Matthai Posted February 12, 2017 Posted February 12, 2017 Hi, I have bought Orange Pi Zero and installed Armbian Ubuntu version. Device (and OS!) works fantastic. However, I have a problem, because DNS resolving does not work until I manually edit /etc/resolv.conf file and enter: nameserver <ip_of_my_router> The problem is, I am using my Zero device in different networks, so I need to reconfigure it every time I connect it to other network. Is there any solution for this? In fact, it is quite weird, I have tried several things (when DNS resolving was not working), for instance: dig @8.8.8.8 www.slo-tech.com any and got only: ; <<>> DiG 9.10.3-P4-Ubuntu <<>> @8.8.8.8 www.slo-tech.com any; (1 server found);; global options: +cmd;; connection timed out; no servers could be reached or: host www.slo-tech.com 8.8.8.8 and got: ;; connection timed out; no servers could be reached Any idea whay is that so?
arox Posted February 12, 2017 Posted February 12, 2017 Hi, I have bought Orange Pi Zero and installed Armbian Ubuntu version. Device (and OS!) works fantastic. However, I have a problem, because DNS resolving does not work until I manually edit /etc/resolv.conf file and enter: nameserver <ip_of_my_router> The problem is, I am using my Zero device in different networks, so I need to reconfigure it every time I connect it to other network. Is there any solution for this? In fact, it is quite weird, I have tried several things (when DNS resolving was not working), for instance: dig @8.8.8.8 www.slo-tech.com any and got only: ; <<>> DiG 9.10.3-P4-Ubuntu <<>> @8.8.8.8 www.slo-tech.com any ; (1 server found) ;; global options: +cmd ;; connection timed out; no servers could be reached or: host www.slo-tech.com 8.8.8.8 and got: ;; connection timed out; no servers could be reached Any idea whay is that so? Why not just put "nameserver 8.8.8.8" in your file /etc/resolv.conf ? And if you have no reply from 8.8.8.8, I suspect someone is filtering traffic .
Matthai Posted February 13, 2017 Author Posted February 13, 2017 Well, I entered "nameserver 8.8.8.8" in my file /etc/resolv.conf and it didn't work. However, I was able to ping 8.8.8.8 And nobody is filtering traffic, because I tried this in two different networks, one is under my control. And other machines are working just fine. Here is what I have: cat /etc/resolv.confnameserver 8.8.8.8 I can ping Google's server: ping 8.8.8.8 PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.64 bytes from 8.8.8.8: icmp_seq=1 ttl=46 time=36.5 ms64 bytes from 8.8.8.8: icmp_seq=2 ttl=46 time=87.7 ms64 bytes from 8.8.8.8: icmp_seq=3 ttl=46 time=78.8 ms However, DNS resolving is not working:ping www.ubuntu.comping: unknown host www.ubuntu.com Then I change resolv.conf: cat /etc/resolv.confnameserver 10.10.5.1 Ping is working now: ping www.ubuntu.comPING www.ubuntu.com (91.189.90.59) 56(84) bytes of data.64 bytes from www-ubuntu-com.jujube.canonical.com (91.189.90.59): icmp_seq=1 ttl=47 time=33.5 ms64 bytes from www-ubuntu-com.jujube.canonical.com (91.189.90.59): icmp_seq=2 ttl=47 time=29.5 ms Please note, that my default gateway is 10.10.5.1 (and that machine in fact is using Google DNS servers). So it seems resolv.conf should have set a DNS server of default gateway? Why is that so?
Matthai Posted February 13, 2017 Author Posted February 13, 2017 BTW, my system is ARMBIAN 5.25 stable Ubuntu 16.04.2 LTS 3.4.113-sun8i.
tkaiser Posted February 13, 2017 Posted February 13, 2017 The problem is, I am using my Zero device in different networks, so I need to reconfigure it every time I connect it to other network. 'Reconfiguring every time' is the stupid/anachronistic way. You should simply utilize network-manager for that (installed on recent Armbian images by default and taking care of every interface that is not listed in /etc/network/interfaces, applies to Wi-Fi on the Zero by default but not Ethernet) NM will then use the appropriate DNS server based on the used profile and /etc/resolv.conf will be overwritten every time NM switches a profile (resolv.conf is just there for legacy software reading this file, it's not meant to be written by the user directly any more)
arox Posted February 13, 2017 Posted February 13, 2017 Well, I entered "nameserver 8.8.8.8" in my file /etc/resolv.conf and it didn't work. However, I was able to ping 8.8.8.8 And nobody is filtering traffic, because I tried this in two different networks, one is under my control. And other machines are working just fine. If someone is filtering traffic to force you to use another DNS, he will block port 53 udp/tcp and not icmp/ping ! You need tools like hping or open a socket to 8.8.8.8:53 to check that. You should also verify that your resolv.conf is a plain file and not a link and that nobody tempered with your nsswitch.conf (or glibc or /lib/libnss_SERVICE.so) : nothing will surprise me anymore in "modern linux"
arox Posted February 13, 2017 Posted February 13, 2017 'Reconfiguring every time' is the stupid/anachronistic way. You should simply utilize network-manager for that (installed on recent Armbian images by default and taking care of every interface that is not listed in /etc/network/interfaces, applies to Wi-Fi on the Zero by default but not Ethernet) NM will then use the appropriate DNS server based on the used profile and /etc/resolv.conf will be overwritten every time NM switches a profile (resolv.conf is just there for legacy software reading this file, it's not meant to be written by the user directly any more) I don't understand why NM should temper (and be allowed to temper) with DNS resolution : DNS is a service and not just a configuration. It has not to be determined by the way you are connected because it presents a security problem. You have to know exactly WHO redirect you when you enter an URL for example and who is then able to trace your activity. You can trust your ISP DNS (including without config via DHCP) or Google DNS or another source, but it is not just a matter of configuration : you have to know who you trust ! And if you trust your router/internet box, then you assume that nobody can temper with it. :ph34r: :ph34r:
tkaiser Posted February 13, 2017 Posted February 13, 2017 nothing will surprise me anymore in "modern linux" Why should a "modern linux" be any different here than any other modern OS? It starts to get really easy as soon as you're willing to accept that /etc/resolv.conf is a read-only file providing backwards compatibility with old software. It's also very easy to get that a static file like resolv.conf might be suitable for servers or centrally administered workstations but not for any mobile device where you want DNS settings be adjusted automagically depending on the location the device is in (if you don't rely on DHCP you want different DNS in network A than B, since NM also provides VPN access the same is true when connecting through VPNs, just let NM do the job an you're done, NM will set system wide name resolution and also updates resolv.conf as last step to provide old software with proper server address(es))
zador.blood.stained Posted February 13, 2017 Posted February 13, 2017 Why should a "modern linux" be any different here than any other modern OS? It starts to get really easy as soon as you're willing to accept that /etc/resolv.conf is a read-only file providing backwards compatibility with old software. /etc/resolv.conf is still used (depends on configuration in /etc/nsswitch.conf ) and normally is linked to a temp file provided by resolvconf or, for example, systemd-resolved. I don't think /etc/resolv.conf is updated by NM directly, instead it propagates changes to resolvconf.
Matthai Posted February 13, 2017 Author Posted February 13, 2017 OK, just a few remarks here.In my network, I have several machines. For all other machines DNS resolving works good with the same settings, the problem is only with OrangePi Zero with Armbian. So it is not a network problem, obviously. @tkaiser:OK, using Network Manager for the configuration seems a proper way. However, it does not work.First I list active connection:nmcli connection show --activeThen I edit it: nmcli connection edit MyNetworknmcli> remove ipv4.dns nmcli> set ipv4.ignore-auto-dns yesnmcli> set ipv4.dns 10.10.5.1nmcli> savenmcli> quit I do the same for the other network (but of course with different DNS settings). I reboot device in the other network... it doesnt work. resolv.conf is not changed. Then I change it manually - and it starts working. @arox: sudo apt-get install hping sudo hping3 8.8.8.8HPING 8.8.8.8 (wlan0 8.8.8.8): NO FLAGS are set, 40 headers + 0 data bytes^C--- 8.8.8.8 hping statistic ---8 packets transmitted, 0 packets received, 100% packet lossround-trip min/avg/max = 0.0/0.0/0.0 ms sudo ping 8.8.8.8PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.64 bytes from 8.8.8.8: icmp_seq=1 ttl=46 time=41.5 ms64 bytes from 8.8.8.8: icmp_seq=2 ttl=46 time=35.9 ms Now, that is interesting. And I need to stress it again: DNS resolving with the same settings on the neigbour machine in the same network works flawlessly... resolv.conf is a plain file: ls -lha /etc/resolv.conf-rw-r--r-- 1 root root 93 Feb 13 13:05 /etc/resolv.conf Anyway, I have found this also: https://forum.armbian.com/index.php/topic/796-dns-resolving-in-customize-imagesh-worksworks-not-in-some-cases/
zador.blood.stained Posted February 13, 2017 Posted February 13, 2017 @tkaiser: OK, using Network Manager for the configuration seems a proper way. However, it does not work. I reboot device in the other network... it doesnt work. resolv.conf is not changed. Then I change it manually - and it starts working. resolv.conf is a plain file: ls -lha /etc/resolv.conf -rw-r--r-- 1 root root 93 Feb 13 13:05 /etc/resolv.conf It doesn't work because /etc/resolv.conf is not linked to /run/resolvconf/resolv.conf (ow whatever is the correct path for the temp resolvconf file). It's an Armbian artifact of our build process.
Matthai Posted February 13, 2017 Author Posted February 13, 2017 OK, so it seems it is a possible bug in Armbian? How can I come around it?
tkaiser Posted February 13, 2017 Posted February 13, 2017 OK, so it seems it is a possible bug in Armbian? How can I come around it? Check the output of sudo resolvconf -u In case it says '/run/resolvconf/resolv.conf' then simply do a sudo ln -fs /run/resolvconf/resolv.conf /etc/resolv.conf @Zador: Such a static resolv.conf isn't really suitable to be used in the scenarios where NM could shine. Why do we alter the file in the first place at all?
zador.blood.stained Posted February 13, 2017 Posted February 13, 2017 @Zador: Such a static resolv.conf isn't really suitable to be used in the scenarios where NM could shine. Why do we alter the file in the first place at all? Because it does't work in chroot during the build process since /run would be empty when reusing rootfs cache and services like resolvconf are not started to recreate the file. We should alter the build process to recreate this symlink somewhere before copying files to the image. 1
Matthai Posted February 13, 2017 Author Posted February 13, 2017 sudo resolvconf -u /etc/resolvconf/update.d/libc: Warning: /etc/resolv.conf is not a symbolic link to /run/resolvconf/resolv.conf sudo ln -fs /run/resolvconf/resolv.conf /etc/resolv.conf sudo resolvconf -u(no output) Anyway, it still does not work. My device is connected to OpenVPN network, and after that I experienced connectivity problem with VPN connection. OK, it could be unrealeted, but I removed this link and created new resolv.conf file and added nameserver 10.10.5.1 to it... Now VPN connection is not dropping anymore...
arox Posted February 13, 2017 Posted February 13, 2017 What I don't understand is why you cannot address a google public DNS server directly with : dig @8.8.8.8 www.slo-tech.com any It should work if you can ping 8.8.8.8, even if your local resolver got problems ! Can you try to send sync to port 53/tcp with : hping3 8.8.8.8 -p 53 -S It should respond :HPING 8.8.8.8 (eth0 8.8.8.8): S set, 40 headers + 0 data byteslen=46 ip=8.8.8.8 ttl=58 id=62807 sport=53 flags=SA seq=0 win=28640 rtt=37.8 mslen=46 ip=8.8.8.8 ttl=58 id=10529 sport=53 flags=SA seq=1 win=28640 rtt=37.2 ms ...
Matthai Posted February 13, 2017 Author Posted February 13, 2017 sudo hping3 8.8.8.8 -p 53 -S HPING 8.8.8.8 (wlan0 8.8.8.8): S set, 40 headers + 0 data byteslen=40 ip=8.8.8.8 ttl=253 id=37843 sport=53 flags=RA seq=0 win=512 rtt=49.1 mslen=40 ip=8.8.8.8 ttl=253 id=48294 sport=53 flags=RA seq=1 win=512 rtt=48.9 ms^C--- 8.8.8.8 hping statistic ---2 packets transmitted, 2 packets received, 0% packet lossround-trip min/avg/max = 48.9/49.0/49.1 ms However: sudo dig @8.8.8.8 www.ubuntu.com any; <<>> DiG 9.10.3-P4-Ubuntu <<>> @8.8.8.8 www.ubuntu.com any; (1 server found);; global options: +cmd;; connection timed out; no servers could be reached
tkaiser Posted February 13, 2017 Posted February 13, 2017 sudo dig @8.8.8.8 www.ubuntu.com any I fear I still don't get what you really want? Accessing Google's DNS or use your own through your OpenVPN (which might have 'block-outside-dns' enabled?)? Based on my understanding if you manage VPN and connection settings with NM then you configure DNS with nmtui/nmcli (you can check settings later below /etc/NetworkManager/system-connections/) and now that resolvconf(8) is fixed everything should work now (might require a reboot though)? Disclaimer: Never configured this myself since I found Linux on mobile devices too much of PITA until now (for server use cases editing static config files in Linux is ok and my mobile devices run macOS anyway where scutil/scselect/configd provide nmcli/nmtui/NM functionality)
Matthai Posted February 13, 2017 Author Posted February 13, 2017 My problem is simply, that DNS resolving on Armbian does not work out of the box. It was not working when I was NOT using OpenVPN network - I had to configure resolv.conf manually, and it is not working out of the box now (I also had to configure resolv.conf manually). I m pretty sure this is due to some specific of Armbian, since on other OS things are just working without problem. It is also very strange, that DNS servers are accessible and network is working (i. e. ping, etc.). And yes, I rebooted machine after I tried creating those symlinks... Actually, I really do not care which DNS to use, the problem is, resolving is not working out of the box, i. e. without editing resolv.conf. And I am pretty sure this is some specific or. spme weird bug of Armbian.
zador.blood.stained Posted February 13, 2017 Posted February 13, 2017 @Matthai Are you using CLI or desktop image?
jkajolin Posted February 13, 2017 Posted February 13, 2017 Just a note, on modern installations you don't ever manually configure the /etc/resolv.conf it is automatically maintained by other services. Plain openvpn installation don't do dns push lines unless you tweak them from the server side, the network manager plugin which is part of the gnome packages does this automatically while restarting whole networking. We have some amazon to datacenter bridges and even my soc installations are connected to datacenter network services by openvpn client. Most of the problems started when ubuntu started using network manager on desktop images but dns push routes took a lot off man hours to get them right. Currenlty I add manually the hostnames and don't rely on dns lookups. My problem is simply, that DNS resolving on Armbian does not work out of the box. It was not working when I was NOT using OpenVPN network - I had to configure resolv.conf manually, and it is not working out of the box now (I also had to configure resolv.conf manually). I m pretty sure this is due to some specific of Armbian, since on other OS things are just working without problem. It is also very strange, that DNS servers are accessible and network is working (i. e. ping, etc.). And yes, I rebooted machine after I tried creating those symlinks... Actually, I really do not care which DNS to use, the problem is, resolving is not working out of the box, i. e. without editing resolv.conf. And I am pretty sure this is some specific or. spme weird bug of Armbian. 1
arox Posted February 13, 2017 Posted February 13, 2017 sudo hping3 8.8.8.8 -p 53 -S HPING 8.8.8.8 (wlan0 8.8.8.8): S set, 40 headers + 0 data bytes len=40 ip=8.8.8.8 ttl=253 id=37843 sport=53 flags=RA seq=0 win=512 rtt=49.1 ms len=40 ip=8.8.8.8 ttl=253 id=48294 sport=53 flags=RA seq=1 win=512 rtt=48.9 ms ^C --- 8.8.8.8 hping statistic --- 2 packets transmitted, 2 packets received, 0% packet loss round-trip min/avg/max = 48.9/49.0/49.1 ms However: sudo dig @8.8.8.8 www.ubuntu.com any ; <<>> DiG 9.10.3-P4-Ubuntu <<>> @8.8.8.8 www.ubuntu.com any ; (1 server found) ;; global options: +cmd ;; connection timed out; no servers could be reachedS dig +tcp @8.8.8.8 www.ubuntu.com any probably work ... So, you have to either choose another nameserver, find how to auto-configure or add : options use-vc in /etc/resolv.conf
Matthai Posted February 14, 2017 Author Posted February 14, 2017 This does not work: options use-vcnameserver 8.8.8.8 Also: dig +tcp @8.8.8.8 www.ubuntu.com any; <<>> DiG 9.10.3-P4-Ubuntu <<>> +tcp @8.8.8.8 www.ubuntu.com any; (1 server found);; global options: +cmd;; connection timed out; no servers could be reached
RenatoL Posted October 6, 2017 Posted October 6, 2017 I have a similar problem and that solved: sudo dpkg-reconfigure resolvconf according to this post: 1
Recommended Posts