Solved Unable to get DNS service

W

Winson

Code: 
ctrl_interface=/var/run/wpa_supplicant
update_config=1
eapol_version=2
ap_scan=1
fast_reauth=1
network={  
ssid="ARM architecture phone"  
scan_ssid=0  
psk="***"  
priority=0
}
network={ 
ssid="Ping-5G"  
scan_ssid=0  
psk="***"  
priority=1 }
network={  
ssid="UoA-WiFi"  
key_mgmt=WPA-EAP  
eap=PEAP  
scan_ssid=0  
identity="***"  
password="***"  
#ca_cert"/home/Winson/Document/QuVadis_Root_CA_2_G3.crt"  
phase2="autheap=MSCHAPV2"  
priority=2
}

This is my wpa_supplicant.conf. And I am able to connect to network fine, I get a dhcp assigned IP, I can connect to it but I can only ping 8.8.8.8 successfully, not google.com

and for resolv.conf I have
Code: 
nameserver 8.8.8.8
My ifconfig
Code: 
wlan0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        ether 38:87:d5:4a:21:a8
        inet 192.168.8.209 netmask 0xffffff00 broadcast 192.168.8.255
        groups: wlan
        ssid Ping-5G channel 149 (5745 MHz 11a) bssid 96:83:c4:2d:5b:c7
        regdomain FCC country US authmode WPA2/802.11i privacy ON
        deftxkey UNDEF AES-CCM 3:128-bit txpower 23 bmiss 7 mcastrate 6
        mgmtrate 6 scanvalid 60 wme roaming MANUAL
        parent interface: iwlwifi0
        media: IEEE 802.11 Wireless Ethernet OFDM/54Mbps mode 11a
        status: associated
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
Anyone know what's going on here, happy to provide more information if needed.
 
Hi there, I'm currently facing network issue

my wireless network is able to connect via wpa_supplicant, and able to ping IPv4 addresses successfully.
But when I use browser and pinging domain, it can't resolve it and return Unknown host.

My wpa_supplicant.conf is
Code: 
ctrl_interface=/var/run/wpa_supplicant
update_config=1
eapol_version=2
ap_scan=1
fast_reauth=1

network={
    ssid="Ping-5G"
    scan_ssid=0
    psk="*********"
    priority=1
}
and my resolv.conf
Code: 
nameserver 8.8.8.8
Anyone knows what's going on here? Happy to provide any information if needed
 
Does drill @8.8.8.8 forums.freebsd.org work? Can you also show the relevant lines in rc.conf?
 
Hi SirDice
I've tried drill and it returns Error: error sending query: could not send or receive, because of network error

And in rc.conf

local_unbound_enable=”YES”
kld_list=”if_iwlwifi”

wlans_iwlwifi0=”wlan0”
wlandebug_wlan0-"+state +crypto +node +auth +assoc +dot1xsm +wpa"
#enable dynamically sleeping wifi NIC ifconfig_wlan0= "WPA SYNCDHCP powersave"
 
Winson said:
I've tried drill and it returns Error: error sending query: could not send or receive, because of network error
Click to expand...
That might be a firewall that's blocking the DNS traffic?
 
I was able to use the same network on windows and ios without problem, that shouldn't be the case
Or do you mean software firewall on freebsd?
 
I haven't edit anything related to firewall, everything is default, and both pf and ipf seemed to be off

when i run
~#pfctl -d
/dev/pf: No such file or device

~#ipf -l state
open device: No such file or device

so I guess that's not a firewall problem? Also, I just tried, my iPhone's hotspot somehow work fine. And it's reachable in local network, I managed to ssh to it from another Windows PC
 
Just in case please can you share the output of these commands?
Code: 
netstat -nr
cat /etc/resolv.conf
cat /etc/nsswitch.conf
ping 8.8.8.8
Also good old telnet: telnet 8.8.8.8 53.
 
Can you connect to *any* external DNS server? quad9, cloudflare etc...

Code: 
% nc -uz 9.9.9.9 53
Connection to 9.9.9.9 53 port [udp/domain] succeeded!
% nc -z 9.9.9.9 53
Connection to 9.9.9.9 53 port [tcp/domain] succeeded!

Any chance your ISP is hijacking/redirecting DNS requests?
 
_martin said:
Just in case please can you share the output of these commands?
Code: 
netstat -nr
cat /etc/resolv.conf
cat /etc/nsswitch.conf
ping 8.8.8.8
Also good old telnet: telnet 8.8.8.8 53.
Click to expand...
Code: 
netstat -nr

Routing tables

Internet:
Destination        Gateway            Flags     Netif Expire
default            192.168.8.1        UGS       wlan0
127.0.0.1          link#1             UH          lo0
192.168.8.0/24     link#2             U         wlan0
192.168.8.209      link#2             UHS         lo0

Internet6:
Destination                       Gateway                       Flags     Netif Expire
::/96                             ::1                           URS         lo0
::1                               link#1                        UHS         lo0
::ffff:0.0.0.0/96                 ::1                           URS         lo0
fe80::/10                         ::1                           URS         lo0
fe80::%lo0/64                     link#1                        U           lo0
fe80::1%lo0                       link#1                        UHS         lo0
ff02::/16                         ::1                           URS         lo0

Code: 
cat /etc/resolv.conf

nameserver 8.8.8.8

Code: 
cat /etc/nsswitch.conf

#
# nsswitch.conf(5) - name service switch configuration file
# $FreeBSD$
#
group: compat
group_compat: nis
hosts: files dns
netgroup: compat
networks: files
passwd: compat
passwd_compat: nis
shells: files
services: compat
services_compat: nis
protocols: files
rpc: files

Code: 
ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: icmp_seq=0 ttl=116 time=33.342 ms
64 bytes from 8.8.8.8: icmp_seq=1 ttl=116 time=33.407 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=116 time=33.302 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=116 time=35.060 ms
^C
--- 8.8.8.8 ping statistics ---
4 packets transmitted, 4 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 33.302/33.778/35.060/0.741 ms

Code: 
telnet 8.8.8.8 53
Trying 8.8.8.8...
telnet: connect to address 8.8.8.8: Operation timed out
telnet: Unable to connect to remote host
 
sko said:
Can you connect to *any* external DNS server? quad9, cloudflare etc...

Code: 
% nc -uz 9.9.9.9 53
Connection to 9.9.9.9 53 port [udp/domain] succeeded!
% nc -z 9.9.9.9 53
Connection to 9.9.9.9 53 port [tcp/domain] succeeded!

Any chance your ISP is hijacking/redirecting DNS requests?
Click to expand...
I have tried both 8.8.8.8 and 9.9.9.9, both return succeeded within a second
 
The fact that you have other operating systems working on the same network points at FreeBSD, but I can't see anything obviously wrong in your setup. The FreeBSD-resident firewalls are not activated when "everything is default". But it's worth making sure regarding ipfw(8) with sudo ipfw disable.

It might help to know the output of cat -v /etc/resolv.conf.

I am perplexed that telnet 8.8.8.8 53 fails and nc -z 8.8.8.8 53 works. You are connecting with TCP to the same port on the same host in both cases. It's certainly worth repeating those tests and confirming the results. The expected results (note "telnet -N") are:
Code: 
[strand.611] $ telnet -N 8.8.8.8 53
Trying 8.8.8.8...
Connected to 8.8.8.8.
Escape character is '^]'.
Connection closed by foreign host.

[strand.612] $ nc -z 8.8.8.8 53
Connection to 8.8.8.8 53 port [tcp/domain] succeeded!
 
gpw928 said:
The fact that you have other operating systems working on the same network points at FreeBSD, but I can't see anything obviously wrong in your setup. The FreeBSD-resident firewalls are not activated when "everything is default". But it's worth making sure regarding ipfw(8) with sudo ipfw disable.

It might help to know the output of cat -v /etc/resolv.conf.

I am perplexed that telnet 8.8.8.8 53 fails and nc -z 8.8.8.8 53 works. You are connecting with TCP to the same port on the same host in both cases. It's certainly worth repeating those tests and confirming the results. The expected results (note "telnet -N") are:
Code: 
[strand.611] $ telnet -N 8.8.8.8 53
Trying 8.8.8.8...
Connected to 8.8.8.8.
Escape character is '^]'.
Connection closed by foreign host.

[strand.612] $ nc -z 8.8.8.8 53
Connection to 8.8.8.8 53 port [tcp/domain] succeeded!
Click to expand...
Thank you gpw928, I've already tried disable ipfw but nothing changed.
And as for cat -v /etc/resolv.conf it is nameserver 8.8.8.8

Code: 
telnet -N 8.8.8.8 53
telnet: connect to address 8.8.8.8: Operation timed out
telnet: Unable to connect to remote host

Code: 
nc -z 8.8.8.8 53
# nothing is returned

So is there something wrong with TCP, since UDP package (nc -uz) and ICMP package (ping) worked?
 
I suggested cat -v /etc/resolv.conf specifically to see if the file was corrupted with an "invisible" character. It's worth double checking. Also please repeat the telnet and nc tests on 9.9.9.9. Then test UDP with nc -uz 9.9.9.9 53 and show us the results. This should help with the assertion that the problem is with TCP only.
 
gpw928 said:
I suggested cat -v /etc/resolv.conf specifically to see if the file was corrupted with an "invisible" character. It's worth double checking. Also please repeat the telnet and nc tests on 9.9.9.9. Then test UDP with nc -uz 9.9.9.9 53 and show us the results. This should help with the assertion that the problem is with TCP only.
Click to expand...
oh sorry, i did checked with -v but i type wrong when reply you here. The result is still nameserver 8.8.8.8
 
Thanks for the output. As mentioned above that seems ok. Did you try to use your ISP's DNS to see if it works? Did you try to use any other public DNS too?
We are working under assumption that under different OS, on the same HW and network 8.8.8.8 works. Correct?
 
_martin said:
Thanks for the output. As mentioned above that seems ok. Did you try to use your ISP's DNS to see if it works? Did you try to use any other public DNS too?
We are working under assumption that under different OS, on the same HW and network 8.8.8.8 works. Correct?
Click to expand...
Thanks for your remind! I didn't considered DNS on other OS, it turned out to be local DNS server assigned by DHCP.

So I changed my resolv.conf to nameserver 192.168.8.1 and it worked!!!

Which lead me to another question, is there a way to get assigned DNS server from DHCP server on FreeBSD(kind of important since university wifi assign me different network segment each time)?
(I open a new thread for this question)
 
Winson said:
Which lead me to another question, is there a way to get assigned DNS server from DHCP server on FreeBSD(kind of important since university wifi assign me different network segment each time)?
(I open a new thread for this question)
Click to expand...
I'm not sure if I understand. You are DHCP client in this scenario, you can't generally influence what DHCP server gives you. You can manually alter resolv.conf to whatever you want but depending on network settings you may not be able to use it -- your exact problem with google's DNS.

I don't use FreeBSD for desktop any more, I'm not sure if there's an option to do this (change part of the network config based on location) automatically. On Solaris you can assign network profiles.
Maybe somebody will answer you in that thread.
 
To everyone tried to help me with this, thank you so much! I really appreciate that!

For future viewer of this page,
I have experience can access to any domain base network service (DNS service issue). And in my case it turned out to be only local DNS server is allowed by my ISP or school IT department.
Solution worked for me:
manually change resolv.conf, not very elegant, I'm still finding better solution.

If my solution can't solve your problem.
there are some command you can run to gather more informations

drill @8.8.8.8 forums.freebsd.org suggested by sirdice

Code: 
# routing table
netstat -nr
# dnsserver and host setting
cat /etc/resolv.conf
cat /etc/nsswitch.conf
# ICMP test
ping 8.8.8.8
# tcp connectivity test on port 53(normally DNS port)
telnet 8.8.8.8 53
by _martin

Code: 
# connectivity test with IP to name lookup disabled
telnet -N 8.8.8.8 53
# tcp connectivity test without actually send any data
nc -z 8.8.8.8 53
cat -v /etc/resolv.conf
by gpw928
 
You must log in or register to reply here.
Back
Top