Ubuntu only resolves DNS when the router's IP address is present in the DNS servers list

When I use DNS servers other than my router's IP address, Ubuntu or any other application (web browser) fails to resolve host names.

I have added Google's DNS servers (8.8.8.8 and 8.8.4.4) using Ubuntu's default network manager UI.

When I add my router's IP address in (8.8.8.8, 8.8.4.4, and 192.168.15.1), DNS resolution starts working.

Here is my related configuration:

resolv.conf:

# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.0.1

NetworkManager.conf:

[main]
plugins=ifupdown,keyfile
dns=dnsmasq

no-auto-default=<some mac address>,

[ifupdown]
managed=false

/etc/network/interfaces:

auto lo
iface lo inet loopback

I've tried different solutions, like disabling dnsmasq from networkmanager.conf, but nothing worked.

Here are host and dig results:

host www.google.com 8.8.8.8 - times out.
host www.google.com 192.168.15.1 - works immediatly.
dig @8.8.8.8 www.google.com - times out.
dig @192.168.15.1 www.google.com - works immediatly.

However, I am able to ping to 8.8.8.8 successfully, meaning the server is reachable at least.

Is it possible that my router or ISP is rejecting DNS requests made to servers other than the ones set by my ISP in my router?

h.i

Posted 2015-07-29T09:58:12.983

Reputation: 141

Answers

It might be your router, but it might be your ISP: I have seen ISPs blocking all DNS (UDP 53) requests to other IPs than their DNSes - they do this to either monetize (make their DNS resolve ad-sites worng on purpose) or sometimes for legal reasons (DNS-based blocking of sites).

And before you ask: Yes, they deliberately break DNS.

Eugen Rieck

Posted 2015-07-29T09:58:12.983

Reputation: 15 128

is there a way to work around this issue? either by using VPN or DNSCrypt or any other solution? – h.i – 2015-07-29T10:05:54.167

Some ISPs allow their users to decide whether they want to allow third party DNS servers. Check with your ISP to see if they block DNS and if you can get it opened. – jornane – 2015-07-29T10:16:13.800

I like how worng you spelled wrong. – Ismael Miguel – 2015-07-29T12:34:16.057

The Netalyzr tool will specifically check for these types of issues: http://netalyzr.icsi.berkeley.edu/

– qasdfdsaq – 2015-07-29T15:12:34.827

@h.i yes there are ways around that. either by using VPN or DNSCrypt or other solutions ;) Usually providers just block port 53 UDP, so that using an resolver with another port (you'd probably have to set that up somewhere) and a local resolver forwarding to it work. Also worth a try: use unbound and set "tcp-upstream: yes" which forces it to use TCP. (And use e.g. googles servers). If your provider only blocks UDP this will work. (see https://superuser.com/questions/475891/how-to-make-firefox-use-tcp-for-dns)

– Josef says Reinstate Monica – 2015-07-29T15:43:55.857