Communities

Writing
Writing
Codidact Meta
Codidact Meta
The Great Outdoors
The Great Outdoors
Photography & Video
Photography & Video
Scientific Speculation
Scientific Speculation
Cooking
Cooking
Electrical Engineering
Electrical Engineering
Judaism
Judaism
Languages & Linguistics
Languages & Linguistics
Software Development
Software Development
Mathematics
Mathematics
Christianity
Christianity
Code Golf
Code Golf
Music
Music
Physics
Physics
Linux Systems
Linux Systems
Power Users
Power Users
Tabletop RPGs
Tabletop RPGs
Community Proposals
Community Proposals
tag:snake search within a tag
answers:0 unanswered questions
user:xxxx search by author id
score:0.5 posts with 0.5+ score
"snake oil" exact phrase
votes:4 posts with 4+ votes
created:<1w created < 1 week ago
post_type:xxxx type of post
Search help
Notifications
Mark all as read See all your notifications »
Users Search
Help Dashboard Sign In Sign Up
Q&A Meta
Q&A
Posts Tags Edits
Ask Question

Ubuntu system has lost DNS access

+1
−0

At the most embarrassing time, Firefox on my Ubuntu laptop wouldn't connect to any websites. I've narrowed it down to a DNS issue. I can ping IP addresses, sftp to the computer, etc. The problem affects all applications. I'm running Ubuntu 22.04.4 LTS on a Dell Inspiron laptop. The results are the same whether I attempt access on my home network or at the public library.

Running nslookup on any domain name gives me

communications error to 127.0.0.53#53: timed out

three times.

Running resolvectl status gives the following output:

Global
       Protocols: -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
resolv.conf mode: stub
Link 2 (wlp2s0)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Link 3 (surfshark_ipv6)
    Current Scopes: DNS
         Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: ::1
       DNS Servers: ::1
        DNS Domain: ~.

The Surfrhark reference jumps out at me. I have Surfshark (VPN software) installed but not currently running. I'm wondering if a Surfshark crash left my DNS in a bad state.

Since the machine can't access any domains by name, I'm limited in my options. Installing anything with apt doesn't work. I'm seriously thinking of backing up my data files and reinstalling Ubuntu, since I have nothing irreplaceable on that machine, but I'd like to fix the problem if possible. Any suggestions on how to proceed?

ubuntu dns
posted 5 months ago
3mo ago by matthewsnyder‭
user card
gmcgath‭
6 reputation 1 0 1 0
History
Why does this post require attention from curators or moderators?
You might want to add some details to your flag.
Why should this post be closed?

1 comment thread

Now moot (1 comment)

1 answer

Score Active Age
+0
−1

This is not a full answer, but my hypothesis is:

Your system is configured to resolve domains exclusively through a single server running locally. Thereby, that local server can centrally control how DNS is handled, while no lookups can escape the server. This is probably because you tried to use a VPN, so logically if domain lookups don't also go through the VPN, the domains will be seen by your ISP etc. (the so called "DNS leak"). Your DNS server is part of the VPN. But now you've turned off the VPN, the DNS server is also gone, and your OS is not allowed to resolve domains any other ways (like Google at 8.8.8.8 or your router at 192.168.1.1). It tries the only permitted option, the local, which never responds because it's not running, the request times out and the lookup fails.

A heuristic for checking this is to enable your VPN and see if domains resolve again. If the hypothesis is correct, they will, but there are also alternative situations that would create that symptom which is why I call it a heuristic.

The simplest DNS setup is of course when you don't use a VPN. The next simplest is if you use a VPN always - you just forbid DNS outside the VPN, and accept the caveat that your lookups won't work without the VPN. I think that normal people would want to be able to toggle back and forth. So your VPN must restore the clearnet DNS configuration when turned off. The Wireguard implementation in Network Manager seems to do this, but I am not sure about your particular VPN setup. If you are using your VPN's provider app, that could well be the source of your issue, and you'll have to ask their support how to fix it.

It might be easier to install something like dnsmasq and use that as your resolver, then let dnsmasq delegate to your VPN or router as needed. Dnsmasq by itself won't automatically solve your problem, it just has a nicer configuration syntax that you might find more convenient, plus other nifty DNS features. You can likely fix your configuration without dnsmasq but I suspect it will be less convenient.

Note that you cannot simply add your clearnet DNS resolver as a fallback for your VPN's resolver. If you do that, when you have VPN on, occasionally the DNS request through VPN will simply fail (the Internet inherently has a background failure rate for all traffic) and the domain will leak outside your VPN. This will significantly compromise your privacy and security, to almost negate the benefit of the VPN. You'll need something fancier. I won't go into detail here, I think there should be another question like "How to set up DNS to automatically use VPN when on but not when off, without leaks?"

posted 3 months ago
3mo ago
user card
matthewsnyder‭
1806 reputation 122 75 285 109
History
Why does this post require attention from curators or moderators?
You might want to add some details to your flag.

0 comment threads

Sign up to answer this question »