After upgrade to 12.04 name resolution does not work

Bug #991347 reported by Patola on 2012-04-29
22
This bug affects 4 people
Affects Status Importance Assigned to Milestone
network-manager (Ubuntu)
High
Unassigned

Bug Description

I was using a simple scheme for DNS resolution before upgrading from 11.10 to 12.04: there are three interfaces on the computer, eth0 is the main one, acquires IP and DNS automatically from 10.0.0.1, which is also the default route.

But after upgrade to the new DNS scheme on ubuntu 12.04, it does not work. Everything seems in order:

/etc/network/interfaces:
------------
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet dhcp
-----------

/etc/resolv.conf (link to ../run/resolvconf/resolv.conf):
------------------
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.0.1
search patola.org
-----------------

/var/run/nm-dns-dnsmasq.conf:
------------------
server=200.212.223.43
server=8.8.8.8
server=8.8.4.4
server=200.212.223.44
server=208.53.170.32
server=200.212.223.100
server=143.106.2.5
server=200.162.192.51
server=200.162.192.50
server=200.162.192.49
server=200.162.192.52
-----------------

under /etc/resolvconf/resolv.conf.d:
base - null, 0 bytes
head:
----------------------------
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
--------------------------

original:
-----------------------
# Generated by NetworkManager
domain patola.org
search patola.org
nameserver 200.212.223.43
nameserver 8.8.8.8
nameserver 8.8.4.4
# NOTE: the libc resolver may not support more than 3 nameservers.
# The nameservers listed below may not be recognized.
nameserver 200.212.223.44
nameserver 208.53.170.32
nameserver 200.212.223.100
nameserver 143.106.2.5
nameserver 200.162.192.51
nameserver 200.162.192.50
nameserver 200.162.192.49
nameserver 200.162.192.52
---------------------

In other words, all these server are the right ones, however, when I try to do a DNS query, it goes like that:

[root@bmw ~]# dig www.terra.com.br

; <<>> DiG 9.8.1-P1 <<>> www.terra.com.br
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53771
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 6

;; QUESTION SECTION:
;www.terra.com.br. IN A

;; AUTHORITY SECTION:
terra.com.br. 71303 IN NS d.dns.terra.com.br.
terra.com.br. 71303 IN NS b.dns.terra.com.br.
terra.com.br. 71303 IN NS a.dns.terra.com.
terra.com.br. 71303 IN NS c.dns.terra.com.

;; ADDITIONAL SECTION:
d.dns.terra.com.br. 70276 IN A 200.215.194.1
d.dns.terra.com.br. 70276 IN AAAA 2001:12c0:0:2151:200:154:46:21
b.dns.terra.com.br. 70276 IN A 200.215.193.1
b.dns.terra.com.br. 70276 IN AAAA 2001:12c0:0:2151:200:154:46:20
a.dns.terra.com. 156677 IN A 200.215.193.1
c.dns.terra.com. 156677 IN A 200.215.194.1

;; Query time: 17 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Apr 29 15:05:37 2012
;; MSG SIZE rcvd: 235

In other words, it returns a null response!!! No address!

As soon as I change 127.0.0.1 on /etc/resolv.conf to a real DNS server, it works again. But of course, when configured this way it never uses dnsmasq. Why has the conversion not worked?

ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: resolvconf 1.63ubuntu11
ProcVersionSignature: Ubuntu 3.2.0-24.37-generic 3.2.14
Uname: Linux 3.2.0-24-generic x86_64
NonfreeKernelModules: nvidia
ApportVersion: 2.0.1-0ubuntu6
Architecture: amd64
Date: Sun Apr 29 14:46:00 2012
InstallationMedia: Ubuntu 11.04 "Natty Narwhal" - Release amd64 (20110426)
PackageArchitecture: all
SourcePackage: resolvconf
UpgradeStatus: Upgraded to precise on 2012-04-06 (23 days ago)

Patola (patola) wrote :
Steve Langasek (vorlon) wrote :

Thanks for this bug report. Since resolvconf appears to be populating /etc/resolv.conf as designed, but dnsmasq is failing to resolve for you, I'm reassigning this to network-manager (the package responsible for setting up dnsmasq this way on the desktop).

Since you're getting an answer at all, dnsmasq is clearly running.

And you don't have any other nameserver implementations installed locally (e.g., bind9) that could be taking the socket instead of dnsmasq, correct?

Does reducing the number of nameservers registered have any effect on whether dnsmasq works correctly?

affects: resolvconf (Ubuntu) → network-manager (Ubuntu)
Changed in network-manager (Ubuntu):
importance: Undecided → High
status: New → Incomplete
Stéphane Graber (stgraber) wrote :

Could you also post the same dig result for each of the servers listed in your dnsmasq configuration?

Patola (patola) wrote :

Steve Langasek, I do not have bind installed, but I have some packages named bind9-host, libbind9-60 and libbind9-80. They must not be interfering with dnsmasq, bind9-host doesn't even have an executable other than "host".

Reducing the number of nameservers actually worked! I editted my dhcpd.conf on the DHCP server and made it use only "8.8.8.8" (google server). It resolves ok:

[patola@bmw patola]% ls -la /etc/resolv.conf ; cat /etc/resolv.conf ; ping -c3 www.terra.com.br
lrwxrwxrwx 1 root root 29 Abr 7 12:51 /etc/resolv.conf -> ../run/resolvconf/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.0.1
search patola.org
PING www.terra.com.br (200.154.56.80) 56(84) bytes of data.
64 bytes from www.terra.com.br (200.154.56.80): icmp_req=1 ttl=247 time=54.4 ms
64 bytes from www.terra.com.br (200.154.56.80): icmp_req=2 ttl=247 time=31.1 ms
64 bytes from www.terra.com.br (200.154.56.80): icmp_req=3 ttl=247 time=29.9 ms

--- www.terra.com.br ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 29.975/38.512/54.437/11.272 ms

Patola (patola) wrote :

About the last comment: I do not understand very well what's going on. Here's what I did:

* Before looking at these comments, I removed all wired connections from network manager configuration. I rebooted the server and the resulting resolv.conf was not referencing 127.0.0.1 anymore, but the DNS servers from dhcp directly; I re-added a wired connection from the main adapter (eth0) with DHCP and the same stuff happened.

* After that I noticed that the dnsmasq package wasn't installed. I forgot to add the line from ps -ef that showed that dnsmasq was running as a child process from NetworkManager (I even remember the --no-hosts parameter) even without the dnsmasq package being there

* I installed dnsmasq just to see what would happen, and the resolv.conf referencing 127.0.0.1 became active again, and again, it does not work if I configure my DHCP server to lend it many servers. However, if I tested with one DNS server and four DNS servers, and both worked OK.

* This "new" dnsmasq process is not a child from NetworkManager and does not have the file /var/run/nm-dns-dnsmasq.conf - what is going on, does Networkmanager has a different dnsmasq that comes with it?

* As you can see, before this day I only had dnsmasq-base and not dnsmasq installed:

[patola@bmw patola]% grep dnsmasq /var/log/dpkg.log
2012-04-06 09:05:34 upgrade dnsmasq-base 2.57-1ubuntu1 2.59-4
2012-04-06 09:05:34 status half-configured dnsmasq-base 2.57-1ubuntu1
2012-04-06 09:05:36 status unpacked dnsmasq-base 2.57-1ubuntu1
2012-04-06 09:05:37 status half-installed dnsmasq-base 2.57-1ubuntu1
2012-04-06 09:05:39 status half-installed dnsmasq-base 2.57-1ubuntu1
2012-04-06 09:05:41 status half-installed dnsmasq-base 2.57-1ubuntu1
2012-04-06 09:05:45 status unpacked dnsmasq-base 2.59-4
2012-04-06 09:05:45 status unpacked dnsmasq-base 2.59-4
2012-04-07 02:19:55 configure dnsmasq-base 2.59-4 2.59-4
2012-04-07 02:19:55 status unpacked dnsmasq-base 2.59-4
2012-04-07 02:19:56 status half-configured dnsmasq-base 2.59-4
2012-04-07 02:19:57 status installed dnsmasq-base 2.59-4
2012-04-30 01:24:28 install dnsmasq <nenhum> 2.59-4
2012-04-30 01:24:28 status half-installed dnsmasq 2.59-4
2012-04-30 01:24:29 status half-installed dnsmasq 2.59-4
2012-04-30 01:24:31 status unpacked dnsmasq 2.59-4
2012-04-30 01:24:32 status unpacked dnsmasq 2.59-4
2012-04-30 01:24:33 configure dnsmasq 2.59-4 <nenhum>
2012-04-30 01:24:33 status unpacked dnsmasq 2.59-4
2012-04-30 01:24:33 status unpacked dnsmasq 2.59-4
2012-04-30 01:24:34 status unpacked dnsmasq 2.59-4
2012-04-30 01:24:34 status unpacked dnsmasq 2.59-4
2012-04-30 01:24:34 status unpacked dnsmasq 2.59-4
2012-04-30 01:24:34 status unpacked dnsmasq 2.59-4
2012-04-30 01:24:34 status unpacked dnsmasq 2.59-4
2012-04-30 01:24:34 status half-configured dnsmasq 2.59-4
2012-04-30 01:24:37 status installed dnsmasq 2.59-4

* I have a central server on my intranet that also does DNS resolution and caching. Is dnsmasq really needed on this scenario?

Patola (patola) wrote :

Stéphane, I will wait from a response from Steve before posting all these digs, ok? Or do you still want me to try using all these dns servers so that DNS resolution does not work again and digging on all?

Steve Langasek (vorlon) wrote :

Whatever Stéphane thinks will be helpful in debugging this is probably correct, so it'd be helpful if you could provide that output.

Patola (patola) wrote :
Download full text (5.2 KiB)

==============================
OUTPUT OF dig @200.212.223.43 www.terra.com.br
==============================

; <<>> DiG 9.8.1-P1 <<>> @200.212.223.43 www.terra.com.br
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached
==============================

==============================
OUTPUT OF dig @8.8.8.8 www.terra.com.br
==============================

; <<>> DiG 9.8.1-P1 <<>> @8.8.8.8 www.terra.com.br
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4509
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.terra.com.br. IN A

;; ANSWER SECTION:
www.terra.com.br. 345 IN A 200.154.56.80

;; Query time: 142 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Mon Apr 30 07:46:49 2012
;; MSG SIZE rcvd: 50

==============================

==============================
OUTPUT OF dig @8.8.4.4 www.terra.com.br
==============================

; <<>> DiG 9.8.1-P1 <<>> @8.8.4.4 www.terra.com.br
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39943
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.terra.com.br. IN A

;; ANSWER SECTION:
www.terra.com.br. 345 IN A 200.154.56.80

;; Query time: 145 msec
;; SERVER: 8.8.4.4#53(8.8.4.4)
;; WHEN: Mon Apr 30 07:46:49 2012
;; MSG SIZE rcvd: 50

==============================

==============================
OUTPUT OF dig @200.212.223.044 www.terra.com.br
==============================

; <<>> DiG 9.8.1-P1 <<>> @200.212.223.044 www.terra.com.br
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached
==============================

==============================
OUTPUT OF dig @208.53.170.32 www.terra.com.br
==============================

; <<>> DiG 9.8.1-P1 <<>> @208.53.170.32 www.terra.com.br
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached
==============================

==============================
OUTPUT OF dig @200.212.223.100 www.terra.com.br
==============================

; <<>> DiG 9.8.1-P1 <<>> @200.212.223.100 www.terra.com.br
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached
==============================

==============================
OUTPUT OF dig @143.106.2.5 www.terra.com.br
==============================

; <<>> DiG 9.8.1-P1 <<>> @143.106.2.5 www.terra.com.br
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached
==============================

==============================
OUTPUT OF dig @200.162.192.51 www.terra.com.br
==============================

; <<>> DiG 9.8.1-P1 <<>> @200.162.192.51 www.terra.com.br
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31137
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 6
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;www.terra.com.br. IN A

...

Read more...

Thomas Hood (jdthood) wrote :

200.162.192.51 replies with "status: NOERROR" and "ANSWER: 0". What may be happening is that 200.162.192.51 is answering quickly and dnsmasq is therefore choosing it over the other nameservers, with bad results.

If the problem is a flaky nameserver which responds quickly then having a list of nonlocal nameserver addresses rather than "127.0.0.1" in resolv.conf avoids the problem because the resolver tries one nameserver at a time. See bug #1003842 for explanation.

You don't need the "dnsmasq" package unless you want to run dnsmasq independently of NetworkManager. I suggest you remove it, keeping only dnsmasq-base.

See if this fixes the problem. Edit /etc/NetworkManager/NetworkManager.conf, comment out the line "dns=dnsmasq" and do "sudo restart network-manager". Then NM won't use dnsmasq any more.

Thomas Hood (jdthood) on 2012-05-30
summary: - After upgrade to 12.04 resolvconf seems ok but does not work
+ After upgrade to 12.04 name resolution does not work
getut (rtkluttz) wrote :

I think I am having the same issue. I will start a new bug if needed though. For my fresh install 12.04 64 bit, no domain suffix information is being utilized. In other words, if I configure a static IP address in network manager and configure a "search domain" of my office domain, then simple host names do not resolve. Fully qualified domain names work properly. The same is true when I configure my wired LAN for DHCP. If my DHCP server provides option 135 Domain suffix search order and also 015 DNS Domain Name, I can ping by fully qualified domain only. Simple host name resolution for devices on the same domain as me fail in both scenarios. Ubuntu and Mint prior to 12.04 were working and still are working normally.

Thomas Hood (jdthood) wrote :

getut: For starters, please post the contents of /etc/resolv.conf.

Thomas Hood (jdthood) wrote :

getut wrote:
> I think I am having the same issue. I will start a new bug if needed though.

getut's problem isn't very similar to the one being discussed here (#991347) . The problem being discussed here arises, I suspect, as I wrote in #9, from dnsmasq performing badly in a network with a fast, faulty nameserver. (Still waiting for more information from the submitter in order to test that suspicion.) Getut's problem isn't name resolution but domain name completion -- similar to #781557, but not exactly.

Thomas Hood (jdthood) wrote :

Getut's problem seems even more similar to #998712.

Thomas Hood (jdthood) wrote :

In the absence of a reply from the submitter I'll assume that the explanation in #9 is true and that this issue is a case of #1003842.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers