Arch Linux

nravic

Member

Registered: 2017-03-26

Posts: 17

DNS errors with local router

Hey,

I set up a router in my room (WPA personal) that my android phone and Windows have no trouble connecting to and accessing the Internet. When I connect to it through arch however, I keep getting DNS resolution issues. I'm using networkmanager and connect via nmtui. It's driving me crazy and I can't understand why it isn't working. Would love some help.

Thanks

Lone_Wolf

Forum Moderator

From: Netherlands, Europe

Registered: 2005-10-04

Posts: 11,922

Re: DNS errors with local router

post /etc/resolv.conf please

---

Disliking systemd intensely, but not satisfied with alternatives so focusing on taming systemd.

(A works at time B)  && (time C > time B ) ≠  (A works at time C)

seth

Member

Registered: 2012-09-03

Posts: 51,221

Re: DNS errors with local router

also "systemctl list-unit-files --state enabled", this smells like systemd-network interference (can you dig domains?)

---

How to upload text · How to boot w/o GUI · Disable Windows Fast-Start! · Fix your xinitrc

nravic

Member

Registered: 2017-03-26

Posts: 17

Re: DNS errors with local router

Hey, sorry for the late reply.

/etc/resolv.conf and the systemctl list unit files are attached. https://pastebin.com/gTixPNe6

Still no idea how to fix this.

seth

Member

Registered: 2012-09-03

Posts: 51,221

Re: DNS errors with local router

why is connman-vpn enabled/running?

---

How to upload text · How to boot w/o GUI · Disable Windows Fast-Start! · Fix your xinitrc

nravic

Member

Registered: 2017-03-26

Posts: 17

Re: DNS errors with local router

Was using conman before the switch to networkmanager. Must have forgotten to disable the service. Doesn't affect the issue unfortunately.

Lone_Wolf

Forum Moderator

From: Netherlands, Europe

Registered: 2005-10-04

Posts: 11,922

Re: DNS errors with local router

That resolv.conf file looks like it was hand created to use google DNS servers.

Do android and windows also use those servers ?

Can you ping the google DNS servers from the arch linux box ?

---

Disliking systemd intensely, but not satisfied with alternatives so focusing on taming systemd.

(A works at time B)  && (time C > time B ) ≠  (A works at time C)

nravic

Member

Registered: 2017-03-26

Posts: 17

Re: DNS errors with local router

Yeah, I messed with the servers trying to fix it. When I'm connected to the router I can't ping Google.

seth

Member

Registered: 2012-09-03

Posts: 51,221

Re: DNS errors with local router

Ok, please ensure the conman service has stopped and you can ping IPs (to ensure this is *really* only a DNS issue)
then

ping 172.217.20.164 # that's google
ping -4 172.217.20.164 # that's google using IPv4 for sure
dig www.google.com
dig @8.8.8.8 www.google.com
nslookup www.google.com
wget -Ov /dev/null 172.217.20.164 # that's google
wget -Ov /dev/null www.google.com

and see whether and what works with what output...

---

How to upload text · How to boot w/o GUI · Disable Windows Fast-Start! · Fix your xinitrc

nravic

Member

Registered: 2017-03-26

Posts: 17

Re: DNS errors with local router

Hey, I don't have dig or nslookup on the machine. Trying the wget and ping commands give me
https://pastebin.com/ARTb9zVC

seth

Member

Registered: 2012-09-03

Posts: 51,221

Re: DNS errors with local router

I was about to tell you to install it, but you'll have trouble just updating the system ...

Run as root (sudo won't work! in doubt do "sudo su" to get a root shell)

strace ping www.google.com 2>&1 | grep open

and post the output (look at the resolver location)

If that doesn't answer it, let's blame networkmanager.

systemctl stop NetworkManager
systemctl stop NetworkManager-dispatcher.service

and run "wifi-menu" to connect to the router, see whether the issue remains.

Next thing i'd look into would be /etc/hosts

---

How to upload text · How to boot w/o GUI · Disable Windows Fast-Start! · Fix your xinitrc

nravic

Member

Registered: 2017-03-26

Posts: 17

Re: DNS errors with local router

Hey, I tried the strace and it gave me this output:

open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
open("/usr/lib/libcap.so.2", O_RDONLY|O_CLOEXEC) = 3
open("/usr/lib/libidn.so.11", O_RDONLY|O_CLOEXEC) = 3
open("/usr/lib/libcrypto.so.1.0.0", O_RDONLY|O_CLOEXEC) = 3
open("/usr/lib/libresolv.so.2", O_RDONLY|O_CLOEXEC) = 3
open("/usr/lib/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
open("/usr/lib/libdl.so.2", O_RDONLY|O_CLOEXEC) = 3
open("/usr/lib/locale/locale-archive", O_RDONLY|O_CLOEXEC) = 3
open("/etc/nsswitch.conf", O_RDONLY|O_CLOEXEC) = 5
open("/etc/host.conf", O_RDONLY|O_CLOEXEC) = 5
open("/etc/resolv.conf", O_RDONLY|O_CLOEXEC) = 5
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 5
open("/usr/lib/libnss_files.so.2", O_RDONLY|O_CLOEXEC) = 5
open("/etc/hosts", O_RDONLY|O_CLOEXEC)  = 5
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 5
open("/usr/lib/libnss_mymachines.so.2", O_RDONLY|O_CLOEXEC) = 5
open("/usr/lib/librt.so.1", O_RDONLY|O_CLOEXEC) = 5
open("/usr/lib/libm.so.6", O_RDONLY|O_CLOEXEC) = 5
open("/usr/lib/libpthread.so.0", O_RDONLY|O_CLOEXEC) = 5
open("/run/systemd/machines/www.google.com", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 5
open("/usr/lib/libnss_resolve.so.2", O_RDONLY|O_CLOEXEC) = 5
open("/sys/fs/kdbus/0-system/bus", O_RDWR|O_NOCTTY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 6
open("/usr/lib/libnss_dns.so.2", O_RDONLY|O_CLOEXEC) = 6
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 5
open("/usr/lib/libnss_myhostname.so.2", O_RDONLY|O_CLOEXEC) = 5
open("/usr/share/locale/locale.alias", O_RDONLY|O_CLOEXEC) = 5
open("/usr/share/locale/en_US.UTF-8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US.utf8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.UTF-8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.utf8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory) 

wifi-menu couldn't connect to the router.

Also installed dig and nslookup (via dnsutils) which both gave me:

nslookup: parse of /etc/resolv.conf failed

Last edited by nravic (2017-04-03 21:59:32)

seth

Member

Registered: 2012-09-03

Posts: 51,221

Re: DNS errors with local router

???
Please upload your /etc/resolv.conf somwhere and explain why "wifi-menu couldn't connect to the router" - did you successflly stop networkmanager?

---

How to upload text · How to boot w/o GUI · Disable Windows Fast-Start! · Fix your xinitrc

nravic

Member

Registered: 2017-03-26

Posts: 17

Re: DNS errors with local router

Sorry, the resolv.conf error was because it was badly formatted. I fixed it and the new dig and nslookup errors are:

$ dig www.google.com

; <<>> DiG 9.11.0-P3 <<>> www.google.com
;; global options: +cmd
;; connection timed out; no servers could be reached

nslookup www.google.com
;; connection timed out; no servers could be reached

On the topic of wifi-menu, yeah I did. When I try to connect now, it throws me this error:

Job for netctl@wlp3s0\x2dwifun.service failed because the control process exited with error code.
See "systemctl status "netctl@wlp3s0\\x2dwifun.service"" and "journalctl -xe" for details.

The contents of systemctl status are:

● netctl@wlp3s0\x2dwifun.service - Networking for netctl profile wlp3s0-wifun
   Loaded: loaded (/usr/lib/systemd/system/netctl@.service; static; vendor preset: disabled)
   Active: failed (Result: exit-code) since Tue 2017-04-04 06:23:17 GST; 13s ago
     Docs: man:netctl.profile(5)
  Process: 9703 ExecStart=/usr/lib/network/network start %I (code=exited, status=1/FAILURE)
 Main PID: 9703 (code=exited, status=1/FAILURE)

Apr 04 06:23:17 arch systemd[1]: Starting Networking for netctl profile wlp3s0-wifun...
Apr 04 06:23:17 arch network[9703]: Starting network profile 'wlp3s0-wifun'...
Apr 04 06:23:17 arch network[9703]: The interface of network profile 'wlp3s0-wifun' is already up
Apr 04 06:23:17 arch systemd[1]: netctl@wlp3s0\x2dwifun.service: Main process exited, code=exited,
Apr 04 06:23:17 arch systemd[1]: Failed to start Networking for netctl profile wlp3s0-wifun.
Apr 04 06:23:17 arch systemd[1]: netctl@wlp3s0\x2dwifun.service: Unit entered failed state.
Apr 04 06:23:17 arch systemd[1]: netctl@wlp3s0\x2dwifun.service: Failed with result 'exit-code'.

seth

Member

Registered: 2012-09-03

Posts: 51,221

Re: DNS errors with local router

The wifi-menu error suggests networkmanager is either still running or somehow kept the device up despite being stopped.

What's the output for "dig @8.8.8.8 www.google.com"?

---

How to upload text · How to boot w/o GUI · Disable Windows Fast-Start! · Fix your xinitrc

nravic

Member

Registered: 2017-03-26

Posts: 17

Re: DNS errors with local router

Hey, fixed the wifi-menu error by disabling NetworkManager altogether. Now when I connect via wifi-menu I still can't access the internet and running dig and nslookup give me the same error.

With regards to the dig @8.8.8.8 www.google.com,

; <<>> DiG 9.11.0-P3 <<>> @8.8.8.8 www.google.com
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached

seth

Member

Registered: 2012-09-03

Posts: 51,221

Re: DNS errors with local router

Hey, fixed the wifi-menu error by disabling NetworkManager altogether

*ggg* you stopped NM and rebootetd to be safe, right?

Ok, so NM isn't to blame but you cannot reach googles DNS server?

ping 8.8.8.8
nmap -Pnp53 8.8.8.8

In case that works: which DNS server do you use on the other systems?
(Is there maybe one configured in your router?)

cat /etc/resolvconf.conf

PS, to put is straight:
being unable to use googles DNS despite a working network smells like your ISP filtering port 53 in order to enforce a DNS to provide DNS based access control to the internet.

---

How to upload text · How to boot w/o GUI · Disable Windows Fast-Start! · Fix your xinitrc

nravic

Member

Registered: 2017-03-26

Posts: 17

Re: DNS errors with local router

*ggg* you stopped NM and rebootetd to be safe, right?

I did hahaha.

So the results of the ping and nmap commands:

PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=52 time=13.6 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=52 time=18.9 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=52 time=15.9 ms
64 bytes from 8.8.8.8: icmp_seq=4 ttl=52 time=16.7 ms
64 bytes from 8.8.8.8: icmp_seq=5 ttl=52 time=12.5 ms
64 bytes from 8.8.8.8: icmp_seq=6 ttl=52 time=14.3 ms
64 bytes from 8.8.8.8: icmp_seq=7 ttl=52 time=16.9 ms
64 bytes from 8.8.8.8: icmp_seq=8 ttl=52 time=12.4 ms
64 bytes from 8.8.8.8: icmp_seq=9 ttl=52 time=12.8 ms
64 bytes from 8.8.8.8: icmp_seq=10 ttl=52 time=45.6 ms
64 bytes from 8.8.8.8: icmp_seq=11 ttl=52 time=12.7 ms
64 bytes from 8.8.8.8: icmp_seq=12 ttl=52 time=21.0 ms
64 bytes from 8.8.8.8: icmp_seq=13 ttl=52 time=16.0 ms
64 bytes from 8.8.8.8: icmp_seq=14 ttl=52 time=14.8 ms
64 bytes from 8.8.8.8: icmp_seq=15 ttl=52 time=14.9 ms

--- 8.8.8.8 ping statistics ---
15 packets transmitted, 15 received, 0% packet loss, time 14021ms
rtt min/avg/max/mdev = 12.404/17.296/45.635/7.937 ms

Starting Nmap 7.40 ( https://nmap.org ) at 2017-04-04 21:14 GST
Nmap scan report for 8.8.8.8
Host is up (0.015s latency).
Not shown: 968 filtered ports
PORT      STATE SERVICE
82/tcp    open  xfer
443/tcp   open  https
700/tcp   open  epp
787/tcp   open  qsc
808/tcp   open  ccproxy-http
912/tcp   open  apex-mesh
1041/tcp  open  danf-ak2
1166/tcp  open  qsm-remote
1271/tcp  open  excw
1300/tcp  open  h323hostcallsc
1328/tcp  open  ewall
1461/tcp  open  ibm_wrless_lan
1783/tcp  open  unknown
2111/tcp  open  kx
2381/tcp  open  compaq-https
2607/tcp  open  connection
3006/tcp  open  deslogind
3261/tcp  open  winshadow
3914/tcp  open  listcrt-port-2
4003/tcp  open  pxc-splr-ft
5080/tcp  open  onscreen
5730/tcp  open  unieng
5961/tcp  open  unknown
8654/tcp  open  unknown
9099/tcp  open  unknown
9207/tcp  open  wap-vcal-s
12265/tcp open  unknown
12345/tcp open  netbus
19780/tcp open  unknown
32778/tcp open  sometimes-rpc19
56737/tcp open  unknown
60020/tcp open  unknown

Nmap done: 1 IP address (1 host up) scanned in 19.52 seconds

Hmm, that does sound possible. Its weird though, I tried another linux machine (well a Raspberry Pi running the custom Raspi Debian flavor) and it managed to get internet access no problem. I'll look at the DNS settings of my phone and the raspi.

Also there's no /etc/resolvconf.conf.

Last edited by nravic (2017-04-04 13:19:43)

seth

Member

Registered: 2012-09-03

Posts: 51,221

Re: DNS errors with local router

That 8.8.8.8 is not googles DNS server. Not only is port 53 filtered or closed, but a hell lot of freaky other ports are open.

Since it has 443 open, try to

wget --no-check-certificate -O whoareyou.html https://8.8.8.8:443

You can also open "https:/8.8.8.8" in a browser, but should deactivate javascript resp. use dillo or links or such less attackable html renderer (since we don't know what 8.8.8.8 is)

Also consider tracepath'ing 8.8.8.8 to see whether you leave your LAN and inspect "ip route" to see whether 8.8.8.8 goes through your default gateway (which should be your router)

---

How to upload text · How to boot w/o GUI · Disable Windows Fast-Start! · Fix your xinitrc

nravic

Member

Registered: 2017-03-26

Posts: 17

Re: DNS errors with local router

wget gives me:

--2017-04-04 21:41:50--  https://8.8.8.8/
Connecting to 8.8.8.8:443... connected.
    WARNING: certificate common name ‘*.c.docs.google.com’ doesn't match requested host name ‘8.8.8.8’.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: http://www.google.com/ [following]
--2017-04-04 21:41:50--  http://www.google.com/
Resolving www.google.com... failed: Name or service not known.
wget: unable to resolve host address ‘www.google.com’

Connecting to 8.8.8.8 in the browser says that its an insecure connection and that there's no security certificate. In firefox, the error code is SSL_ERROR_BAD_CERT_DOMAIN. Here's the whole error:

8.8.8.8 uses an invalid security certificate. The certificate is only valid for the following names: *.c.docs.google.com, *.a1.googlevideo.com, *.c.2mdn.net, *.c.bigcache.googleapis.com, *.c.doc-0-0-sj.sj.googleusercontent.com, *.c.drive.google.com, *.c.googlevideo.com, *.c.inbox.google.com, *.c.mail.google.com, *.c.pack.google.com, *.c.play.google.com, *.c.video.google.com, *.c.youtube.com, *.cache1.c.docs.google.com, *.cache1.c.play.google.com, *.cache1.c.video.google.com, *.cache1.c.youtube.com, *.cache2.c.docs.google.com, *.cache2.c.play.google.com, *.cache2.c.video.google.com, *.cache2.c.youtube.com, *.cache3.c.docs.google.com, *.cache3.c.play.google.com, *.cache3.c.video.google.com, *.cache3.c.youtube.com, *.cache4.c.docs.google.com, *.cache4.c.play.google.com, *.cache4.c.video.google.com, *.cache4.c.youtube.com, *.cache5.c.docs.google.com, *.cache5.c.play.google.com, *.cache5.c.video.google.com, *.cache5.c.youtube.com, *.cache6.c.docs.google.com, *.cache6.c.play.google.com, *.cache6.c.video.google.com, *.cache6.c.youtube.com, *.cache7.c.docs.google.com, *.cache7.c.play.google.com, *.cache7.c.video.google.com, *.cache7.c.youtube.com, *.cache8.c.docs.google.com, *.cache8.c.play.google.com, *.cache8.c.video.google.com, *.cache8.c.youtube.com, *.googlevideo.com, *.googlezip.net, *.gvt1.com, *.xn--ngstr-lra8j.com, xn--ngstr-lra8j.com Error code: SSL_ERROR_BAD_CERT_DOMAIN

Last edited by nravic (2017-04-04 13:46:05)

seth

Member

Registered: 2012-09-03

Posts: 51,221

Re: DNS errors with local router

Ok, that address 301s you to google what doesn't work because it's supposed to be your DNS server ;-)

Try using 8.3.127.2 as dns server in /etc/resolve.conf (nb. the proper way is to edit /etc/resolvconf.conf and add add name_servers there) and see where that gets you.
And inspect the routing table.

---

How to upload text · How to boot w/o GUI · Disable Windows Fast-Start! · Fix your xinitrc

nravic

Member

Registered: 2017-03-26

Posts: 17

Re: DNS errors with local router

Changed the DNS server in /etc/resolv.conf. Still can't access internet, resolution errors. Tried running the wget snippet from earlier and got the same error of being unable to resolve the host.

This is the routing table.

$ ip route show
default via 192.168.0.1 dev wlp3s0 proto static metric 600 
192.168.0.0/24 dev wlp3s0 proto kernel scope link src 192.168.0.101 metric 600 

It looks wonky

seth

Member

Registered: 2012-09-03

Posts: 51,221

Re: DNS errors with local router

No, routing is ordinary. 192.168.0.1 is your router and acts as default gateway. 192.168.0.0/24 is the LAN range.
The only "oddity" is that you seem to not be using dhcp but a static IP config.

What is "nmap -Pn -p 1-1024 8.3.127.2"

---

How to upload text · How to boot w/o GUI · Disable Windows Fast-Start! · Fix your xinitrc

nravic

Member

Registered: 2017-03-26

Posts: 17

Re: DNS errors with local router

$ nmap -Pn -p 1-1024 8.3.127.2

Starting Nmap 7.40 ( https://nmap.org ) at 2017-04-04 22:56 GST
Nmap scan report for 8.3.127.2
Host is up (0.23s latency).
Not shown: 1011 closed ports
PORT    STATE    SERVICE
19/tcp  filtered chargen
22/tcp  open     ssh
25/tcp  filtered smtp
53/tcp  filtered domain
80/tcp  open     http
135/tcp filtered msrpc
137/tcp filtered netbios-ns
138/tcp filtered netbios-dgm
139/tcp filtered netbios-ssn
214/tcp filtered vmpwscs
445/tcp filtered microsoft-ds
517/tcp filtered talk
518/tcp filtered ntalk

Nmap done: 1 IP address (1 host up) scanned in 65.57 seconds

seth

Member

Registered: 2012-09-03

Posts: 51,221

Re: DNS errors with local router

Ok, better.

dig @8.3.127.2 www.google.com

(if this works you did not successfully alter the dns resolver)

---

How to upload text · How to boot w/o GUI · Disable Windows Fast-Start! · Fix your xinitrc