You are not logged in.
Hey,
I set up a router in my room (WPA personal) that my android phone and Windows have no trouble connecting to and accessing the Internet. When I connect to it through arch however, I keep getting DNS resolution issues. I'm using networkmanager and connect via nmtui. It's driving me crazy and I can't understand why it isn't working. Would love some help.
Thanks
Offline
post /etc/resolv.conf please
Disliking systemd intensely, but not satisfied with alternatives so focusing on taming systemd.
(A works at time B) && (time C > time B ) ≠ (A works at time C)
Offline
also "systemctl list-unit-files --state enabled", this smells like systemd-network interference (can you dig domains?)
Offline
Hey, sorry for the late reply.
/etc/resolv.conf and the systemctl list unit files are attached. https://pastebin.com/gTixPNe6
Still no idea how to fix this.
Offline
why is connman-vpn enabled/running?
Offline
Was using conman before the switch to networkmanager. Must have forgotten to disable the service. Doesn't affect the issue unfortunately.
Offline
That resolv.conf file looks like it was hand created to use google DNS servers.
Do android and windows also use those servers ?
Can you ping the google DNS servers from the arch linux box ?
Disliking systemd intensely, but not satisfied with alternatives so focusing on taming systemd.
(A works at time B) && (time C > time B ) ≠ (A works at time C)
Offline
Yeah, I messed with the servers trying to fix it. When I'm connected to the router I can't ping Google.
Offline
Ok, please ensure the conman service has stopped and you can ping IPs (to ensure this is *really* only a DNS issue)
then
ping 172.217.20.164 # that's google
ping -4 172.217.20.164 # that's google using IPv4 for sure
dig www.google.com
dig @8.8.8.8 www.google.com
nslookup www.google.com
wget -Ov /dev/null 172.217.20.164 # that's google
wget -Ov /dev/null www.google.com
and see whether and what works with what output...
Offline
Hey, I don't have dig or nslookup on the machine. Trying the wget and ping commands give me
https://pastebin.com/ARTb9zVC
Offline
I was about to tell you to install it, but you'll have trouble just updating the system ...
Run as root (sudo won't work! in doubt do "sudo su" to get a root shell)
strace ping www.google.com 2>&1 | grep open
and post the output (look at the resolver location)
If that doesn't answer it, let's blame networkmanager.
systemctl stop NetworkManager
systemctl stop NetworkManager-dispatcher.service
and run "wifi-menu" to connect to the router, see whether the issue remains.
Next thing i'd look into would be /etc/hosts
Offline
Hey, I tried the strace and it gave me this output:
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
open("/usr/lib/libcap.so.2", O_RDONLY|O_CLOEXEC) = 3
open("/usr/lib/libidn.so.11", O_RDONLY|O_CLOEXEC) = 3
open("/usr/lib/libcrypto.so.1.0.0", O_RDONLY|O_CLOEXEC) = 3
open("/usr/lib/libresolv.so.2", O_RDONLY|O_CLOEXEC) = 3
open("/usr/lib/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
open("/usr/lib/libdl.so.2", O_RDONLY|O_CLOEXEC) = 3
open("/usr/lib/locale/locale-archive", O_RDONLY|O_CLOEXEC) = 3
open("/etc/nsswitch.conf", O_RDONLY|O_CLOEXEC) = 5
open("/etc/host.conf", O_RDONLY|O_CLOEXEC) = 5
open("/etc/resolv.conf", O_RDONLY|O_CLOEXEC) = 5
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 5
open("/usr/lib/libnss_files.so.2", O_RDONLY|O_CLOEXEC) = 5
open("/etc/hosts", O_RDONLY|O_CLOEXEC) = 5
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 5
open("/usr/lib/libnss_mymachines.so.2", O_RDONLY|O_CLOEXEC) = 5
open("/usr/lib/librt.so.1", O_RDONLY|O_CLOEXEC) = 5
open("/usr/lib/libm.so.6", O_RDONLY|O_CLOEXEC) = 5
open("/usr/lib/libpthread.so.0", O_RDONLY|O_CLOEXEC) = 5
open("/run/systemd/machines/www.google.com", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 5
open("/usr/lib/libnss_resolve.so.2", O_RDONLY|O_CLOEXEC) = 5
open("/sys/fs/kdbus/0-system/bus", O_RDWR|O_NOCTTY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 6
open("/usr/lib/libnss_dns.so.2", O_RDONLY|O_CLOEXEC) = 6
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 5
open("/usr/lib/libnss_myhostname.so.2", O_RDONLY|O_CLOEXEC) = 5
open("/usr/share/locale/locale.alias", O_RDONLY|O_CLOEXEC) = 5
open("/usr/share/locale/en_US.UTF-8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US.utf8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.UTF-8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.utf8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
wifi-menu couldn't connect to the router.
Also installed dig and nslookup (via dnsutils) which both gave me:
nslookup: parse of /etc/resolv.conf failed
Last edited by nravic (2017-04-03 21:59:32)
Offline
???
Please upload your /etc/resolv.conf somwhere and explain why "wifi-menu couldn't connect to the router" - did you successflly stop networkmanager?
Offline
Sorry, the resolv.conf error was because it was badly formatted. I fixed it and the new dig and nslookup errors are:
$ dig www.google.com
; <<>> DiG 9.11.0-P3 <<>> www.google.com
;; global options: +cmd
;; connection timed out; no servers could be reached
nslookup www.google.com
;; connection timed out; no servers could be reached
On the topic of wifi-menu, yeah I did. When I try to connect now, it throws me this error:
Job for netctl@wlp3s0\x2dwifun.service failed because the control process exited with error code.
See "systemctl status "netctl@wlp3s0\\x2dwifun.service"" and "journalctl -xe" for details.
The contents of systemctl status are:
● netctl@wlp3s0\x2dwifun.service - Networking for netctl profile wlp3s0-wifun
Loaded: loaded (/usr/lib/systemd/system/netctl@.service; static; vendor preset: disabled)
Active: failed (Result: exit-code) since Tue 2017-04-04 06:23:17 GST; 13s ago
Docs: man:netctl.profile(5)
Process: 9703 ExecStart=/usr/lib/network/network start %I (code=exited, status=1/FAILURE)
Main PID: 9703 (code=exited, status=1/FAILURE)
Apr 04 06:23:17 arch systemd[1]: Starting Networking for netctl profile wlp3s0-wifun...
Apr 04 06:23:17 arch network[9703]: Starting network profile 'wlp3s0-wifun'...
Apr 04 06:23:17 arch network[9703]: The interface of network profile 'wlp3s0-wifun' is already up
Apr 04 06:23:17 arch systemd[1]: netctl@wlp3s0\x2dwifun.service: Main process exited, code=exited,
Apr 04 06:23:17 arch systemd[1]: Failed to start Networking for netctl profile wlp3s0-wifun.
Apr 04 06:23:17 arch systemd[1]: netctl@wlp3s0\x2dwifun.service: Unit entered failed state.
Apr 04 06:23:17 arch systemd[1]: netctl@wlp3s0\x2dwifun.service: Failed with result 'exit-code'.
Offline
The wifi-menu error suggests networkmanager is either still running or somehow kept the device up despite being stopped.
What's the output for "dig @8.8.8.8 www.google.com"?
Offline
Hey, fixed the wifi-menu error by disabling NetworkManager altogether. Now when I connect via wifi-menu I still can't access the internet and running dig and nslookup give me the same error.
With regards to the dig @8.8.8.8 www.google.com,
; <<>> DiG 9.11.0-P3 <<>> @8.8.8.8 www.google.com
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached
Offline
Hey, fixed the wifi-menu error by disabling NetworkManager altogether
*ggg* you stopped NM and rebootetd to be safe, right?
Ok, so NM isn't to blame but you cannot reach googles DNS server?
ping 8.8.8.8
nmap -Pnp53 8.8.8.8
In case that works: which DNS server do you use on the other systems?
(Is there maybe one configured in your router?)
cat /etc/resolvconf.conf
PS, to put is straight:
being unable to use googles DNS despite a working network smells like your ISP filtering port 53 in order to enforce a DNS to provide DNS based access control to the internet.
Offline
*ggg* you stopped NM and rebootetd to be safe, right?
I did hahaha.
So the results of the ping and nmap commands:
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=52 time=13.6 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=52 time=18.9 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=52 time=15.9 ms
64 bytes from 8.8.8.8: icmp_seq=4 ttl=52 time=16.7 ms
64 bytes from 8.8.8.8: icmp_seq=5 ttl=52 time=12.5 ms
64 bytes from 8.8.8.8: icmp_seq=6 ttl=52 time=14.3 ms
64 bytes from 8.8.8.8: icmp_seq=7 ttl=52 time=16.9 ms
64 bytes from 8.8.8.8: icmp_seq=8 ttl=52 time=12.4 ms
64 bytes from 8.8.8.8: icmp_seq=9 ttl=52 time=12.8 ms
64 bytes from 8.8.8.8: icmp_seq=10 ttl=52 time=45.6 ms
64 bytes from 8.8.8.8: icmp_seq=11 ttl=52 time=12.7 ms
64 bytes from 8.8.8.8: icmp_seq=12 ttl=52 time=21.0 ms
64 bytes from 8.8.8.8: icmp_seq=13 ttl=52 time=16.0 ms
64 bytes from 8.8.8.8: icmp_seq=14 ttl=52 time=14.8 ms
64 bytes from 8.8.8.8: icmp_seq=15 ttl=52 time=14.9 ms
--- 8.8.8.8 ping statistics ---
15 packets transmitted, 15 received, 0% packet loss, time 14021ms
rtt min/avg/max/mdev = 12.404/17.296/45.635/7.937 ms
Starting Nmap 7.40 ( https://nmap.org ) at 2017-04-04 21:14 GST
Nmap scan report for 8.8.8.8
Host is up (0.015s latency).
Not shown: 968 filtered ports
PORT STATE SERVICE
82/tcp open xfer
443/tcp open https
700/tcp open epp
787/tcp open qsc
808/tcp open ccproxy-http
912/tcp open apex-mesh
1041/tcp open danf-ak2
1166/tcp open qsm-remote
1271/tcp open excw
1300/tcp open h323hostcallsc
1328/tcp open ewall
1461/tcp open ibm_wrless_lan
1783/tcp open unknown
2111/tcp open kx
2381/tcp open compaq-https
2607/tcp open connection
3006/tcp open deslogind
3261/tcp open winshadow
3914/tcp open listcrt-port-2
4003/tcp open pxc-splr-ft
5080/tcp open onscreen
5730/tcp open unieng
5961/tcp open unknown
8654/tcp open unknown
9099/tcp open unknown
9207/tcp open wap-vcal-s
12265/tcp open unknown
12345/tcp open netbus
19780/tcp open unknown
32778/tcp open sometimes-rpc19
56737/tcp open unknown
60020/tcp open unknown
Nmap done: 1 IP address (1 host up) scanned in 19.52 seconds
Hmm, that does sound possible. Its weird though, I tried another linux machine (well a Raspberry Pi running the custom Raspi Debian flavor) and it managed to get internet access no problem. I'll look at the DNS settings of my phone and the raspi.
Also there's no /etc/resolvconf.conf.
Last edited by nravic (2017-04-04 13:19:43)
Offline
That 8.8.8.8 is not googles DNS server. Not only is port 53 filtered or closed, but a hell lot of freaky other ports are open.
Since it has 443 open, try to
wget --no-check-certificate -O whoareyou.html https://8.8.8.8:443
You can also open "https:/8.8.8.8" in a browser, but should deactivate javascript resp. use dillo or links or such less attackable html renderer (since we don't know what 8.8.8.8 is)
Also consider tracepath'ing 8.8.8.8 to see whether you leave your LAN and inspect "ip route" to see whether 8.8.8.8 goes through your default gateway (which should be your router)
Offline
wget gives me:
--2017-04-04 21:41:50-- https://8.8.8.8/
Connecting to 8.8.8.8:443... connected.
WARNING: certificate common name ‘*.c.docs.google.com’ doesn't match requested host name ‘8.8.8.8’.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: http://www.google.com/ [following]
--2017-04-04 21:41:50-- http://www.google.com/
Resolving www.google.com... failed: Name or service not known.
wget: unable to resolve host address ‘www.google.com’
Connecting to 8.8.8.8 in the browser says that its an insecure connection and that there's no security certificate. In firefox, the error code is SSL_ERROR_BAD_CERT_DOMAIN. Here's the whole error:
8.8.8.8 uses an invalid security certificate. The certificate is only valid for the following names: *.c.docs.google.com, *.a1.googlevideo.com, *.c.2mdn.net, *.c.bigcache.googleapis.com, *.c.doc-0-0-sj.sj.googleusercontent.com, *.c.drive.google.com, *.c.googlevideo.com, *.c.inbox.google.com, *.c.mail.google.com, *.c.pack.google.com, *.c.play.google.com, *.c.video.google.com, *.c.youtube.com, *.cache1.c.docs.google.com, *.cache1.c.play.google.com, *.cache1.c.video.google.com, *.cache1.c.youtube.com, *.cache2.c.docs.google.com, *.cache2.c.play.google.com, *.cache2.c.video.google.com, *.cache2.c.youtube.com, *.cache3.c.docs.google.com, *.cache3.c.play.google.com, *.cache3.c.video.google.com, *.cache3.c.youtube.com, *.cache4.c.docs.google.com, *.cache4.c.play.google.com, *.cache4.c.video.google.com, *.cache4.c.youtube.com, *.cache5.c.docs.google.com, *.cache5.c.play.google.com, *.cache5.c.video.google.com, *.cache5.c.youtube.com, *.cache6.c.docs.google.com, *.cache6.c.play.google.com, *.cache6.c.video.google.com, *.cache6.c.youtube.com, *.cache7.c.docs.google.com, *.cache7.c.play.google.com, *.cache7.c.video.google.com, *.cache7.c.youtube.com, *.cache8.c.docs.google.com, *.cache8.c.play.google.com, *.cache8.c.video.google.com, *.cache8.c.youtube.com, *.googlevideo.com, *.googlezip.net, *.gvt1.com, *.xn--ngstr-lra8j.com, xn--ngstr-lra8j.com Error code: SSL_ERROR_BAD_CERT_DOMAIN
Last edited by nravic (2017-04-04 13:46:05)
Offline
Ok, that address 301s you to google what doesn't work because it's supposed to be your DNS server ;-)
Try using 8.3.127.2 as dns server in /etc/resolve.conf (nb. the proper way is to edit /etc/resolvconf.conf and add add name_servers there) and see where that gets you.
And inspect the routing table.
Offline
Changed the DNS server in /etc/resolv.conf. Still can't access internet, resolution errors. Tried running the wget snippet from earlier and got the same error of being unable to resolve the host.
This is the routing table.
$ ip route show
default via 192.168.0.1 dev wlp3s0 proto static metric 600
192.168.0.0/24 dev wlp3s0 proto kernel scope link src 192.168.0.101 metric 600
It looks wonky
Offline
No, routing is ordinary. 192.168.0.1 is your router and acts as default gateway. 192.168.0.0/24 is the LAN range.
The only "oddity" is that you seem to not be using dhcp but a static IP config.
What is "nmap -Pn -p 1-1024 8.3.127.2"
Offline
$ nmap -Pn -p 1-1024 8.3.127.2
Starting Nmap 7.40 ( https://nmap.org ) at 2017-04-04 22:56 GST
Nmap scan report for 8.3.127.2
Host is up (0.23s latency).
Not shown: 1011 closed ports
PORT STATE SERVICE
19/tcp filtered chargen
22/tcp open ssh
25/tcp filtered smtp
53/tcp filtered domain
80/tcp open http
135/tcp filtered msrpc
137/tcp filtered netbios-ns
138/tcp filtered netbios-dgm
139/tcp filtered netbios-ssn
214/tcp filtered vmpwscs
445/tcp filtered microsoft-ds
517/tcp filtered talk
518/tcp filtered ntalk
Nmap done: 1 IP address (1 host up) scanned in 65.57 seconds
Offline
Ok, better.
dig @8.3.127.2 www.google.com
(if this works you did not successfully alter the dns resolver)
Offline