dhcp dns not resolving queries

Question

I having been working through a lot issues with a setup and I reached another where I may have been staring at it for too long to see the issue.

The server is reachable from the outside world. Postfix can receive but cannot send. This is due to a possible nameserver problem. Should I try and use dnsmasq?

nslookup 8.8.8.8

;; connection timed out; no servers could be reached

dig 8.8.8.8

; <<>> DiG 9.8.1-P1 <<>> 8.8.8.8
;; global options: +cmd
;; connection timed out; no servers could be reached

nslookup google.com 8.8.8.8

;; connection timed out; no servers could be reached

/etc/resolv.conf

nameserver 192.231.203.132
nameserver 192.231.203.3

iptables -S

-P INPUT DROP
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -j ACCEPT
-A INPUT -i tun0 -j ACCEPT
-A INPUT -i ppp0 -p icmp -j ACCEPT
-A INPUT -i ppp0 -p udp -m multiport --dports 53,1194 -j ACCEPT
-A INPUT -i ppp0 -p tcp -m multiport --dports 25,53,80,143,443,587 -j ACCEPT

/etc/bind/named.conf.options

options {
        directory "/var/cache/bind";

        dnssec-validation auto;

        auth-nxdomain no;    # conform to RFC1035
        listen-on-v6 {
                any;
                };
};

route -n

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         0.0.0.0         0.0.0.0         U     0      0        0 ppp0
10.64.64.64     0.0.0.0         255.255.255.255 UH    0      0        0 ppp0
172.16.10.0     172.16.10.2     255.255.255.0   UG    0      0        0 tun0
172.16.10.2     0.0.0.0         255.255.255.255 UH    0      0        0 tun0

Amended routing table

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.64.64.64     0.0.0.0         UG    0      0        0 ppp0
10.64.64.64     0.0.0.0         255.255.255.255 UH    0      0        0 ppp0
172.16.10.0     172.16.10.2     255.255.255.0   UG    0      0        0 tun0
172.16.10.2     0.0.0.0         255.255.255.255 UH    0      0        0 tun0

Did you try pinging your dns server? Just to make sure that part of the connection works. — markovuksanovic, Jan 03 '14 at 01:08
I can ping the dns server and query my server from the outside world. If the dns server can be reached it should be responding to other queries. — MasterJohn, Jan 03 '14 at 01:12
so ping 8.8.8.8 works just fine? Can you try traceroute to 8.8.8.8? — markovuksanovic, Jan 03 '14 at 01:19
i can ping your nameserver at 192.231.203.132 but when i try to "dig" I get "status: REFUSED", so I guess the same is likely happening for you. What are those nameservers in your resolv.conf and do they allow you to query? maybe update resolv.conf and put 8.8.8.8 first? — user16081-JoeT, Jan 03 '14 at 01:31
Ping to 8.8.8.8 works fine. Unfortunately can't grab the traceroute package at the moment. The nameservers in my resolv.conf are provided by my ISP. I have tried changing my resolv.conf manually to list 8.8.8.8 but the connection timed out error still appears. — MasterJohn, Jan 03 '14 at 01:41
Do you have wireshark? Can you try tracing nsloopkup 8.8.8.8? Where does it fail? I think you might have a firewall issue. Can you check your firewall config? — markovuksanovic, Jan 03 '14 at 03:07
No wireshack for the device. The only firewall is iptables. The server connects directly to the internet using the ppp0 interface. — MasterJohn, Jan 03 '14 at 03:57
it looks like a network problem. for testing purposes, disable the firewall: > iptables -P INPUT ACCEPT && iptables -F && iptables -X > did you set the default gateway? you can check it by using this command: > route -n or set one > route add default gw <<-ip->> > what is your ip? — Krijn Swinnen, Jan 03 '14 at 02:24
I added route -n to the OP. ppp0 is the correct interface. I'm confirming the correct gateway address with my ISP. — MasterJohn, Jan 03 '14 at 07:19

score 1 · Accepted Answer · answered Jan 03 '14 at 06:03

1

I think there might be a problem with your first entry in the routing table. You need to point the any address (0.0.0.0) too some gateway. I think there's a recursion in your setup. I don't know what is the ip of your gateway but it shouldn't be 0.0.0.0. From the ip addresses above your gateway might be at 172.16.10.2 but you would know that better then I do.

answered Jan 03 '14 at 06:03

markovuksanovic

277
1
4

You are right. I'm confirming the correct gateway address with my ISP. tun0 is a VPN interface. If it is confirmed as being 10.64.64.64. I will have to change it. – MasterJohn Jan 03 '14 at 07:18
@MasterJohn Did you sort out this problem? Did this fix your issue? – markovuksanovic Jan 03 '14 at 12:45
I have not received confirmation from my ISP for the gateway but I amended the routing table (added to OP) with the DHCP provided gateway. Unfortunately it did not work. – MasterJohn Jan 04 '14 at 02:46
What does your routing table look like now? – markovuksanovic Jan 04 '14 at 02:47
The amended routing table is at the bottom of the Question. The default gateway should be 10.64.64.64 on the ppp0 interface. Could that be the issue? Did I format the routing table incorrectly? – MasterJohn Jan 04 '14 at 04:11
@MasterJohn you should wait till you find out what the gateway is. That way you eliminate at one unknown and then can move on to other issues if there are any. – markovuksanovic Jan 04 '14 at 06:20
Due to the online date being brought forward. Another method was used for the server connection. Is there a way to close this Question? – MasterJohn Jan 08 '14 at 00:02

dhcp dns not resolving queries

1 Answers1