Ubuntu DNS Lookup Failure

Question

Some one installed and configured ubuntu on a virtual machine hosted on a machine in our network. I've recently noticed that all DNS lookup's fail but i cant find a solution to this. I've tried a multitude of nameservers, edited the interfaces file 100's of times with suggestions from google but nothing works.

Below is some information and if someone has any idea's i would greatly appreciate it. Thanks

nslookup

administrator@redmine:~$ nslookup google.com
;; connection timed out; no servers could be reached

administrator@redmine:~$ nslookup localhost
;; connection timed out; no servers could be reached

tcpdump of nslookup [takes 3 lookups to get any tcpdump output] - edited

    administrator@redmine:~$ sudo tcpdump -vvv -i any port 53
tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size 96 bytes
10:26:51.965297 IP (tos 0x0, ttl 64, id 9167, offset 0, flags [none], proto UDP (17), length 56)
    10.80.15.5.56365 > 208.67.222.222.domain: [bad udp cksum 988f!] 61133+ A? google.com. (28)
10:26:51.965595 IP (tos 0x0, ttl 64, id 25587, offset 0, flags [DF], proto UDP (17), length 73)
    10.80.15.5.57551 > 208.67.222.222.domain: [bad udp cksum ff0c!] 9477+ PTR? 222.222.67.208.in-addr.arpa. (45)
10:26:52.965437 IP (tos 0x0, ttl 64, id 37960, offset 0, flags [none], proto UDP (17), length 56)
    10.80.15.5.45006 > 208.67.220.220.domain: [bad udp cksum fbbf!] 61133+ A? google.com. (28)
10:26:56.967724 IP (tos 0x0, ttl 64, id 26087, offset 0, flags [DF], proto UDP (17), length 73)
    10.80.15.5.38794 > 208.67.220.220.domain: [bad udp cksum 485a!] 9477+ PTR? 222.222.67.208.in-addr.arpa. (45)
10:26:57.965482 IP (tos 0x0, ttl 64, id 9168, offset 0, flags [none], proto UDP (17), length 56)
    10.80.15.5.56365 > 208.67.222.222.domain: [bad udp cksum 988f!] 61133+ A? google.com. (28)
10:26:58.965605 IP (tos 0x0, ttl 64, id 37961, offset 0, flags [none], proto UDP (17), length 56)
    10.80.15.5.45006 > 208.67.220.220.domain: [bad udp cksum fbbf!] 61133+ A? google.com. (28)
10:27:01.972798 IP (tos 0x0, ttl 64, id 25588, offset 0, flags [DF], proto UDP (17), length 73)
    10.80.15.5.57551 > 208.67.222.222.domain: [bad udp cksum ff0c!] 9477+ PTR? 222.222.67.208.in-addr.arpa. (45)
10:27:03.965726 IP (tos 0x0, ttl 64, id 9169, offset 0, flags [none], proto UDP (17), length 56)
    10.80.15.5.56365 > 208.67.222.222.domain: [bad udp cksum 988f!] 61133+ A? google.com. (28)
10:27:04.965844 IP (tos 0x0, ttl 64, id 37962, offset 0, flags [none], proto UDP (17), length 56)
    10.80.15.5.45006 > 208.67.220.220.domain: [bad udp cksum fbbf!] 61133+ A? google.com. (28)
10:27:06.974911 IP (tos 0x0, ttl 64, id 26088, offset 0, flags [DF], proto UDP (17), length 73)
    10.80.15.5.38794 > 208.67.220.220.domain: [bad udp cksum 485a!] 9477+ PTR? 222.222.67.208.in-addr.arpa. (45)
10:27:11.255383 IP (tos 0x0, ttl 64, id 9170, offset 0, flags [none], proto UDP (17), length 56)
    10.80.15.5.46416 > 208.67.222.222.domain: [bad udp cksum 1dab!] 64037+ A? google.com. (28)
10:27:11.980136 IP (tos 0x0, ttl 64, id 27588, offset 0, flags [DF], proto UDP (17), length 69)
    10.80.15.5.41940 > 208.67.222.222.domain: [bad udp cksum 12f8!] 57952+ PTR? 5.15.80.10.in-addr.arpa. (41)
10:27:12.255497 IP (tos 0x0, ttl 64, id 37963, offset 0, flags [none], proto UDP (17), length 56)
    10.80.15.5.34434 > 208.67.220.220.domain: [bad udp cksum efdd!] 64037+ A? google.com. (28)
10:27:16.983093 IP (tos 0x0, ttl 64, id 28089, offset 0, flags [DF], proto UDP (17), length 69)
    10.80.15.5.33410 > 208.67.220.220.domain: [bad udp cksum 691d!] 57952+ PTR? 5.15.80.10.in-addr.arpa. (41)
10:27:17.255564 IP (tos 0x0, ttl 64, id 9171, offset 0, flags [none], proto UDP (17), length 56)
    10.80.15.5.46416 > 208.67.222.222.domain: [bad udp cksum 1dab!] 64037+ A? google.com. (28)
10:27:18.255675 IP (tos 0x0, ttl 64, id 37964, offset 0, flags [none], proto UDP (17), length 56)
    10.80.15.5.34434 > 208.67.220.220.domain: [bad udp cksum efdd!] 64037+ A? google.com. (28)
10:27:21.988171 IP (tos 0x0, ttl 64, id 27589, offset 0, flags [DF], proto UDP (17), length 69)
    10.80.15.5.41940 > 208.67.222.222.domain: [bad udp cksum 12f8!] 57952+ PTR? 5.15.80.10.in-addr.arpa. (41)
10:27:23.255805 IP (tos 0x0, ttl 64, id 9172, offset 0, flags [none], proto UDP (17), length 56)
    10.80.15.5.46416 > 208.67.222.222.domain: [bad udp cksum 1dab!] 64037+ A? google.com. (28)
10:27:24.255925 IP (tos 0x0, ttl 64, id 37965, offset 0, flags [none], proto UDP (17), length 56)
    10.80.15.5.34434 > 208.67.220.220.domain: [bad udp cksum efdd!] 64037+ A? google.com. (28)
10:27:26.991768 IP (tos 0x0, ttl 64, id 28090, offset 0, flags [DF], proto UDP (17), length 69)
    10.80.15.5.33410 > 208.67.220.220.domain: [bad udp cksum 691d!] 57952+ PTR? 5.15.80.10.in-addr.arpa. (41)
10:27:31.165191 IP (tos 0x0, ttl 64, id 9173, offset 0, flags [none], proto UDP (17), length 56)
    10.80.15.5.47147 > 208.67.222.222.domain: [bad udp cksum 55b3!] 61202+ A? google.com. (28)
10:27:31.997034 IP (tos 0x0, ttl 64, id 29590, offset 0, flags [DF], proto UDP (17), length 73)
    10.80.15.5.37414 > 208.67.222.222.domain: [bad udp cksum 3353!] 11646+ PTR? 220.220.67.208.in-addr.arpa. (45)
10:27:32.165303 IP (tos 0x0, ttl 64, id 37966, offset 0, flags [none], proto UDP (17), length 56)
    10.80.15.5.57432 > 208.67.220.220.domain: [bad udp cksum 2c8f!] 61202+ A? google.com. (28)
10:27:36.999487 IP (tos 0x0, ttl 64, id 30090, offset 0, flags [DF], proto UDP (17), length 73)
    10.80.15.5.34374 > 208.67.220.220.domain: [bad udp cksum 1763!] 11646+ PTR? 220.220.67.208.in-addr.arpa. (45)
10:27:37.165381 IP (tos 0x0, ttl 64, id 9174, offset 0, flags [none], proto UDP (17), length 56)
    10.80.15.5.47147 > 208.67.222.222.domain: [bad udp cksum 55b3!] 61202+ A? google.com. (28)
10:27:38.165507 IP (tos 0x0, ttl 64, id 37967, offset 0, flags [none], proto UDP (17), length 56)
    10.80.15.5.57432 > 208.67.220.220.domain: [bad udp cksum 2c8f!] 61202+ A? google.com. (28)
10:27:42.004572 IP (tos 0x0, ttl 64, id 29591, offset 0, flags [DF], proto UDP (17), length 73)
    10.80.15.5.37414 > 208.67.222.222.domain: [bad udp cksum 3353!] 11646+ PTR? 220.220.67.208.in-addr.arpa. (45)
10:27:43.165623 IP (tos 0x0, ttl 64, id 9175, offset 0, flags [none], proto UDP (17), length 56)
    10.80.15.5.47147 > 208.67.222.222.domain: [bad udp cksum 55b3!] 61202+ A? google.com. (28)
10:27:44.165729 IP (tos 0x0, ttl 64, id 37968, offset 0, flags [none], proto UDP (17), length 56)
    10.80.15.5.57432 > 208.67.220.220.domain: [bad udp cksum 2c8f!] 61202+ A? google.com. (28)
10:27:47.009170 IP (tos 0x0, ttl 64, id 30091, offset 0, flags [DF], proto UDP (17), length 73)
    10.80.15.5.34374 > 208.67.220.220.domain: [bad udp cksum 1763!] 11646+ PTR? 220.220.67.208.in-addr.arpa. (45)

/etc/hosts

administrator@redmine:~$ cat /etc/hosts
127.0.0.1       localhost localhost.localdomain redmine redmine.hiddendomain.com

/etc/resolv.conf

administrator@redmine:~$ cat /etc/resolv.conf
### OPENDNS ###
nameserver 208.67.222.222
nameserver 208.67.220.220

### GOOGLE NS ###
#nameserver 8.8.8.8
#nameserver 8.8.4.4

/etc/network/interfaces

administrator@redmine:~$ cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

#The primary network
auto eth0
iface eth0 inet static
address 10.80.15.5
netmask 255.255.255.0
network 10.80.15.0
broadcast 10.80.15.255
gateway 10.80.15.254

## Try this just in case resolv.conf isn't being read properly
dns-nameserver 8.8.8.8

/etc/nsswitch.conf

cat /etc/nsswitch.conf
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.

passwd:         compat
group:          compat
shadow:         compat

hosts:          files dns
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis

/etc/host.conf

multi on

i CAN however telnet, so its not a firewall (but you already knew that from the tcpdump)

administrator@redmine:~$ telnet 8.8.8.8 53
Trying 8.8.8.8...
Connected to 8.8.8.8.
Escape character is '^]'.
Connection closed by foreign host.

Update: Thanks to ladadada* for spotting my silly mistake. However now im back to my original problem. Its using the correct DNS server (as youc an see from the tcpdump) however nslookup/dig still say no servers could be reached. I have tested and i can telnet on port 53 to both opendns server's. One weird thing is that i have to run nslookup 3 times before i got any output from tcpdump, the first 2 lookups didnt output nothing via tcpdump (not sure if thats relevant).

Once again, any help, advice, e.c.t. would be appreciated.

score 6 · Accepted Answer · answered Jun 14 '12 at 09:13

6

Your /etc/resolv.conf should look like this:

### OPENDNS ###
nameserver 208.67.222.222
nameserver 208.67.220.220

### GOOGLE NS ###
#nameserver 8.8.8.8
#nameserver 8.8.4.4

Without the nameserver keyword, the IP addresses on their own don't mean anything.

answered Jun 14 '12 at 09:13

Ladadadada

25,847
7
57
90

Good spot, can't believe i did that. However now it's using the dns server from resolv, connecting takes ages (reverse dns failure no doubt) and still nslookup fails. This was the original issue (as you can see i tested with google servers before opendns). But at least you've stopped me looking at false positives. I will update the thread after a little more investigation. Thanks again! – Lee Jun 14 '12 at 09:22
Hi ladadadada, ive updated the above post with new tcpdump info and some more information at the bottom. If you have any idea's that would be great. – Lee Jun 14 '12 at 09:32
I see requests there but no responses. Sounds like a firewall but not on your box (because `tcpdump` attaches *outside* the firewall on the box). You should contact your hosting provider and ask them why DNS requests (or responses) are being blocked. Note that `telnet` is not a valid test because it works on TCP and DNS works on UDP. `dig @8.8.8.8 example.com` is a valid test. – Ladadadada Jun 14 '12 at 10:25
ah we do have an outsourced networking company. i'll send them a message. thanks for that, could you explain how you know there isnt a response. I'm pretty new to working with tcpdump – Lee Jun 14 '12 at 10:30
Certainly. Every tcpdump output line for IP packets has two IP addresses, the source and the destination. The source is always on the left and the destination on the right. In your sample dump, *all* the IP addresses on the left are `10.80.15.5` and all the ones on the right are from OpenDNS. When you get a response, the OpenDNS IP address will be on the left and yours will be on the right. tcpdump can also print out other types of packets that are not IP but that's an advanced topic. Your sample covers 54 seconds which is more than long enough to expect a response to arrive. – Ladadadada Jun 15 '12 at 09:13
Ah seems obvious now, i guess it comes with experience and knowing what to look for. Thanks for that, i'll have to play with tcpdump some more. At least i learned something new from the whole ordeal. Thanks once again for your help :) – Lee Jun 15 '12 at 09:26
+1 for the `tcpdump` explanation. I had more or less the same issue and this confirmed that the DNS requests/answers were lost somewhere. – Jérôme Apr 20 '17 at 14:29

Ubuntu DNS Lookup Failure

1 Answers1