DNS Lookup Failure (Linux)

This page covers situations where a DNS lookup is failing on Linux.

If DNS lookup works, but there is a delay in getting a response, refer to DNS Lookup Delay (Linux)

If running uname does not return Linux then this is not a Linux machine.

1) Determine Whether the Internet is Accessible

Follow Do You Have Internet Access?

If the outcome is 'yes', continue.

2) Determine Whether All DNS Lookups Are Failing

Run a DNS lookup against a stable site:

dig google.com

The output should look similar to this:

Server: 192.168.1.25
Address: 192.168.1.254#53

Non-authoritative answer:
Name: google.com
Address: 216.58.201.46

Now run this command:

dig @8.8.8.8 google.com

Compare the output of the two dig commands you just ran.

The first two numbers in the IP address in the last line (216.58 in the above example output) should match in your output.

  • If they match, then DNS lookup is working for at least some DNS entries.
  • If they do not match, then DNS lookup is not working on your host.

Note the above outcome down as 'DNS not working for all' or 'DNS working for some', as it will be used later.

3) Determine DNS Lookup Method

There are numerous ways DNS lookups can be performed. We now need to gather some facts about your host to determine what is doing the DNS lookup.

nsswitch config

Run this command:

grep ^hosts: /etc/nsswitch.conf

If you see the output:

grep: /etc/nsswitch.conf: No such file or directory

then note that you are not using nsswitch.

Otherwise you see output like this:

/etc/nsswitch.conf:hosts: files dns myhostname

Note down the words after hosts: as your 'nsswitch methods'

nsswitch host: ''/etc/hosts''

If host was in your 'nsswitch methods', then check whether the host that's failing is in your /etc/hosts file.

If it is, then go to the solution entry in ''/etc/hosts'' file?.

nsswitch dns: resolv.conf

If dns was not in your 'nsswitch methods' then its absence may be the problem. Try adding it to see if that resolves your issue.

If dns was in your 'nsswitch methods', then run this command:

grep ^nameserver /etc/resolv.conf

Note the output as 'dns servers in resolv.conf' in the order they are seen in the /etc/resolv.conf file.

IPTables config

Run this script:

iptables -vL -t filter | grep -E -w '(53|domain)'
iptables -vL -t nat | grep -E -w '(53|domain)'
iptables -vL -t mangle | grep -E -w '(53|domain)'
iptables -vL -t raw | grep -E -w '(53|domain)'
iptables -vL -t security | grep -E -w '(53|domain)'

If this produces any output lines at all, it may be that IPTables is diverting the DNS request and causing the issue. Try going to the Disable IPTables solution to see if that works.

If it does, then it may be that IPTables is redirecting your requests to a different location.

In this case, you will need to determine why this IPTables rule exists and fix accordingly. The fix will be context-dependent.

Examples of legitimate reasons for doing this include:

Nameserver

For the first item in your 'dns servers in resolv.conf' list, determine:

  • Is your DNS server IP address ('DNSSIPA') pointed to the localhost network?
  • Is your DNSSIPA pointed to your local network?
  • Is your DNSSIPA pointed to the internet?

To determine this, follow the instructions below:

  • If the DNSSIPA matches: 127.0.0.x, where x is any number between 0 and 255, then your DNS server is running locally. Proceed to Find Local DNS Server
  • If your DNSSIPA is in any of the following ranges: 10.0.0.0-10.255.255.255, 172.16.0.0-172.31.255.255, or 192.168.0.0-192.168.255.255, then your DNSSIPA is pointed to a local network. Otherwise, it's likely to be pointed at an internet address. If you're still unsure run: dig +short @8.8.8.8 -x DNSSIPA, where DNSSIPA should be replaced with the actual IP address. If the output is empty then the IPA is pointed to your local network. If it is not empty, then it is pointed to the internet.

If your DNSSIPA is pointed at the internet, then proceed to solution Change DNS Server in ''/etc/resolv.conf''

4) Find Local DNS Server

As root, run:

lsof -i 4udp@IP:53 | grep -v ^COMMAND | awk '{print $1}'

this will tell you the program that is responding to DNS requests.

If the output is:

Entry in ''/etc/hosts'' file

Comment out the identified entry in /etc/hosts and check_resolution.

Disable IPTables

To disable IPTables, follow how-to-disable-iptables.

Change DNS Server in /etc/resolv.conf

As root, replace the IP address of the DNS server on the first line beginning nameserver with a public DNS server that is likely to be available, eg Google's DNS server on: 8.8.8.8

Then, proceed to check resolution.

Try running dig or curl against any domains that caused issues before, eg

dig google.com
curl google.com

If they appear to work now, then try your original application.

If your original application still fails, it may have cached the bad lookup.

Whether this fully resolves your issue will depend on the intention behind the design of the network you run on. If you are not fully responsible for it, then you will need to take the information you have gathered here to whoever is responsible for it.

You could leave a comment if you were logged in.