[SOLVED] Is my DNS working - can someone help troubleshoot?
Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Is my DNS working - can someone help troubleshoot?
Hi there again, wonderful Linux world! Here is another question from a bona fide newbie and overall IT "dummy" .. please bear with me ...
I already asked a similar question in the past, but I don't think we got anywhere.
Maybe someone who has time can just look mover all this and pint me in the right direction.
It seems to me that my DNS thingo is not functioning correctly - but it is intermittent. Sometimes (but too often for my liking) a website would not load (Firefox showing a little flag "looking up www. google.com" in bottom l.h. corner", then goes to message "Hmmm... we are having trouble finding that site..."). Also, email client (Evolution) at that same time cannot connect to the server and gives the message "failed to resolve name" or something like that).
So I really don't what I am talking about - but is it a DNS issue?
I am posting the output of a few commands. Interestingly to me, the ping 127.0.1.1 command output just keeps on going forever it seems, like it just keeps pinging non-stop? When I close the terminal, it says that a command is still running, do you want to kill it... but maybe it's normal.
Other details: Linux Mint XFCE
I have a modem/router supplied by ISP with DHCP turned off
To it I connected another modem/router Lan to Lan, with DHCP enabled and DNS set to Open DNS (I did all this because the DNS setting on ISP's router is locked, but I want to use OpenDNS). When everything is working, Open DNS website confirms that I am using their server.
There is another headless PC with Windows 10 connected to same network. I am also running NoMachine app on both to connect them. ISP's modem also has VoIp.
So, is there a way to futther troubleshoot it all?
thank you!!
I have a modem/router supplied by ISP with DHCP turned off
This is a bad move. If the connection to the ISP resets, you need the DHCP to get a new IP address. It probably causes that "Hmm ..." message, like I see when my interface is not properly configured.
If you do not want to use your ISP DNS services, then you will need to point your computers to use the DNS supplied by your second router.
Last edited by allend; 02-26-2018 at 08:35 PM.
Reason: Err- Add not to the last line.
Yes, if you mean that you turned off the DHCP used to get an IP from your ISP, that is indeed bad, and would cause the DNS problem as well, since you want to use the DNS of your ISP to resolve domain names.
If you mean that you turned of the DHCP server in the router so that it no longer provides IP addresses to your attached computers/devices, then you must tell each computer what DNS server to use to resolve domain name. Again, that should be the DNS servers of your ISP, or you can use Google's at 8.8.8.8.
See the man pages referenced at the top of the file.
(all of which, I just realized, echos what allend said)
ping on linux will continue forever unless you specify how many times.
Code:
man ping
Aside: If you copy/paste from the terminal into [code] tags when you post instead of using screen shots, it's easier for us to review what you're posting.
Just to clarify - on the second router, where I have DHCP on, I also specified the DNS servers I want.
And so it works - I am using Open DNS servers, according to their website. It is just that I have this intermittent annoying glitch.
So - should I just turn the DHCP server on the first router back on?
Whatever happens - I want to continue using OpenDNS, which I am using now, according to their website.
Can someone explain what allend said here:
"If you do not want to use your ISP DNS services, then you will need to point your computers to use the DNS supplied by your second router."
To follow what he said, I used "Network Connections' Gui, added DNS servers I want there.
Also added the nameservers I want in the gui "network settings"
Was that right?
How can I check which DNS server my Linux PC is pointing to?
When i use "dig" command, it just shows 127.0.1.1 as the server - but I know I am using open DNS... Why does it show 127.0.1.1?
Thanks!
Last edited by byebyemrgates; 02-26-2018 at 11:19 PM.
Distribution: Cinnamon Mint 20.1 (Laptop) and 20.2 (Desktop)
Posts: 1,672
Rep:
Quote:
Why does it show 127.0.1.1?
this is the loopback address of your system (or anybody's for that matter!). Pinging it just confirms your internal network works.
The ping command in Linux/Unix systems will go on forever unlike Windows which only sends four requests if I remember correctly. You use <Ctrl>C to stop it.
Ordinarily, routers provide DHCP services to the internal network. (And, they usually employ DHCP to obtain their public IP-address from the ISP.)
To my way of thinking, it is extremely logical for a router to perform this service.
Standard console commands include dig and nslookup.
You can use "TCP/IP sniffers" such as tcpdump or (I prefer ...)WireShark™ to watch the interaction between a DHCP server and a device. You will see a "broadcast" being sent by the device, asking for a DHCP server to respond, and then you'll see the subsequent exchange. (Sniffers routinely include a set of standard filter-sets, including this one, to quickly isolate the packets of interest.) If you're having problems of this sort, a "packet sniffer" is a standard way to very-quickly diagnose it.
Last edited by sundialsvcs; 02-27-2018 at 08:24 AM.
As I tried to explain in your other thread Mint uses dnsmasq to cache DNS queries which is why you see 127.0.1.1 in your /etc/resolv.conf command versus opendns or your router's IP address. dnsmasq stores the upstream DNS in its configuration files.
NetworkManager works with dnsmasq and allows you to configure DNS independent of the DHCP server. There is no requirement that the DHCP server needs to run on the same physical device as the gateway or use the ISPs DNS.
Does the Windows PC exhibit the same problems?
I don't remember what configuration files you changed in your other thread.
Distribution: Cinnamon Mint 20.1 (Laptop) and 20.2 (Desktop)
Posts: 1,672
Rep:
Quote:
Look at the contents of /etc/resolv.conf
Interesting, my system gives:
Code:
~ $ cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.1.1
which is the local loop back. Hmmm...
I had to log in to my router to find the DNS server being used.
As I tried to explain in your other thread Mint uses dnsmasq to cache DNS queries which is why you see 127.0.1.1 in your /etc/resolv.conf command versus opendns or your router's IP address. dnsmasq stores the upstream DNS in its configuration files.
NetworkManager works with dnsmasq and allows you to configure DNS independent of the DHCP server. There is no requirement that the DHCP server needs to run on the same physical device as the gateway or use the ISPs DNS.
.
Thank you all, especially michaelk!
So, things are getting clear and I have these, hopefully, last, questions, that I hope someone (especially michaelk) can answer:
1. So, as I understood - I can set DNS settings in the router (they are in the DHCP server settings) and I can set it in the PC (in /etc/resolv.conf). How can I make sure that when I use a browser, I use the settings of the PC (since I can't change the ones in the router, locked by ISP)?
2. If I edit /etc/resolv.conf (which I realized I can do through gui "Network Settings") - if edit it to only have the DNS server addresses I need and delete 127.0.1.1 - would that ensure my PC uses those DNS addresses I want?
3. Extra general knowledge question: Why are DNS settings of the browser located in the DHCP settings? What does DHCP has to do with DNS?
Thanks!!
When a computer is configured to use DHCP, network settings are not stored but received as part of the protocol or negotiation process. The typical information received is IP address/netmask, gateway address and DNS name servers.
DNS is not only used by a web browser but by any TCP/IP process that accesses the internet like finding available updates, ntp (network time protocol), ping command etc. DNS (Domain Name Service) is basically the Yellow pages (US reference) of the internet.
These days NetworkManager and other automatic configuration utilities write to the /etc/resolv.conf file so editing by hand is not recommended any more. Using the applet or other utilities is the preferred method. Although you can configure them to not overwrite the file.
3. Extra general knowledge question: Why are DNS settings of the browser located in the DHCP settings? What does DHCP has to do with DNS?
Thanks!!
I'm guessing you meant DNS settings of the router yes?
My router says they're optional, but they are there so you can specify to use different DNS servers than that provided by your ISP. I note on mine that they only appear to affect the IP addresses the DHCP server in the router is serving, so they won't affect static IP addresses on the LAN
Thank you!
Still, my question remains:
How can I make sure that when I use a browser, I use the DNS settings of the PC and NOT of the router(since I can't change the ones in the router, locked by ISP)?
Here is my last experiment:
1. Got rid of 2nd router, plug everything into 1st one (ISP's)
2. Reinstated DHCP server on that router
3. Changed DNS server settings to OpenDNS in the /etc/resolv.conf (using gui), deleted 127.0.1.1 and just left 208.67.222.222 (Open DNS)
(DNS settings are locked in the ISP's browser, there is no way to change them. But I was hoping I will use the DNS I set in the PC's settings.)
SO, after these changes
- when I $ dig google.com, it shows me that the Dns server is 208.67.222.222 - that's good ...
OpenDNS site shows that I am using OpenDNS - that's good...
BUT! BUT! BUT! When I actually access, via a browser, a site that I BLOCKED in my OpenDNS user account (I blocked porn sites, for example) - it just goes right in! As if it is not blocked by OpenDNS! What is the story?!
It did not happen with my first set-up (with two routers). So I now reinstated that first set-up and - it blocks the sites...
Does anyone (michaelk in particular, as the apparently most knowledgeable party) have any idea what's happening?
Thanks!
Last edited by byebyemrgates; 02-27-2018 at 05:07 PM.
Ok, everyone, probably my last post was in "too hard basket", and I understand why. BUT - since then I have done more work, so here is another question (and please tell me if I should have started a new thread with this one):
With the help of OpenDNS support team, I have worked out that, somehow, something is closing, intermittently, ports 443 and 5353 (more info below)
So, my question - HOW CAN I FIND OUT WHAT APP IS CLOSING THEM AND WHY?
I know it is not GUFW because it happens with it is turned off.
In the GUFW report, is lists in the "report" tab: UPD6 protocol, port 5353, address *, application avahi-daemon
I can't find any documentation showing what the "report" tab in GUFW is actually showing.
MORE INFO if you are interested:
the OpenDNS support got me to run this commands:
DNS is cached by a number of entities.
You could even have a DNS server running on your machine (and not be aware of it) that is caching DNS entries.
Each DNS server will check its cache, and when it does not find the name, will bounce the request to another DNS server, up until it reaches the host site.
There are some commands
> dig badsite.com +trace
- large printout of all DNS servers queried.
- the very last line will show you who supplied the address
- if it fails to find the site, then it could be the browser caching the address ? maybe
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.