DNS resolving

[Matthai]

Hi,

 

I have bought Orange Pi Zero and installed Armbian Ubuntu version.

 

Device (and OS!) works fantastic. However, I have a problem, because DNS resolving does not work until I manually edit /etc/resolv.conf file and enter:

nameserver <ip_of_my_router>

 

The problem is, I am using my Zero device in different networks, so I need to reconfigure it every time I connect it to other network.

 

Is there any solution for this?

 

In fact, it is quite weird, I have tried several things (when DNS resolving was not working), for instance:

dig @8.8.8.8 www.slo-tech.com any

 

and got only:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> @8.8.8.8 www.slo-tech.com any
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached

 

or:

host www.slo-tech.com 8.8.8.8

 

and got:

;; connection timed out; no servers could be reached

 

Any idea whay is that so?

[arox]

Hi,

 

I have bought Orange Pi Zero and installed Armbian Ubuntu version.

 

Device (and OS!) works fantastic. However, I have a problem, because DNS resolving does not work until I manually edit /etc/resolv.conf file and enter:

nameserver <ip_of_my_router>

 

The problem is, I am using my Zero device in different networks, so I need to reconfigure it every time I connect it to other network.

 

Is there any solution for this?

 

In fact, it is quite weird, I have tried several things (when DNS resolving was not working), for instance:

dig @8.8.8.8 www.slo-tech.com any

 

and got only:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> @8.8.8.8 www.slo-tech.com any

; (1 server found)

;; global options: +cmd

;; connection timed out; no servers could be reached

 

or:

host www.slo-tech.com 8.8.8.8

 

and got:

;; connection timed out; no servers could be reached

 

Any idea whay is that so?

 

Why not just put "nameserver 8.8.8.8" in your file /etc/resolv.conf ?

 

And if you have no reply from 8.8.8.8, I suspect someone is filtering traffic .

[Matthai]

Well, I entered "nameserver 8.8.8.8" in my file /etc/resolv.conf and it didn't work.

 

However, I was able to ping 8.8.8.8

 

And nobody is filtering traffic, because I tried this in two different networks, one is under my control. And other machines are working just fine.

 

Here is what I have:

 

cat /etc/resolv.conf
nameserver 8.8.8.8
 

I can ping Google's server:

ping 8.8.8.8

PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=46 time=36.5 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=46 time=87.7 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=46 time=78.8 ms

 

However, DNS resolving is not working:
ping www.ubuntu.com
ping: unknown host www.ubuntu.com
 

Then I change resolv.conf:

cat /etc/resolv.conf
nameserver 10.10.5.1

 

Ping is working now:

ping www.ubuntu.com
PING www.ubuntu.com (91.189.90.59) 56(84) bytes of data.
64 bytes from www-ubuntu-com.jujube.canonical.com (91.189.90.59): icmp_seq=1 ttl=47 time=33.5 ms
64 bytes from www-ubuntu-com.jujube.canonical.com (91.189.90.59): icmp_seq=2 ttl=47 time=29.5 ms
 

Please note, that my default gateway is 10.10.5.1 (and that machine in fact is using Google DNS servers). So it seems resolv.conf should have set a DNS server of default gateway? Why is that so?

[Matthai]

BTW, my system is ARMBIAN 5.25 stable Ubuntu 16.04.2 LTS 3.4.113-sun8i.

[tkaiser]

The problem is, I am using my Zero device in different networks, so I need to reconfigure it every time I connect it to other network.

 

'Reconfiguring every time' is the stupid/anachronistic way. You should simply utilize network-manager for that (installed on recent Armbian images by default and taking care of every interface that is not listed in /etc/network/interfaces, applies to Wi-Fi on the Zero by default but not Ethernet)

 

NM will then use the appropriate DNS server based on the used profile and /etc/resolv.conf will be overwritten every time NM switches a profile (resolv.conf is just there for legacy software reading this file, it's not meant to be written by the user directly any more)

[arox]

Well, I entered "nameserver 8.8.8.8" in my file /etc/resolv.conf and it didn't work.

 

However, I was able to ping 8.8.8.8

 

And nobody is filtering traffic, because I tried this in two different networks, one is under my control. And other machines are working just fine.

 

 

If someone is filtering traffic to force you to use another DNS, he will block port 53 udp/tcp and not icmp/ping ! You need tools like hping or open a socket to 8.8.8.8:53 to check that.

 

You should also verify that your resolv.conf is a plain file and not a link and that nobody tempered with your nsswitch.conf (or glibc or /lib/libnss_SERVICE.so) : nothing will surprise me anymore in "modern linux"

[arox]

'Reconfiguring every time' is the stupid/anachronistic way. You should simply utilize network-manager for that (installed on recent Armbian images by default and taking care of every interface that is not listed in /etc/network/interfaces, applies to Wi-Fi on the Zero by default but not Ethernet)

 

NM will then use the appropriate DNS server based on the used profile and /etc/resolv.conf will be overwritten every time NM switches a profile (resolv.conf is just there for legacy software reading this file, it's not meant to be written by the user directly any more)

 

I don't understand why NM should temper (and be allowed to temper) with DNS resolution : DNS is a service and not just a configuration. It has not to be determined by the way you are connected because it presents a security problem. You have to know exactly WHO redirect you when you enter an URL for example and who is then able to trace your activity. You can trust your ISP DNS (including without config via DHCP) or Google DNS or another source, but it is not just a matter of configuration : you have to know who you trust !

 

And if you trust your router/internet box, then you assume that nobody can temper with it. :ph34r: :ph34r:

[tkaiser]

nothing will surprise me anymore in "modern linux"

 

Why should a "modern linux" be any different here than any other modern OS? It starts to get really easy as soon as you're willing to accept that /etc/resolv.conf is a read-only file providing backwards compatibility with old software.

 

It's also very easy to get that a static file like resolv.conf might be suitable for servers or centrally administered workstations but not for any mobile device where you want DNS settings be adjusted automagically depending on the location the device is in (if you don't rely on DHCP you want different DNS in network A than B, since NM also provides VPN access the same is true when connecting through VPNs, just let NM do the job an you're done, NM will set system wide name resolution and also updates resolv.conf as last step to provide old software with proper server address(es))

[zador.blood.stained]

Why should a "modern linux" be any different here than any other modern OS? It starts to get really easy as soon as you're willing to accept that /etc/resolv.conf is a read-only file providing backwards compatibility with old software.

/etc/resolv.conf is still used (depends on configuration in /etc/nsswitch.conf ) and normally is linked to a temp file provided by resolvconf or, for example, systemd-resolved. I don't think /etc/resolv.conf is updated by NM directly, instead it propagates changes to resolvconf.

[Matthai]

OK, just a few remarks here.

In my network, I have several machines. For all other machines DNS resolving works good with the same settings, the problem is only with OrangePi Zero with Armbian. So it is not a network problem, obviously.

 

@tkaiser:

OK, using Network Manager for the configuration seems a proper way. However, it does not work.

First I list active connection:

nmcli connection show --active

Then I edit it:

nmcli connection edit MyNetwork

nmcli> remove ipv4.dns  
nmcli> set ipv4.ignore-auto-dns yes
nmcli> set ipv4.dns 10.10.5.1
nmcli> save
nmcli> quit
 

I do the same for the other network (but of course with different DNS settings).

 

I reboot device in the other network... it doesnt work. resolv.conf is not changed. Then I change it manually - and it starts working.

 

 

@arox:

 

sudo apt-get install hping

 

sudo hping3 8.8.8.8
HPING 8.8.8.8 (wlan0 8.8.8.8): NO FLAGS are set, 40 headers + 0 data bytes
^C
--- 8.8.8.8 hping statistic ---
8 packets transmitted, 0 packets received, 100% packet loss
round-trip min/avg/max = 0.0/0.0/0.0 ms

 

sudo ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=46 time=41.5 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=46 time=35.9 ms
 

Now, that is interesting. And I need to stress it again: DNS resolving with the same settings on the neigbour machine in the same network works flawlessly...

 

resolv.conf is a plain file:

ls -lha /etc/resolv.conf
-rw-r--r-- 1 root root 93 Feb 13 13:05 /etc/resolv.conf
 

Anyway, I have found this also: https://forum.armbian.com/index.php/topic/796-dns-resolving-in-customize-imagesh-worksworks-not-in-some-cases/

[zador.blood.stained]

@tkaiser:

OK, using Network Manager for the configuration seems a proper way. However, it does not work.

 

I reboot device in the other network... it doesnt work. resolv.conf is not changed. Then I change it manually - and it starts working.

 

resolv.conf is a plain file:

ls -lha /etc/resolv.conf

-rw-r--r-- 1 root root 93 Feb 13 13:05 /etc/resolv.conf

It doesn't work because /etc/resolv.conf is not linked to /run/resolvconf/resolv.conf (ow whatever is the correct path for the temp resolvconf file). It's an Armbian artifact of our build process.

[Matthai]

OK, so it seems it is a possible bug in Armbian? How can I come around it?

[tkaiser]

OK, so it seems it is a possible bug in Armbian? How can I come around it?

 

Check the output of 

sudo resolvconf -u

In case it says '/run/resolvconf/resolv.conf' then simply do a

sudo ln -fs /run/resolvconf/resolv.conf /etc/resolv.conf

@Zador: Such a static resolv.conf isn't really suitable to be used in the scenarios where NM could shine. Why do we alter the file in the first place at all?

[zador.blood.stained]

@Zador: Such a static resolv.conf isn't really suitable to be used in the scenarios where NM could shine. Why do we alter the file in the first place at all?

Because it does't work in chroot during the build process since /run would be empty when reusing rootfs cache and services like resolvconf are not started to recreate the file.

We should alter the build process to recreate this symlink somewhere before copying files to the image.

[Matthai]

sudo resolvconf -u

/etc/resolvconf/update.d/libc: Warning: /etc/resolv.conf is not a symbolic link to /run/resolvconf/resolv.conf
 

sudo ln -fs /run/resolvconf/resolv.conf /etc/resolv.conf

 

sudo resolvconf -u
(no output)

 

Anyway, it still does not work.

My device is connected to OpenVPN network, and after that I experienced connectivity problem with VPN connection. OK, it could be unrealeted, but I removed this link and created new resolv.conf file and added nameserver 10.10.5.1 to it...

 

Now VPN connection is not dropping anymore...

[arox]

What I don't understand is why you cannot address a google public DNS server directly with :

 

dig @8.8.8.8 www.slo-tech.com any

 

It should work if you can ping 8.8.8.8, even if your local resolver got problems !

 

 

Can you try to send sync to port 53/tcp with : hping3 8.8.8.8 -p 53 -S

 

It should respond :
HPING 8.8.8.8 (eth0 8.8.8.8): S set, 40 headers + 0 data bytes
len=46 ip=8.8.8.8 ttl=58 id=62807 sport=53 flags=SA seq=0 win=28640 rtt=37.8 ms
len=46 ip=8.8.8.8 ttl=58 id=10529 sport=53 flags=SA seq=1 win=28640 rtt=37.2 ms

...

[Matthai]

sudo hping3 8.8.8.8 -p 53 -S

HPING 8.8.8.8 (wlan0 8.8.8.8): S set, 40 headers + 0 data bytes
len=40 ip=8.8.8.8 ttl=253 id=37843 sport=53 flags=RA seq=0 win=512 rtt=49.1 ms
len=40 ip=8.8.8.8 ttl=253 id=48294 sport=53 flags=RA seq=1 win=512 rtt=48.9 ms
^C
--- 8.8.8.8 hping statistic ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 48.9/49.0/49.1 ms
 

However:

 

sudo dig @8.8.8.8 www.ubuntu.com any

; <<>> DiG 9.10.3-P4-Ubuntu <<>> @8.8.8.8 www.ubuntu.com any
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached
 

[tkaiser]

sudo dig @8.8.8.8 www.ubuntu.com any

 

I fear I still don't get what you really want? Accessing Google's DNS or use your own through your OpenVPN (which might have 'block-outside-dns' enabled?)?

 

Based on my understanding if you manage VPN and connection settings with NM then you configure DNS with nmtui/nmcli (you can check settings later below /etc/NetworkManager/system-connections/) and now that resolvconf(8) is fixed everything should work now (might require a reboot though)?

 

Disclaimer: Never configured this myself since I found Linux on mobile devices too much of PITA until now (for server use cases editing static config files in Linux is ok and my mobile devices run macOS anyway where scutil/scselect/configd provide nmcli/nmtui/NM functionality)

[Matthai]

My problem is simply, that DNS resolving on Armbian does not work out of the box. It was not working when I was NOT using OpenVPN network - I had to configure resolv.conf  manually, and it is not working out of the box now (I also had to configure resolv.conf  manually).

 

I m pretty sure this is due to some specific of Armbian, since on other OS things are just working without problem. It is also very strange, that DNS servers are accessible and network is working (i. e. ping, etc.).

 

And yes, I rebooted machine after I tried creating those symlinks...

 

Actually, I really do not care which DNS to use, the problem is, resolving is not working out of the box, i. e. without editing resolv.conf. And I am pretty sure this is some specific or. spme weird bug of Armbian.

[zador.blood.stained]

@Matthai

Are you using CLI or desktop image?

[Matthai]

CLI

[jkajolin]

Just a note, on modern installations you don't ever manually configure the /etc/resolv.conf it is automatically maintained by other services. Plain openvpn installation don't do dns push lines unless you tweak them from the server side, the network manager plugin which is part of the gnome packages does this automatically while restarting whole networking.

 

We have some amazon to datacenter bridges and even my soc installations are connected to datacenter network services by openvpn client. Most of the problems started when ubuntu started using network manager on desktop images but dns push routes took a lot off man hours to get them right. Currenlty I add manually the hostnames and don't rely on dns lookups.

 

My problem is simply, that DNS resolving on Armbian does not work out of the box. It was not working when I was NOT using OpenVPN network - I had to configure resolv.conf manually, and it is not working out of the box now (I also had to configure resolv.conf manually).

 

I m pretty sure this is due to some specific of Armbian, since on other OS things are just working without problem. It is also very strange, that DNS servers are accessible and network is working (i. e. ping, etc.).

 

And yes, I rebooted machine after I tried creating those symlinks...

 

Actually, I really do not care which DNS to use, the problem is, resolving is not working out of the box, i. e. without editing resolv.conf. And I am pretty sure this is some specific or. spme weird bug of Armbian.

[arox]

sudo hping3 8.8.8.8 -p 53 -S

HPING 8.8.8.8 (wlan0 8.8.8.8): S set, 40 headers + 0 data bytes

len=40 ip=8.8.8.8 ttl=253 id=37843 sport=53 flags=RA seq=0 win=512 rtt=49.1 ms

len=40 ip=8.8.8.8 ttl=253 id=48294 sport=53 flags=RA seq=1 win=512 rtt=48.9 ms

^C

--- 8.8.8.8 hping statistic ---

2 packets transmitted, 2 packets received, 0% packet loss

round-trip min/avg/max = 48.9/49.0/49.1 ms

 

However:

 

sudo dig @8.8.8.8 www.ubuntu.com any

 

; <<>> DiG 9.10.3-P4-Ubuntu <<>> @8.8.8.8 www.ubuntu.com any

; (1 server found)

;; global options: +cmd

;; connection timed out; no servers could be reachedS

 

dig +tcp @8.8.8.8 www.ubuntu.com any

probably work ...

 

So, you have to either choose another nameserver, find how to auto-configure or add :

options use-vc

in /etc/resolv.conf

[Matthai]

This does not work:

 

options use-vc
nameserver 8.8.8.8

 

Also:

dig +tcp @8.8.8.8 www.ubuntu.com any

; <<>> DiG 9.10.3-P4-Ubuntu <<>> +tcp @8.8.8.8 www.ubuntu.com any
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached
 

[RenatoL]

I have a similar problem and that solved:
 

sudo dpkg-reconfigure resolvconf

according to this post: