Arch Linux

seth

Member

Registered: 2012-09-03

Posts: 60,922

Re: [SOLVED]Three systemd services on port 53

Did you edit /etc/nsswitch.conf?
The important part is the "hosts" line in that file - it's likely failing because something™  responds a failure that's not UNAVAIL

hosts: files mymachines myhostname resolve [!UNAVAIL=return] dns

should™ work and

hosts: files mymachines myhostname resolve dns

likely will.

---

How to upload text · How to boot w/o GUI · Disable Windows Fast-Start! · Fix your xinitrc

Morta

Member

Registered: 2019-07-07

Posts: 660

Re: [SOLVED]Three systemd services on port 53

I will try tomorrow

Morta

Member

Registered: 2019-07-07

Posts: 660

Re: [SOLVED]Three systemd services on port 53

Did you edit /etc/nsswitch.conf?
The important part is the "hosts" line in that file - it's likely failing because something™  responds a failure that's not UNAVAIL

hosts: files mymachines myhostname resolve [!UNAVAIL=return] dns

should™ work and

hosts: files mymachines myhostname resolve dns

likely will.

Ok i edited /etc/nsswitch.conf to following config.

I will test the config and give a report if is working properly.

First with systmed-resolved because the internet connection breaks after a certain time and if this works properly i will change to dnscrypt-proxy.

Thanks for your support.

Last edited by Morta (2021-10-27 06:33:22)

Morta

Member

Registered: 2019-07-07

Posts: 660

Re: [SOLVED]Three systemd services on port 53

Still now dns resolution with dnscrypt-proxy.

I remember me i had the same problems years ago and then i add dnscrypt-proxy in nsswitch. How i have to do this?

dnscrypt or dnscrypt-proxy doesn't work instead of dns

Last edited by Morta (2021-10-28 06:00:11)

seth

Member

Registered: 2012-09-03

Posts: 60,922

Re: [SOLVED]Three systemd services on port 53

There's no "libnss_dnscrypt*" module - do you have such on the working system?
Please post your latest nsswitch.conf attempts where drill works, but ping doesn't.

Woawwaitasecond, are you referring to this here

First with systmed-resolved because the internet connection breaks after a certain time

Nobody knows why or that "the internet connection breaks after a certain time" and what the symptoms of that are.
Please don't juggle random stuff trying to fix three problems at once under the hood - you're creating a moving target and the rest of us doesn't even know what you're pointing at.

---

How to upload text · How to boot w/o GUI · Disable Windows Fast-Start! · Fix your xinitrc

Morta

Member

Registered: 2019-07-07

Posts: 660

Re: [SOLVED]Three systemd services on port 53

There's no "libnss_dnscrypt*" module - do you have such on the working system?
Please post your latest nsswitch.conf attempts where drill works, but ping doesn't.

Woawwaitasecond, are you referring to this here

First with systmed-resolved because the internet connection breaks after a certain time

Nobody knows why or that "the internet connection breaks after a certain time" and what the symptoms of that are.
Please don't juggle random stuff trying to fix three problems at once under the hood - you're creating a moving target and the rest of us doesn't even know what you're pointing at.

No. I haven’t a libnss_dnscrypt on the working machine.

Sorry for referring but i thought that was related to the dns problem and it was after remove the [] in nsswitch.conf the internet was working properly again.

So i disabled systemd-resolved and stop running start dnsproxy.

It‘s running as systemd service with chosen swiss DoH server but no dns systemwide.

First drill is working dig is working but nor ping or firefox. So no DNS.

Last edited by Morta (2021-10-28 08:27:20)

seth

Member

Registered: 2012-09-03

Posts: 60,922

Re: [SOLVED]Three systemd services on port 53

Please post your latest nsswitch.conf attempts where drill works, but ping doesn't.

---

How to upload text · How to boot w/o GUI · Disable Windows Fast-Start! · Fix your xinitrc

Morta

Member

Registered: 2019-07-07

Posts: 660

Re: [SOLVED]Three systemd services on port 53

Please post your latest nsswitch.conf attempts where drill works, but ping doesn't.

cat /etc/nsswitch.conf 
# Name Service Switch configuration file.
# See nsswitch.conf(5) for details.

passwd: files systemd
group: files [SUCCESS=merge] systemd
shadow: files

publickey: files

hosts: files mymachines myhostname resolve dns
networks: files

protocols: files
services: files
ethers: files
rpc: files

netgroup: files

# Use /etc/resolv.conf first, then fall back to systemd-resolved
hosts: files dns resolve myhostname
# Use systemd-resolved first, then fall back to /etc/resolv.conf
hosts: files resolve dns myhostname
# Don't use /etc/resolv.conf at all
hosts: files resolve myhostname

ls /usr/lib/libnss_*
/usr/lib/libnss_compat-2.33.so  /usr/lib/libnss_db-2.33.so  /usr/lib/libnss_dns-2.33.so  /usr/lib/libnss_files-2.33.so  /usr/lib/libnss_hesiod-2.33.so  /usr/lib/libnss_libvirt_guest.so.2  /usr/lib/libnss_mdns4.so.2          /usr/lib/libnss_mdns_minimal.so.2  /usr/lib/libnss_mymachines.so.2  /usr/lib/libnss_winbind.so    /usr/lib/libnss_wins.so.2
/usr/lib/libnss_compat.so       /usr/lib/libnss_db.so       /usr/lib/libnss_dns.so       /usr/lib/libnss_files.so       /usr/lib/libnss_hesiod.so       /usr/lib/libnss_libvirt.so.2        /usr/lib/libnss_mdns6_minimal.so.2  /usr/lib/libnss_mdns.so.2          /usr/lib/libnss_resolve.so.2     /usr/lib/libnss_winbind.so.2
/usr/lib/libnss_compat.so.2     /usr/lib/libnss_db.so.2     /usr/lib/libnss_dns.so.2     /usr/lib/libnss_files.so.2     /usr/lib/libnss_hesiod.so.2     /usr/lib/libnss_mdns4_minimal.so.2  /usr/lib/libnss_mdns6.so.2          /usr/lib/libnss_myhostname.so.2    /usr/lib/libnss_systemd.so.2     /usr/lib/libnss_wins.so

I can't remove these requested files because they are used from other packages. Have I to add mdns in nsswitch.conf?

seth

Member

Registered: 2012-09-03

Posts: 60,922

Re: [SOLVED]Three systemd services on port 53

You're not supposed to delete any of the libnss plugins, they're not used unless referenced anyway.

Do you actually have multiple uncommented "hosts" lines in your nsswitch.conf?
Remove the entire bottom section and post the output of

drill archlinux.org
dig archlinux.org
nslookup archlinux.org
getent ahostsv4 archlinux.org
getent ahostsv6 archlinux.org

---

How to upload text · How to boot w/o GUI · Disable Windows Fast-Start! · Fix your xinitrc

Morta

Member

Registered: 2019-07-07

Posts: 660

Re: [SOLVED]Three systemd services on port 53

You're not supposed to delete any of the libnss plugins, they're not used unless referenced anyway.

Do you actually have multiple uncommented "hosts" lines in your nsswitch.conf?

Yes, but i didn't add it

Remove the entire bottom section and post the output of

drill archlinux.org
dig archlinux.org
nslookup archlinux.org
getent ahostsv4 archlinux.org
getent ahostsv6 archlinux.org

New nsswitch.conf

cat /etc/nsswitch.conf
# Name Service Switch configuration file.
# See nsswitch.conf(5) for details.

passwd: files systemd
group: files [SUCCESS=merge] systemd
shadow: files

publickey: files

hosts: files mymachines myhostname resolve dns
networks: files

protocols: files
services: files
ethers: files
rpc: files

netgroup: files

 systemctl status dnscrypt-proxy
● dnscrypt-proxy.service - DNSCrypt-proxy client
     Loaded: loaded (/usr/lib/systemd/system/dnscrypt-proxy.service; enabled; vendor preset: disabled)
     Active: active (running) since Thu 2021-10-28 16:03:34 CEST; 19s ago
       Docs: https://github.com/jedisct1/dnscrypt-proxy/wiki
   Main PID: 21229 (dnscrypt-proxy)
      Tasks: 13 (limit: 37732)
     Memory: 8.6M
        CPU: 156ms
     CGroup: /system.slice/dnscrypt-proxy.service
             └─21229 /usr/bin/dnscrypt-proxy --config /etc/dnscrypt-proxy/dnscrypt-proxy.toml

Okt 28 16:03:34 lapt0p dnscrypt-proxy[21229]: [2021-10-28 16:03:34] [NOTICE] [dns.digitale-gesellschaft.ch-2] OK (DoH) - rtt: 5ms
Okt 28 16:03:34 lapt0p dnscrypt-proxy[21229]: [2021-10-28 16:03:34] [NOTICE] [dns.digitale-gesellschaft.ch-ipv6] OK (DoH) - rtt: 4ms
Okt 28 16:03:34 lapt0p dnscrypt-proxy[21229]: [2021-10-28 16:03:34] [NOTICE] [dns.digitale-gesellschaft.ch] OK (DoH) - rtt: 5ms
Okt 28 16:03:34 lapt0p dnscrypt-proxy[21229]: [2021-10-28 16:03:34] [NOTICE] Sorted latencies:
Okt 28 16:03:34 lapt0p dnscrypt-proxy[21229]: [2021-10-28 16:03:34] [NOTICE] -     4ms dns.digitale-gesellschaft.ch-ipv6
Okt 28 16:03:34 lapt0p dnscrypt-proxy[21229]: [2021-10-28 16:03:34] [NOTICE] -     5ms dns.digitale-gesellschaft.ch-2
Okt 28 16:03:34 lapt0p dnscrypt-proxy[21229]: [2021-10-28 16:03:34] [NOTICE] -     5ms dns.digitale-gesellschaft.ch
Okt 28 16:03:34 lapt0p dnscrypt-proxy[21229]: [2021-10-28 16:03:34] [NOTICE] -     6ms dns.digitale-gesellschaft.ch-ipv6-2
Okt 28 16:03:34 lapt0p dnscrypt-proxy[21229]: [2021-10-28 16:03:34] [NOTICE] Server with the lowest initial latency: dns.digitale-gesellschaft.ch-ipv6 (rtt: 4ms)
Okt 28 16:03:34 lapt0p dnscrypt-proxy[21229]: [2021-10-28 16:03:34] [NOTICE] dnscrypt-proxy is ready - live servers: 4

[morta@lapt0p lib]$ drill archrlinux.org
;; ->>HEADER<<- opcode: QUERY, rcode: NXDOMAIN, id: 45969
;; flags: qr rd ra ; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 
;; QUESTION SECTION:
;; archrlinux.org.	IN	A

;; ANSWER SECTION:

;; AUTHORITY SECTION:
org.	600	IN	SOA	a0.org.afilias-nst.info. noc.afilias-nst.info. 2014574901 1800 900 604800 86400

;; ADDITIONAL SECTION:

;; Query time: 18 msec
;; EDNS: version 0; flags: ; udp: 4096
;; SERVER: ::1
;; WHEN: Thu Oct 28 16:04:33 2021
;; MSG SIZE  rcvd: 106
[morta@lapt0p lib]$ dig archlinux.org

; <<>> DiG 9.16.21 <<>> archlinux.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25630
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;archlinux.org.			IN	A

;; ANSWER SECTION:
archlinux.org.		52455	IN	A	95.217.163.246

;; Query time: 6 msec
;; SERVER: ::1#53(::1)
;; WHEN: Thu Oct 28 16:04:45 CEST 2021
;; MSG SIZE  rcvd: 58


[morta@lapt0p lib]$ nslookup archlinux.org
Server:		::1
Address:	::1#53

Non-authoritative answer:
Name:	archlinux.org
Address: 95.217.163.246
Name:	archlinux.org
Address: 2a01:4f9:c010:6b1f::1

[morta@lapt0p lib]$ getent ahostsv4 archlinux.org
95.217.163.246  STREAM archlinux.org
95.217.163.246  DGRAM  
95.217.163.246  RAW    
[morta@lapt0p lib]$ getent ahostsv6 archlinux.org
2a01:4f9:c010:6b1f::1 STREAM archlinux.org
2a01:4f9:c010:6b1f::1 DGRAM  
2a01:4f9:c010:6b1f::1 RAW    

seth

Member

Registered: 2012-09-03

Posts: 60,922

Re: [SOLVED]Three systemd services on port 53

Resolution works fine, but you botched the drill (typo'd domain)
Since getent works, there's little to no reason for ping to fail on the IP

ping -c1 95.217.163.246
ping -c1 archlinux.org

If this really fails, first clear the iptables.

---

How to upload text · How to boot w/o GUI · Disable Windows Fast-Start! · Fix your xinitrc

Morta

Member

Registered: 2019-07-07

Posts: 660

Re: [SOLVED]Three systemd services on port 53

Resolution works fine, but you botched the drill (typo'd domain)
Since getent works, there's little to no reason for ping to fail on the IP

ping -c1 95.217.163.246
ping -c1 archlinux.org

If this really fails, first clear the iptables.

Is now working. Thanks a lot.

Morta

Member

Registered: 2019-07-07

Posts: 660

Re: [SOLVED]Three systemd services on port 53

It's normal that dnsleaktest.com shows the dnsserver of the dnscrypt-server?

I mention it should show no dns-server?

dnsleaktest.com shows my ip and this line

Query round	Progress...	Servers found
1		......		1

IP 	Hostname 	ISP 	Country
45.91.92.121 	dot-ch.blahdns.com. 	HostHatch 	Zurich, Switzerland 

[morta@lapt0p ~]$ dig txt debug.opendns.org

; <<>> DiG 9.16.21 <<>> txt debug.opendns.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10694
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 5632
;; QUESTION SECTION:
;debug.opendns.org.		IN	TXT

;; AUTHORITY SECTION:
opendns.org.		86248	IN	SOA	auth1.opendns.com. hostmaster.opendns.com. 1635429307 16384 2048 1048576 2560

;; Query time: 0 msec
;; SERVER: ::1#53(::1)
;; WHEN: Thu Oct 28 16:56:04 CEST 2021
;; MSG SIZE  rcvd: 110

Last edited by Morta (2021-10-28 14:57:17)

seth

Member

Registered: 2012-09-03

Posts: 60,922

Re: [SOLVED]Three systemd services on port 53

https://wiki.archlinux.org/title/Dnscry … is_working

You may want to restore the nsswitch.conf and notably re-insert the !UNAVAIL check.
If this re-breaks it, you isolated the problem and as a workaround can remove the conditional return again.

hosts: files mymachines myhostname resolve [!UNAVAIL=return] dns

---

How to upload text · How to boot w/o GUI · Disable Windows Fast-Start! · Fix your xinitrc

Morta

Member

Registered: 2019-07-07

Posts: 660

Re: [SOLVED]Three systemd services on port 53

https://wiki.archlinux.org/title/Dnscry … is_working

You may want to restore the nsswitch.conf and notably re-insert the !UNAVAIL check.
If this re-breaks it, you isolated the problem and as a workaround can remove the conditional return again.

hosts: files mymachines myhostname resolve [!UNAVAIL=return] dns

It's works with this line. Thanks! One question more...

It's normal that the dnscrypt-proxy dns server which is in the config will be shown at the dnsleaktest?

Ok, it's normal..  I read in the wiki.

Last edited by Morta (2021-10-28 16:21:48)