0

EDIT: FIXED -- My Egress Rules were blocking TCP/UDP 53.

I have a stock Oracle Linux 8 server running on Oracle cloud (OCI) with Postfix installed that stopped resolving names through DNS after a reboot - it was working fine before the reboot and nothing has been changed since this VM was installed.

My DNS servers run Windows Server 2019 and the DNS service is working fine, every other Windows host using them as DNS servers can resolve names just OK and firewall is disabled on both of them.

Ping fails:

[opc@smtpoci postfix]$ ping smtp-relay.gmail.com
ping: smtp-relay.gmail.com: Name or service not known

Dig fails using both my DNS server and Google public DNS:

[opc@smtpoci postfix]$ dig google.com @10.60.5.21
; <<>> DiG 9.11.36-RedHat-9.11.36-3.el8 <<>> google.com @10.60.5.21
;; global options: +cmd
;; connection timed out; no servers could be reached

[opc@smtpoci postfix]$ dig google.com @8.8.8.8
; <<>> DiG 9.11.36-RedHat-9.11.36-3.el8 <<>> google.com @8.8.8.8
;; global options: +cmd
;; connection timed out; no servers could be reached

But I can ping both of them just fine:

[opc@smtpoci postfix]$ ping 10.60.5.21
PING 10.60.5.21 (10.60.5.21) 56(84) bytes of data.
64 bytes from 10.60.5.21: icmp_seq=1 ttl=128 time=0.250 ms
64 bytes from 10.60.5.21: icmp_seq=2 ttl=128 time=0.246 ms
64 bytes from 10.60.5.21: icmp_seq=3 ttl=128 time=0.255 ms
^C
--- 10.60.5.21 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2067ms
rtt min/avg/max/mdev = 0.246/0.250/0.255/0.013 ms
[opc@smtpoci postfix]$ ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=120 time=2.37 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=120 time=2.32 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=120 time=2.33 ms
64 bytes from 8.8.8.8: icmp_seq=4 ttl=120 time=2.38 ms
^C
--- 8.8.8.8 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3004ms
rtt min/avg/max/mdev = 2.320/2.347/2.379/0.064 ms

My /etc/resolv.conf:

[opc@smtpoci postfix]$ cat /etc/resolv.conf
# Generated by NetworkManager
search *redacted*
nameserver 10.60.5.21
nameserver 10.60.5.221

Did anyone have this problem and was able to fix it? Thanks!

andreluis77
  • 1
  • 2
  • `ping` is not a good tool for troubleshooting DNS. The fact that `dig` says "no servers could be reached" means either a routing or firewalling problem in your network: the DNS packets (port 53, either TCP or UDP) either do not leave your systems, or their replies are filtered out before coming back to your client. – Patrick Mevzek Jun 29 '22 at 14:38
  • There's no firewall enabled between the hosts on this network, and the firewall on the Windows servers is turned off. – andreluis77 Jun 29 '22 at 14:40

0 Answers0