problem. It's possible I could've screwed up my iptunnels rules to block DNS, but, I don't see the problem. I'll include that output below. OpenVPN is configured in a tunneled fashion, and the iptables rules should NAT the traffic from tun0 to eth0.
--[EDIT: I did /etc/rc.d/iptables stop to remove all the iptables rules and tried the google ping again, still no resolving]--
Glancing through recent threads, it seems similar to this guy's problem: https://bbs.archlinux.org/viewtopic.php?id=106104
All of my daemons are behaving correctly and I can access the Internet directly by IP addresses from the Arch machine. I can't perform any updates via pacman as the DNS resolving is broken. Has anyone reported this recently?
Here's the output from some relevant commands -
$ cat /etc/resolv.conf
8.8.8.8
8.8.4.4
$ ping google.com
ping: unknown host google.com
$ ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=55 time=8.18 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=55 time=8.56 ms
^C
--- 8.8.8.8 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 8.187/8.376/8.566/0.210 ms
$ ifconfig
eth0 Link encap:Ethernet HWaddr FE:FD:45:A4:DD:19
inet addr:69.164.221.X Bcast:69.164.221.255 Mask:255.255.255.0
inet6 addr: fe80::fcfd:45ff:fea4:dd19/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:60260 errors:0 dropped:0 overruns:0 frame:0
TX packets:23681 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:54781503 (52.2 Mb) TX bytes:52366406 (49.9 Mb)
Interrupt:28
eth0:0 Link encap:Ethernet HWaddr FE:FD:45:A4:DD:19
inet addr:69.164.222.X Bcast:69.164.222.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:28
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:6 errors:0 dropped:0 overruns:0 frame:0
TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:282 (282.0 b) TX bytes:282 (282.0 b)
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.0.1 P-t-P:10.8.0.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
$ route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.8.0.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
10.8.0.0 10.8.0.2 255.255.255.0 UG 0 0 0 tun0
69.164.221.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
69.164.222.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
0.0.0.0 69.164.221.1 0.0.0.0 UG 0 0 0 eth0
$ iptables -nvL
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
8 376 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
62 2673 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID
60225 55M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 state NEW
16 808 OPEN-UDP udp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW
17 864 OPEN-TCP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02 state NEW
0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
11 488 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with tcp-reset
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-proto-unreachable
0 0 ACCEPT 47 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- tap0 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- br0 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- tun0 * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02 TCPMSS clamp to PMTU
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 fw-interfaces all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 fw-open all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-unreachable
Chain OUTPUT (policy ACCEPT 23750 packets, 52M bytes)
pkts bytes target prot opt in out source destination
Chain OPEN-TCP (1 references)
pkts bytes target prot opt in out source destination
3 180 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
5 276 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 27000:27015
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1194
Chain OPEN-UDP (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:22
16 808 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 27000:27015
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1194
Chain fw-interfaces (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- ppp+ * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- tun0 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- tun+ * 0.0.0.0/0 0.0.0.0/0
Chain fw-open (1 references)
pkts bytes target prot opt in out source destinationLast edited by aaronfitz (2010-10-19 01:29:07)
Offline
#2 2010-10-16 20:36:34
- aaronfitz
- Member
- Registered: 2010-10-16
- Posts: 3
Re: [SOLVED] Broken DNS Resolving--Caused by OpenVPN Install?
Hello,
I performed a full system update on Thursday night, and after rebooting my DNS resolving is now broken. It seemed to work after the update but before the reboot, but not after the reboot. My system is a virtual server hosted by Linode, and I've cross-posted a (not identically worded) question over in their forums (but the network forum doesn't seem to be very high traffic: http://www.linode.com/forums/viewtopic. … 2881#32881 )
I also installed OpenVPN before rebooting, but the 'route' output below makes me think that's not the problem. It's possible I could've screwed up my iptunnels rules to block DNS, but, I don't see the problem. I'll include that output below. OpenVPN is configured in a tunneled fashion, and the iptables rules should NAT the traffic from tun0 to eth0.
--[EDIT: I did /etc/rc.d/iptables stop to remove all the iptables rules and tried the google ping again, still no resolving]--
Glancing through recent threads, it seems similar to this guy's problem: https://bbs.archlinux.org/viewtopic.php?id=106104
All of my daemons are behaving correctly and I can access the Internet directly by IP addresses from the Arch machine. I can't perform any updates via pacman as the DNS resolving is broken. Has anyone reported this recently?
Here's the output from some relevant commands -
$ cat /etc/resolv.conf 8.8.8.8 8.8.4.4 $ ping google.com ping: unknown host google.com $ ping 8.8.8.8 PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. 64 bytes from 8.8.8.8: icmp_seq=1 ttl=55 time=8.18 ms 64 bytes from 8.8.8.8: icmp_seq=2 ttl=55 time=8.56 ms ^C --- 8.8.8.8 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1001ms rtt min/avg/max/mdev = 8.187/8.376/8.566/0.210 ms $ ifconfig eth0 Link encap:Ethernet HWaddr FE:FD:45:A4:DD:19 inet addr:69.164.221.X Bcast:69.164.221.255 Mask:255.255.255.0 inet6 addr: fe80::fcfd:45ff:fea4:dd19/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:60260 errors:0 dropped:0 overruns:0 frame:0 TX packets:23681 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:54781503 (52.2 Mb) TX bytes:52366406 (49.9 Mb) Interrupt:28 eth0:0 Link encap:Ethernet HWaddr FE:FD:45:A4:DD:19 inet addr:69.164.222.X Bcast:69.164.222.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:28 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:6 errors:0 dropped:0 overruns:0 frame:0 TX packets:6 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:282 (282.0 b) TX bytes:282 (282.0 b) tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:10.8.0.1 P-t-P:10.8.0.2 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) $ route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 10.8.0.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0 10.8.0.0 10.8.0.2 255.255.255.0 UG 0 0 0 tun0 69.164.221.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 69.164.222.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 0.0.0.0 69.164.221.1 0.0.0.0 UG 0 0 0 eth0 $ iptables -nvL Chain INPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 8 376 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 62 2673 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID 60225 55M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 state NEW 16 808 OPEN-UDP udp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW 17 864 OPEN-TCP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02 state NEW 0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable 11 488 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with tcp-reset 0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-proto-unreachable 0 0 ACCEPT 47 -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- tap0 * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- br0 * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- tun0 * 0.0.0.0/0 0.0.0.0/0 Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02 TCPMSS clamp to PMTU 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 fw-interfaces all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 fw-open all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-unreachable Chain OUTPUT (policy ACCEPT 23750 packets, 52M bytes) pkts bytes target prot opt in out source destination Chain OPEN-TCP (1 references) pkts bytes target prot opt in out source destination 3 180 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 5 276 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 27000:27015 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1194 Chain OPEN-UDP (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:22 16 808 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 27000:27015 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1194 Chain fw-interfaces (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- ppp+ * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- tun0 * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- tun+ * 0.0.0.0/0 0.0.0.0/0 Chain fw-open (1 references) pkts bytes target prot opt in out source destination
Never mind, newb mistake on my part--I forgot the 'nameserver' directives in resolv.conf.
dhcp-client had overwritten the file and I re-populated in a couple servers and forgot the directive. It's always the chain of events that slips your mind that ends up causing the problems!
Offline
