[SOLVED] DNS Problems happening randomly

iCykres · 2023-05-01 13:22:27

I seem to have a problem with DNS resolution since a few days. Every 5 minutes or so, my system can not find websites anymore. For example, pinging www.example.com won't work, but pinging 8.8.8.8 does not seem to be a problem.

I have found a work-around by stopping systemd-resolved.service. If I run systemctl list-unit-files --state=enabled immediately after, the service is in the list again. Note that disabling and enabling or restarting does not solve the problem. I also tried keeping it disabled, but to no avail.

I don't really know how to figure this problem out. Any help is greatly appreciated.

Last edited by iCykres (2023-05-02 16:15:20)

seth · 2023-05-01 13:38:32

Every 5 minutes or so … work-around by stopping systemd-resolved.service

Please post the output of

find /etc/systemd -type l -exec test -f {} \; -print | awk -F'/' '{ printf ("%-40s | %s\n", $(NF-0), $(NF-1)) }' | sort -f

Scimmia · 2023-05-01 13:50:44

Stopping resolved should generally result in no DNS at all, if things are configured correctly. See https://wiki.archlinux.org/title/Systemd-resolved#DNS

What do you have setting up the network/setting the dns server address?

iCykres · 2023-05-01 15:39:05

The output is the following:

bluetooth.service                        | bluetooth.target.wants
clamav-daemon.service                    | multi-user.target.wants
clamav-daemon.socket                     | sockets.target.wants
clamav-freshclam.service                 | multi-user.target.wants
dbus-org.bluez.service                   | system
dbus-org.freedesktop.nm-dispatcher.service | system
dbus-org.freedesktop.resolve1.service    | system
dbus-org.freedesktop.timesync1.service   | system
display-manager.service                  | system
docker.service                           | multi-user.target.wants
gcr-ssh-agent.socket                     | sockets.target.wants
getty@tty1.service                       | getty.target.wants
gnome-keyring-daemon.socket              | sockets.target.wants
NetworkManager.service                   | multi-user.target.wants
NetworkManager-wait-online.service       | network-online.target.wants
p11-kit-server.socket                    | sockets.target.wants
pipewire-pulse.socket                    | sockets.target.wants
pipewire-session-manager.service         | user
pipewire.socket                          | sockets.target.wants
remote-fs.target                         | multi-user.target.wants
systemd-resolved.service                 | sysinit.target.wants
systemd-timesyncd.service                | sysinit.target.wants
wg-quick@wg0.service                     | multi-user.target.wants
wireplumber.service                      | pipewire.service.wants
xdg-user-dirs-update.service             | default.target.wants

What do you have setting up the network/setting the dns server address?

I am not sure if I understand the question correctly, but I use the NetworkManager. My DNS settings in /etc/resolv.conf are:

search home
nameserver 192.168.0.1
nameserver 2a02:8383:d:c::1000
nameserver 2a02:8383:d:c::1

seth · 2023-05-01 15:46:51

There're no colliding services.
What are the outputs of

dig google.com # "bind" package
drill google.com # "ldns" package

when things work and when they don't?

Also

resolvectl status

docker and *especially* wireguard look at me, but I'm not sure how restarting resolved would help w/ that…

Scimmia · 2023-05-01 16:08:55

NetworkManager checks whether /etc/resolv.conf is a file or a symlink to determine if it should use systemd-resolved or not. See the first link I gave you.

iCykres · 2023-05-01 16:46:58

When everything works I get this output:

; <<>> DiG 9.18.14 <<>> google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23585
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;google.com.			IN	A

;; ANSWER SECTION:
google.com.		230	IN	A	142.251.36.206

;; Query time: 6 msec
;; SERVER: 192.168.0.1#53(192.168.0.1) (UDP)
;; WHEN: Mon May 01 17:48:53 CEST 2023
;; MSG SIZE  rcvd: 55

;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 6773
;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 
;; QUESTION SECTION:
;; google.com.	IN	A

;; ANSWER SECTION:
google.com.	14	IN	A	142.251.36.174

;; AUTHORITY SECTION:

;; ADDITIONAL SECTION:

;; Query time: 15 msec
;; SERVER: 2a02:8383:d:c::1
;; WHEN: Mon May  1 17:49:54 2023
;; MSG SIZE  rcvd: 44

Global
           Protocols: +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported
    resolv.conf mode: foreign
  Current DNS Server: 192.168.0.1
         DNS Servers: 192.168.0.1 2a02:8383:d:c::1000 2a02:8383:d:c::1
Fallback DNS Servers: 1.1.1.1#cloudflare-dns.com 9.9.9.9#dns.quad9.net 8.8.8.8#dns.google 2606:4700:4700::1111#cloudflare-dns.com 2620:fe::9#dns.quad9.net 2001:4860:4860::8888#dns.google
          DNS Domain: home

Link 2 (enp0s31f6)
    Current Scopes: none
         Protocols: -DefaultRoute +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 3 (wlan0)
    Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6 mDNS/IPv4 mDNS/IPv6
         Protocols: +DefaultRoute +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported
       DNS Servers: 192.168.0.1 2a02:8383:d:c::1000 2a02:8383:d:c::1
        DNS Domain: home

Link 4 (wg0)
    Current Scopes: DNS
         Protocols: +DefaultRoute +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported
       DNS Servers: 10.81.0.2
        DNS Domain: ~.

Link 5 (br-c6c6b3954efd)
    Current Scopes: none
         Protocols: -DefaultRoute +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 6 (br-f638a9a30ea1)
    Current Scopes: none
         Protocols: -DefaultRoute +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 7 (docker0)
    Current Scopes: none
         Protocols: -DefaultRoute +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 8 (br-66e1392f2c76)
    Current Scopes: none
         Protocols: -DefaultRoute +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 9 (br-aa8a7231db52)
    Current Scopes: none
         Protocols: -DefaultRoute +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported

whereas following output is produced when things are not working:

; <<>> DiG 9.18.14 <<>> google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40624
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;google.com.			IN	A

;; ANSWER SECTION:
google.com.		203	IN	A	142.251.36.206

;; Query time: 16 msec
;; SERVER: 192.168.0.1#53(192.168.0.1) (UDP)
;; WHEN: Mon May 01 17:57:59 CEST 2023
;; MSG SIZE  rcvd: 55

;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 15386
;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 
;; QUESTION SECTION:
;; google.com.	IN	A

;; ANSWER SECTION:
google.com.	184	IN	A	142.251.36.206

;; AUTHORITY SECTION:

;; ADDITIONAL SECTION:

;; Query time: 9 msec
;; SERVER: 192.168.0.1
;; WHEN: Mon May  1 17:58:18 2023
;; MSG SIZE  rcvd: 44

Global
           Protocols: +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported
    resolv.conf mode: foreign
  Current DNS Server: 192.168.0.1
         DNS Servers: 192.168.0.1 2a02:8383:d:c::1000 2a02:8383:d:c::1
Fallback DNS Servers: 1.1.1.1#cloudflare-dns.com 9.9.9.9#dns.quad9.net 8.8.8.8#dns.google 2606:4700:4700::1111#cloudflare-dns.com 2620:fe::9#dns.quad9.net 2001:4860:4860::8888#dns.google
          DNS Domain: home

Link 2 (enp0s31f6)
    Current Scopes: none
         Protocols: -DefaultRoute +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 3 (wlan0)
    Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6 mDNS/IPv4 mDNS/IPv6
         Protocols: +DefaultRoute +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 192.168.0.1
       DNS Servers: 192.168.0.1 2a02:8383:d:c::1000 2a02:8383:d:c::1
        DNS Domain: home

Link 4 (wg0)
    Current Scopes: DNS
         Protocols: +DefaultRoute +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 10.81.0.2
       DNS Servers: 10.81.0.2
        DNS Domain: ~.

Link 5 (br-c6c6b3954efd)
    Current Scopes: none
         Protocols: -DefaultRoute +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 6 (br-f638a9a30ea1)
    Current Scopes: none
         Protocols: -DefaultRoute +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 7 (docker0)
    Current Scopes: none
         Protocols: -DefaultRoute +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 8 (br-66e1392f2c76)
    Current Scopes: none
         Protocols: -DefaultRoute +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 9 (br-aa8a7231db52)
    Current Scopes: none
         Protocols: -DefaultRoute +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported

Can I give you any other information on WireGuard? I need it to connect to a university VPN for a few courses.

seth · 2023-05-01 16:51:45

when things are not working

… you're still getting answers from 192.168.0.1 and the google.com domain is resolved fine.
Did you try to

ping -c1 google.com

"when things are not working"?

iCykres · 2023-05-01 17:02:47

I just tried and I get no answer.

seth · 2023-05-01 17:11:49

I just tried and I get no answer.

Meaning ping simply times out?
Please don't paraphrase, https://bbs.archlinux.org/viewtopic.php?id=57855
Post the exact ping I/O "when things are not working".

Can you "ping -4c1" or "ping -6c1" google.com?

If you're not overly attached to resolved, check Scimmia's link and simply disable it.

Scimmia · 2023-05-01 19:29:37

My link wasn't about disabling it, it was about setting it up so everything uses it correctly.

seth · 2023-05-01 20:08:17

Ah, thought you'd posted https://wiki.archlinux.org/title/Networ … management

Using resolved in "foreign" mode as resolv.conf consumer is a perfectly valid configuration and allowing resolved to control resolv.conf might actually lead to problems, https://wiki.archlinux.org/title/WireGu … resolution (the symptoms would fit, but the data in #7 doesn't )

Anyway, the issue is either not resolution at all (domain resolution issues don't get you a stalled ping w/ no output) or in nss-resolve (as DNS clearly still works) and the former will require a look at wireguard and the latter would indicate a bug in resolved (explaining why it's termination helps)

Scimmia · 2023-05-01 20:13:04

It's a valid configuration, but one prone to problems with race conditions that can cause strange issue.

iCykres · 2023-05-02 16:14:56

Sorry for the paraphrasing, I will look out in the future.

You were right by looking at WireGuard. I was able to solve the problem by adding the line

PersistentKeepalive = 15

to my /etc/wireguard/wg0.conf file.

Arch Linux

#1 2023-05-01 13:22:27

[SOLVED] DNS Problems happening randomly

#2 2023-05-01 13:38:32

Re: [SOLVED] DNS Problems happening randomly

#3 2023-05-01 13:50:44

Re: [SOLVED] DNS Problems happening randomly

#4 2023-05-01 15:39:05

Re: [SOLVED] DNS Problems happening randomly

#5 2023-05-01 15:46:51

Re: [SOLVED] DNS Problems happening randomly

#6 2023-05-01 16:08:55

Re: [SOLVED] DNS Problems happening randomly

#7 2023-05-01 16:46:58

Re: [SOLVED] DNS Problems happening randomly

#8 2023-05-01 16:51:45

Re: [SOLVED] DNS Problems happening randomly

#9 2023-05-01 17:02:47

Re: [SOLVED] DNS Problems happening randomly

#10 2023-05-01 17:11:49

Re: [SOLVED] DNS Problems happening randomly

#11 2023-05-01 19:29:37

Re: [SOLVED] DNS Problems happening randomly

#12 2023-05-01 20:08:17

Re: [SOLVED] DNS Problems happening randomly

#13 2023-05-01 20:13:04

Re: [SOLVED] DNS Problems happening randomly

#14 2023-05-02 16:14:56

Re: [SOLVED] DNS Problems happening randomly

Board footer