Name resolution intermittent
I have NextDNS servers configured on my Debian 12 host to allow me to monitor internal DNS names. I configured systemd-resolved as per the setup pages here and it all seemed to be working.
I attempted to do an `apt update` and noticed name resolution issues.
❯ sudo apt updateGet:1 file:/etc/apt/mirrors/debian.list Mirrorlist [39 B]Get:5 file:/etc/apt/mirrors/debian-security.list Mirrorlist [27 B]Ign:7 https://repos-droplet.digitalocean.com/apt/droplet-agent main InReleaseIgn:8 https://repos.insights.digitalocean.com/apt/do-agent main InReleaseIgn:9 https://download.docker.com/linux/debian bookworm InReleaseIgn:2 http://mirrors.digitalocean.com/debian bookworm InReleaseIgn:10 https://deb.debian.org/debian testing InReleaseIgn:3 http://mirrors.digitalocean.com/debian bookworm-updates InReleaseIgn:6 http://security.debian.org bookworm-security InReleaseIgn:4 http://mirrors.digitalocean.com/debian bookworm-backports InReleaseIgn:8 https://repos.insights.digitalocean.com/apt/do-agent main InReleaseIgn:7 https://repos-droplet.digitalocean.com/apt/droplet-agent main InReleaseIgn:9 https://download.docker.com/linux/debian bookworm InReleaseIgn:2 http://mirrors.digitalocean.com/debian bookworm InReleaseIgn:3 http://mirrors.digitalocean.com/debian bookworm-updates InReleaseIgn:10 https://deb.debian.org/debian testing InReleaseIgn:4 http://mirrors.digitalocean.com/debian bookworm-backports InReleaseIgn:6 http://security.debian.org bookworm-security InReleaseIgn:7 https://repos-droplet.digitalocean.com/apt/droplet-agent main InReleaseIgn:8 https://repos.insights.digitalocean.com/apt/do-agent main InReleaseIgn:9 https://download.docker.com/linux/debian bookworm InReleaseIgn:2 http://mirrors.digitalocean.com/debian bookworm InReleaseIgn:3 http://mirrors.digitalocean.com/debian bookworm-updates InReleaseIgn:4 http://mirrors.digitalocean.com/debian bookworm-backports InReleaseIgn:10 https://deb.debian.org/debian testing InReleaseIgn:6 http://security.debian.org bookworm-security InReleaseErr:9 https://download.docker.com/linux/debian bookworm InRelease Temporary failure resolving 'download.docker.com'Err:8 https://repos.insights.digitalocean.com/apt/do-agent main InRelease Temporary failure resolving 'repos.insights.digitalocean.com'Err:7 https://repos-droplet.digitalocean.com/apt/droplet-agent main InRelease Temporary failure resolving 'repos-droplet.digitalocean.com'Err:2 http://mirrors.digitalocean.com/debian bookworm InRelease Temporary failure resolving 'mirrors.digitalocean.com'Err:3 http://mirrors.digitalocean.com/debian bookworm-updates InRelease Temporary failure resolving 'mirrors.digitalocean.com'Err:4 http://mirrors.digitalocean.com/debian bookworm-backports InRelease Temporary failure resolving 'mirrors.digitalocean.com'Err:10 https://deb.debian.org/debian testing InRelease Temporary failure resolving 'debian.map.fastly.net' Temporary failure resolving 'deb.debian.org'Err:6 http://security.debian.org bookworm-security InRelease Temporary failure resolving 'debian.map.fastlydns.net' Temporary failure resolving 'security.debian.org'Reading package lists... DoneBuilding dependency tree... DoneReading state information... Done298 packages can be upgraded. Run 'apt list --upgradable' to see them.W: Failed to fetch https://deb.debian.org/debian/dists/testing/InRelease Temporary failure resolving 'debian.map.fastly.net' Temporary failure resolving 'deb.debian.org'W: Failed to fetch mirror+file:/etc/apt/mirrors/debian.list/dists/bookworm/InRelease Temporary failure resolving 'mirrors.digitalocean.com'W: Failed to fetch mirror+file:/etc/apt/mirrors/debian.list/dists/bookworm-updates/InRelease Temporary failure resolving 'mirrors.digitalocean.com'W: Failed to fetch mirror+file:/etc/apt/mirrors/debian.list/dists/bookworm-backports/InRelease Temporary failure resolving 'mirrors.digitalocean.com'W: Failed to fetch mirror+file:/etc/apt/mirrors/debian-security.list/dists/bookworm-security/InRelease Temporary failure resolving 'debian.map.fastlydns.net' Temporary failure resolving 'security.debian.org'W: Failed to fetch https://repos.insights.digitalocean.com/apt/do-agent/dists/main/InRelease Temporary failure resolving 'repos.insights.digitalocean.com'W: Failed to fetch https://download.docker.com/linux/debian/dists/bookworm/InRelease Temporary failure resolving 'download.docker.com'W: Failed to fetch https://repos-droplet.digitalocean.com/apt/droplet-agent/dists/main/InRelease Temporary failure resolving 'repos-droplet.digitalocean.com'W: Some index files failed to download. They have been ignored, or old ones used instead.❯ cat /etc/resolv.conf# This is /run/systemd/resolve/resolv.conf managed by man:systemd-resolved(8).# Do not edit.## This file might be symlinked as /etc/resolv.conf. If you're looking at# /etc/resolv.conf and seeing this text, you have followed the symlink.## This is a dynamic resolv.conf file for connecting local clients directly to# all known uplink DNS servers. This file lists all configured search domains.## Third party programs should typically not access this file directly, but only# through the symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a# different way, replace this symlink by a static file or a different symlink.## See man:systemd-resolved.service(8) for details about the supported modes of# operation for /etc/resolv.conf.nameserver 2a07:a8c0::xx:xxxxnameserver 2a07:a8c1::xx:xxxxsearch .❯ dig repos-droplet.digitalocean.com; <<>> DiG 9.18.19-1~deb12u1-Debian <<>> repos-droplet.digitalocean.com;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9831;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1;; OPT PSEUDOSECTION:; EDNS: version: 0, flags:; udp: 1232;; QUESTION SECTION:;repos-droplet.digitalocean.com. IN A;; ANSWER SECTION:repos-droplet.digitalocean.com. 300 IN A 104.18.154.42repos-droplet.digitalocean.com. 300 IN A 104.18.155.42;; Query time: 16 msec;; SERVER: 2a07:a8c0::xx:xxxx#53(2a07:a8c0::xx:xxxx) (UDP);; WHEN: Fri Dec 15 15:23:28 UTC 2023;; MSG SIZE rcvd: 91/mnt/volume_syd1_01 xxxx@microtech-dev-syd1-01 15:23:28❯You can see thefailed lookup to `repos-droplet.digitalocean.com` but then when I do a dig it resolves.
This was working earlier.
9 replies
-
Arghg I dont know whats happened to the code block I pasted
-
❯ sudo apt update
Get:1 file:/etc/apt/mirrors/debian.list Mirrorlist [39 B]
Get:5 file:/etc/apt/mirrors/debian-security.list Mirrorlist [27 B]
Ign:7 https://repos-droplet.digitalocean.com/apt/droplet-agent main InRelease
Ign:8 https://repos.insights.digitalocean.com/apt/do-agent main InRelease
Ign:9 https://download.docker.com/linux/debian bookworm InRelease
Ign:2 http://mirrors.digitalocean.com/debian bookworm InRelease
Ign:10 https://deb.debian.org/debian testing InRelease
Ign:3 http://mirrors.digitalocean.com/debian bookworm-updates InRelease
Ign:6 http://security.debian.org bookworm-security InRelease
Ign:4 http://mirrors.digitalocean.com/debian bookworm-backports InRelease
Ign:8 https://repos.insights.digitalocean.com/apt/do-agent main InRelease
Ign:7 https://repos-droplet.digitalocean.com/apt/droplet-agent main InRelease
Ign:9 https://download.docker.com/linux/debian bookworm InRelease
Ign:2 http://mirrors.digitalocean.com/debian bookworm InRelease
Ign:3 http://mirrors.digitalocean.com/debian bookworm-updates InRelease
Ign:10 https://deb.debian.org/debian testing InRelease
Ign:4 http://mirrors.digitalocean.com/debian bookworm-backports InRelease
Ign:6 http://security.debian.org bookworm-security InRelease
Ign:7 https://repos-droplet.digitalocean.com/apt/droplet-agent main InRelease
Ign:8 https://repos.insights.digitalocean.com/apt/do-agent main InRelease
Ign:9 https://download.docker.com/linux/debian bookworm InRelease
Ign:2 http://mirrors.digitalocean.com/debian bookworm InRelease
Ign:3 http://mirrors.digitalocean.com/debian bookworm-updates InRelease
Ign:4 http://mirrors.digitalocean.com/debian bookworm-backports InRelease
Ign:10 https://deb.debian.org/debian testing InRelease
Ign:6 http://security.debian.org bookworm-security InRelease
Err:9 https://download.docker.com/linux/debian bookworm InRelease
Temporary failure resolving 'download.docker.com'
Err:8 https://repos.insights.digitalocean.com/apt/do-agent main InRelease
Temporary failure resolving 'repos.insights.digitalocean.com'
Err:7 https://repos-droplet.digitalocean.com/apt/droplet-agent main InRelease
Temporary failure resolving 'repos-droplet.digitalocean.com'
Err:2 http://mirrors.digitalocean.com/debian bookworm InRelease
Temporary failure resolving 'mirrors.digitalocean.com'
Err:3 http://mirrors.digitalocean.com/debian bookworm-updates InRelease
Temporary failure resolving 'mirrors.digitalocean.com'
Err:4 http://mirrors.digitalocean.com/debian bookworm-backports InRelease
Temporary failure resolving 'mirrors.digitalocean.com'
Err:10 https://deb.debian.org/debian testing InRelease
Temporary failure resolving 'debian.map.fastly.net' Temporary failure resolving 'deb.debian.org'
Err:6 http://security.debian.org bookworm-security InRelease
Temporary failure resolving 'debian.map.fastlydns.net' Temporary failure resolving 'security.debian.org'
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
298 packages can be upgraded. Run 'apt list --upgradable' to see them.
W: Failed to fetch https://deb.debian.org/debian/dists/testing/InRelease Temporary failure resolving 'debian.map.fastly.net' Temporary failure resolving 'deb.debian.org'
W: Failed to fetch mirror+file:/etc/apt/mirrors/debian.list/dists/bookworm/InRelease Temporary failure resolving 'mirrors.digitalocean.com'
W: Failed to fetch mirror+file:/etc/apt/mirrors/debian.list/dists/bookworm-updates/InRelease Temporary failure resolving 'mirrors.digitalocean.com'
W: Failed to fetch mirror+file:/etc/apt/mirrors/debian.list/dists/bookworm-backports/InRelease Temporary failure resolving 'mirrors.digitalocean.com'
W: Failed to fetch mirror+file:/etc/apt/mirrors/debian-security.list/dists/bookworm-security/InRelease Temporary failure resolving 'debian.map.fastlydns.net' Temporary failure resolving 'security.debian.org'
W: Failed to fetch https://repos.insights.digitalocean.com/apt/do-agent/dists/main/InRelease Temporary failure resolving 'repos.insights.digitalocean.com'
W: Failed to fetch https://download.docker.com/linux/debian/dists/bookworm/InRelease Temporary failure resolving 'download.docker.com'
W: Failed to fetch https://repos-droplet.digitalocean.com/apt/droplet-agent/dists/main/InRelease Temporary failure resolving 'repos-droplet.digitalocean.com'
W: Some index files failed to download. They have been ignored, or old ones used instead.
❯ cat /etc/resolv.conf
# This is /run/systemd/resolve/resolv.conf managed by man:systemd-resolved(8).
# Do not edit.
#
# This file might be symlinked as /etc/resolv.conf. If you're looking at
# /etc/resolv.conf and seeing this text, you have followed the symlink.
#
# This is a dynamic resolv.conf file for connecting local clients directly to
# all known uplink DNS servers. This file lists all configured search domains.
#
# Third party programs should typically not access this file directly, but only
# through the symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a
# different way, replace this symlink by a static file or a different symlink.
#
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.nameserver 2a07:a8c0::xx:xxxx
nameserver 2a07:a8c1::xx:xxxx
search .
❯ dig repos-droplet.digitalocean.com; <<>> DiG 9.18.19-1~deb12u1-Debian <<>> repos-droplet.digitalocean.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9831
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;repos-droplet.digitalocean.com. IN A;; ANSWER SECTION:
repos-droplet.digitalocean.com. 300 IN A 104.18.154.42
repos-droplet.digitalocean.com. 300 IN A 104.18.155.42;; Query time: 16 msec
;; SERVER: 2a07:a8c0::xx:xxxx#53(2a07:a8c0::xx:xxxx) (UDP)
;; WHEN: Fri Dec 15 15:23:28 UTC 2023
;; MSG SIZE rcvd: 91/mnt/volume_syd1_01
-
Can you please provide a https://nextdns.io/diag
-
Built a new Digital Ocean Debian 12 host and added IPv6 only DNS hosts into resolved config:
sudo apt update
Get:1 file:/etc/apt/mirrors/debian.list Mirrorlist [39 B]
Get:5 file:/etc/apt/mirrors/debian-security.list Mirrorlist [27 B]
Ign:7 https://repos-droplet.digitalocean.com/apt/droplet-agent main InRelease
Ign:8 https://download.docker.com/linux/debian bookworm InRelease
Ign:2 http://mirrors.digitalocean.com/debian bookworm InRelease
Ign:3 http://mirrors.digitalocean.com/debian bookworm-updates InRelease
Ign:6 http://security.debian.org bookworm-security InRelease
Ign:4 http://mirrors.digitalocean.com/debian bookworm-backports InRelease
Ign:8 https://download.docker.com/linux/debian bookworm InRelease
Ign:7 https://repos-droplet.digitalocean.com/apt/droplet-agent main InRelease
Ign:2 http://mirrors.digitalocean.com/debian bookworm InRelease
Ign:3 http://mirrors.digitalocean.com/debian bookworm-updates InRelease
Ign:4 http://mirrors.digitalocean.com/debian bookworm-backports InRelease
Ign:6 http://security.debian.org bookworm-security InRelease
Ign:7 https://repos-droplet.digitalocean.com/apt/droplet-agent main InRelease
Ign:8 https://download.docker.com/linux/debian bookworm InRelease
Ign:2 http://mirrors.digitalocean.com/debian bookworm InRelease
Ign:3 http://mirrors.digitalocean.com/debian bookworm-updates InRelease
Ign:4 http://mirrors.digitalocean.com/debian bookworm-backports InRelease
Ign:6 http://security.debian.org bookworm-security InRelease
Err:8 https://download.docker.com/linux/debian bookworm InRelease
Temporary failure resolving 'download.docker.com'
Err:7 https://repos-droplet.digitalocean.com/apt/droplet-agent main InRelease
Temporary failure resolving 'repos-droplet.digitalocean.com'
Err:2 http://mirrors.digitalocean.com/debian bookworm InRelease
Temporary failure resolving 'mirrors.digitalocean.com'
Err:3 http://mirrors.digitalocean.com/debian bookworm-updates InRelease
Temporary failure resolving 'mirrors.digitalocean.com'
Err:4 http://mirrors.digitalocean.com/debian bookworm-backports InRelease
Temporary failure resolving 'mirrors.digitalocean.com'
Err:6 http://security.debian.org bookworm-security InRelease
Temporary failure resolving 'debian.map.fastlydns.net' Temporary failure resolving 'security.debian.org'
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
43 packages can be upgraded. Run 'apt list --upgradable' to see them.
W: Failed to fetch mirror+file:/etc/apt/mirrors/debian.list/dists/bookworm/InRelease Temporary failure resolving 'mirrors.digitalocean.com'
W: Failed to fetch mirror+file:/etc/apt/mirrors/debian.list/dists/bookworm-updates/InRelease Temporary failure resolving 'mirrors.digitalocean.com'
W: Failed to fetch mirror+file:/etc/apt/mirrors/debian.list/dists/bookworm-backports/InRelease Temporary failure resolving 'mirrors.digitalocean.com'
W: Failed to fetch mirror+file:/etc/apt/mirrors/debian-security.list/dists/bookworm-security/InRelease Temporary failure resolving 'debian.map.fastlydns.net' Temporary failure resolving 'security.debian.org'
W: Failed to fetch https://download.docker.com/linux/debian/dists/bookworm/InRelease Temporary failure resolving 'download.docker.com'
W: Failed to fetch https://repos-droplet.digitalocean.com/apt/droplet-agent/dists/main/InRelease Temporary failure resolving 'repos-droplet.digitalocean.com'
W: Some index files failed to download. They have been ignored, or old ones used instead.resolve.conf file (written from the daemon - I did not hand edit)
xxxx@debian-s-1vcpu-1gb-syd1-01:~$ cat /etc/resolv.conf
# This is /run/systemd/resolve/resolv.conf managed by man:systemd-resolved(8).
# Do not edit.
#
# This file might be symlinked as /etc/resolv.conf. If you're looking at
# /etc/resolv.conf and seeing this text, you have followed the symlink.
#
# This is a dynamic resolv.conf file for connecting local clients directly to
# all known uplink DNS servers. This file lists all configured search domains.
#
# Third party programs should typically not access this file directly, but only
# through the symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a
# different way, replace this symlink by a static file or a different symlink.
#
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.nameserver 2a07:a8c0::d5:fcdf
nameserver 2a07:a8c1::d5:fcdf
search .And I would put this stuff in code blocks but it renders it all on a single line. Sorry.
-
So I worked out that curl and apt update weren't working when setting DNS servers to IPv6 only and when I set the IPv4 NextDNS hosts I had issues with linked IP from my Digital Ocean host.
I ended up running DNScrypt-proxy in a Docker container with my NextDNS config and then binding it to local port 53 and then setting systemd-resolve to 127.0.0.1 after disabling the stubDNS setting in its config.
All working well for now.
Content aside
- 11 mths agoLast active
- 9Replies
- 315Views
-
2
Following