Debian 6 Not resolving hostnames

Question

Regards,

I've run into the following issue recently following an intrusion in to my VPS:

Although resolv.conf is properly configured with the correct DNS servers the VPS can not resolve hosts.

I can:

Ping the DNS Servers just fine
I can ping based on IP

I can not:

Resolve hostnames
ping the hostname of the actual localhost / server.

I've tried looking into where the problem may lie but I see no rules, for instance, blocking outgoing DNS traffic.

Results of nslookup google.com

hostname:/etc/network# nslookup google.com
;; connection timed out; no servers could be reached

I'm slowly running out of ideas on where to look.

Any ideas ?

Thanks in advance,

http://serverfault.com/questions/218005/how-do-i-deal-with-a-compromised-server — HopelessN00b, Feb 24 '15 at 21:38

score 0 · Accepted Answer · answered Feb 24 '15 at 21:43

The first thing to check is to see if the DNS request is actually leaving for the right destination.

Open 2 terminal sessions. On one type:

# tcpdump -nn port 53

on the other do the:

# nslookup google.com

The one with the tcpdump command should show you something like the below when all is working fine:

16:39:10.047709 IP 9.15.165.24.57618 > 192.168.1.254.53: 21549+ A? google.com. (28)
16:39:10.074647 IP 192.168.1.254.53 > 9.15.165.24.57618: 21549 1/0/0 A 216.58.216.14 (44)

If you do not even see the outgoing packet, then there is an internal problem with the name resolution config on your server.

Debian 6 Not resolving hostnames

1 Answers1