Skip to main content
Topic: Trouble with DNS on fresh Artix Base install OpenRC, connmand, (dhcpd?) (Read 4468 times) previous topic - next topic
0 Members and 2 Guests are viewing this topic.

Re: Trouble with DNS on fresh Artix Base install OpenRC, connmand, (dhcpd?)

Reply #30
Quote from: mrbrklyn – on
dig +trace keyserver.ubuntu.com

succeeds completely without modifying any nameservers. It returns all of the expected information. I've already bypassed my router's defaults above as I stated. It changed nothing.

Re: Trouble with DNS on fresh Artix Base install OpenRC, connmand, (dhcpd?)

Reply #31
Quote from: Ducky – on
Quote from: mrbrklyn – on
dig +trace keyserver.ubuntu.com

succeeds completely without modifying any nameservers. It returns all of the expected information. I've already bypassed my router's defaults above as I stated. It changed nothing.


It is not supposed to modify anything.  It is a trace of the DNS chain that the resolver does.  Please post it for the DNS you are having trouble with.

If dig can find ir successfully and report all the chain levels, you are not likely having DNS problems.

Do it for for the wire, and then the wireless.  You can, and know through testing, that the routing works and the DNS works...

Re: Trouble with DNS on fresh Artix Base install OpenRC, connmand, (dhcpd?)

Reply #32
Quote from: Ducky – on
Quote from: mrbrklyn – on
dig +trace keyserver.ubuntu.com

succeeds completely without modifying any nameservers. It returns all of the expected information. I've already bypassed my router's defaults above as I stated. It changed nothing.


You stated above that you changed your routers DNS entries, not that you bypassed it.  It is not a subtle difference.  One is you think you changed the settings in your router.  The other you BYPASSED the router through a manual entry in the /etc/resolv.conf file which bypasses the router for DNS inquiries all together.

Leave the router alone right now, as it just adds another level of complexity.

Re: Trouble with DNS on fresh Artix Base install OpenRC, connmand, (dhcpd?)

Reply #33
Quote from: mrbrklyn – on
It is not supposed to modify anything.  It is a trace of the DNS chain that the resolver does.  Please post it for the DNS you are having trouble with.

I mean that I didn't have to modify anything in order for it to succeed.

Quote from: mrbrklyn – on
If dig can find ir successfully and report all the chain levels, you are not likely having DNS problems.

ethernet:
Code: [Select]
; <<>> DiG 9.20.9 <<>> +trace keyserver.ubuntu.com
;; global options: +cmd
.			304794	IN	NS	m.root-servers.net.
.			304794	IN	NS	c.root-servers.net.
.			304794	IN	NS	d.root-servers.net.
.			304794	IN	NS	e.root-servers.net.
.			304794	IN	NS	i.root-servers.net.
.			304794	IN	NS	k.root-servers.net.
.			304794	IN	NS	a.root-servers.net.
.			304794	IN	NS	b.root-servers.net.
.			304794	IN	NS	j.root-servers.net.
.			304794	IN	NS	f.root-servers.net.
.			304794	IN	NS	l.root-servers.net.
.			304794	IN	NS	g.root-servers.net.
.			304794	IN	NS	h.root-servers.net.
.			446832	IN	RRSIG	NS 8 0 518400 20250626050000 20250613040000 53148 . D/tc+xSXzxrZ42Zp6rVys1ixNZnheAk4UWT3e+V3FpwFKfY/uJYg2C0t YPV0UZWq0znTiKnYd8jjgb6pe7gxiJ3S/xU8oEk/vplSoslj1iBlafkg xGtFTGAPWW5+4KigTeUsSg+5ulVSuk7P4CccV8ckn+hdYDi+HnyVoDjd 99+r//rmRDyh4pgTP4pmUasnmlS5d94fiu/qAZD22COXVRi5hT7JouFG BsL1UrmHoW56xrcPem8JT/j+2g7GtSdSFMUw797y40CUTn9fuzFt6D24 lFr2RT4z9zpXJUOKOk0bR0rxpZycR4wfj+wEmKLAUVJGbs7OPL6qI9o9 lh5rmg==
;; Received 1109 bytes from 172.16.0.1#53(172.16.0.1) in 11 ms

;; UDP setup with 2001:500:9f::42#53(2001:500:9f::42) for keyserver.ubuntu.com failed: network unreachable.
;; no servers could be reached
;; UDP setup with 2001:500:9f::42#53(2001:500:9f::42) for keyserver.ubuntu.com failed: network unreachable.
;; no servers could be reached
;; UDP setup with 2001:500:9f::42#53(2001:500:9f::42) for keyserver.ubuntu.com failed: network unreachable.
;; UDP setup with 2001:500:a8::e#53(2001:500:a8::e) for keyserver.ubuntu.com failed: network unreachable.
com.			172800	IN	NS	g.gtld-servers.net.
com.			172800	IN	NS	k.gtld-servers.net.
com.			172800	IN	NS	e.gtld-servers.net.
com.			172800	IN	NS	i.gtld-servers.net.
com.			172800	IN	NS	c.gtld-servers.net.
com.			172800	IN	NS	b.gtld-servers.net.
com.			172800	IN	NS	j.gtld-servers.net.
com.			172800	IN	NS	f.gtld-servers.net.
com.			172800	IN	NS	d.gtld-servers.net.
com.			172800	IN	NS	h.gtld-servers.net.
com.			172800	IN	NS	a.gtld-servers.net.
com.			172800	IN	NS	m.gtld-servers.net.
com.			172800	IN	NS	l.gtld-servers.net.
com.			86400	IN	DS	19718 13 2 8ACBB0CD28F41250A80A491389424D341522D946B0DA0C0291F2D3D7 71D7805A
com.			86400	IN	RRSIG	DS 8 1 86400 20250626170000 20250613160000 53148 . Jsyt2SlJuFhEfw5FvvMUyAmoq+oeYfiq9C4lzztOSt4lM0F/n/jaHB1w NbH95GSwvTlTkDw1hM8U0Mr7I2wZtkl7Qsgc62mz1eHyEEVDZG7DU3DO DcePbRCfEZlColFlOz7AErm2JZyUVaf1TXQVA04luQVK1Bxcmfi5AYgy 0hXi36tN1H8EOXdMy4iZAkvKoVJSxTshuCOt/n1Ah05MnF+q5xDjGGqn 1fNEGfYpbXWvgS5+dMz+QYM+HhKOmYWcfLCthqsLblIOhAibOcN1ZwiP Zd7lx1dKhFslXs8h9zFLbbtTGVLIh1ieK4lB4C1PavZfaFnu4mVeus57 ck7nkg==
;; Received 1211 bytes from 192.36.148.17#53(i.root-servers.net) in 13 ms

ubuntu.com.		172800	IN	NS	ns1.canonical.com.
ubuntu.com.		172800	IN	NS	ns2.canonical.com.
ubuntu.com.		172800	IN	NS	ns3.canonical.com.
CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 900 IN NSEC3 1 1 0 - CK0Q3UDG8CEKKAE7RUKPGCT1DVSSH8LL NS SOA RRSIG DNSKEY NSEC3PARAM
CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 900 IN RRSIG NSEC3 13 2 900 20250620002602 20250612231602 40097 com. 4Jdbo8fzOK2TDem7S2s83cetG51x9u/8msmXzEkcsASQ0a0Z7w4W47Ft HWrJPG22UMX3lR8Cg151T6wK6C2RLA==
894IO8AM9NDQ8VM84GPASGU0QDHFLFS1.com. 900 IN NSEC3 1 1 0 - 894IV2SV1RTOAHAPRJ3DNEI88AIOLRK9 NS DS RRSIG
894IO8AM9NDQ8VM84GPASGU0QDHFLFS1.com. 900 IN RRSIG NSEC3 13 2 900 20250620013442 20250613002442 40097 com. 9NzC04yYCfVrRG1xDyRJujW5GytxruQVFmG/LXqkBP5M+D158eqALlKQ PvTmRkCfhpowHwpy1zA4W+3T2N0e3g==
;; Received 574 bytes from 192.33.14.30#53(b.gtld-servers.net) in 24 ms

keyserver.ubuntu.com.	600	IN	A	185.125.188.27
keyserver.ubuntu.com.	600	IN	A	185.125.188.26
ubuntu.com.		172800	IN	NS	ns2.canonical.com.
ubuntu.com.		172800	IN	NS	ns1.canonical.com.
ubuntu.com.		172800	IN	NS	ns3.canonical.com.
;; Received 176 bytes from 185.125.190.65#53(ns1.canonical.com) in 147 ms

wlan:
Code: [Select]
; <<>> DiG 9.20.9 <<>> +trace keyserver.ubuntu.com
;; global options: +cmd
.			300880	IN	NS	j.root-servers.net.
.			300880	IN	NS	c.root-servers.net.
.			300880	IN	NS	h.root-servers.net.
.			300880	IN	NS	i.root-servers.net.
.			300880	IN	NS	d.root-servers.net.
.			300880	IN	NS	k.root-servers.net.
.			300880	IN	NS	l.root-servers.net.
.			300880	IN	NS	e.root-servers.net.
.			300880	IN	NS	b.root-servers.net.
.			300880	IN	NS	f.root-servers.net.
.			300880	IN	NS	g.root-servers.net.
.			300880	IN	NS	m.root-servers.net.
.			300880	IN	NS	a.root-servers.net.
.			447600	IN	RRSIG	NS 8 0 518400 20250626050000 20250613040000 53148 . D/tc+xSXzxrZ42Zp6rVys1ixNZnheAk4UWT3e+V3FpwFKfY/uJYg2C0t YPV0UZWq0znTiKnYd8jjgb6pe7gxiJ3S/xU8oEk/vplSoslj1iBlafkg xGtFTGAPWW5+4KigTeUsSg+5ulVSuk7P4CccV8ckn+hdYDi+HnyVoDjd 99+r//rmRDyh4pgTP4pmUasnmlS5d94fiu/qAZD22COXVRi5hT7JouFG BsL1UrmHoW56xrcPem8JT/j+2g7GtSdSFMUw797y40CUTn9fuzFt6D24 lFr2RT4z9zpXJUOKOk0bR0rxpZycR4wfj+wEmKLAUVJGbs7OPL6qI9o9 lh5rmg==
;; Received 1109 bytes from 172.16.0.1#53(172.16.0.1) in 18 ms

com.			172800	IN	NS	a.gtld-servers.net.
com.			172800	IN	NS	b.gtld-servers.net.
com.			172800	IN	NS	c.gtld-servers.net.
com.			172800	IN	NS	d.gtld-servers.net.
com.			172800	IN	NS	e.gtld-servers.net.
com.			172800	IN	NS	f.gtld-servers.net.
com.			172800	IN	NS	g.gtld-servers.net.
com.			172800	IN	NS	h.gtld-servers.net.
com.			172800	IN	NS	i.gtld-servers.net.
com.			172800	IN	NS	j.gtld-servers.net.
com.			172800	IN	NS	k.gtld-servers.net.
com.			172800	IN	NS	l.gtld-servers.net.
com.			172800	IN	NS	m.gtld-servers.net.
com.			86400	IN	DS	19718 13 2 8ACBB0CD28F41250A80A491389424D341522D946B0DA0C0291F2D3D7 71D7805A
com.			86400	IN	RRSIG	DS 8 1 86400 20250626170000 20250613160000 53148 . Jsyt2SlJuFhEfw5FvvMUyAmoq+oeYfiq9C4lzztOSt4lM0F/n/jaHB1w NbH95GSwvTlTkDw1hM8U0Mr7I2wZtkl7Qsgc62mz1eHyEEVDZG7DU3DO DcePbRCfEZlColFlOz7AErm2JZyUVaf1TXQVA04luQVK1Bxcmfi5AYgy 0hXi36tN1H8EOXdMy4iZAkvKoVJSxTshuCOt/n1Ah05MnF+q5xDjGGqn 1fNEGfYpbXWvgS5+dMz+QYM+HhKOmYWcfLCthqsLblIOhAibOcN1ZwiP Zd7lx1dKhFslXs8h9zFLbbtTGVLIh1ieK4lB4C1PavZfaFnu4mVeus57 ck7nkg==
;; Received 1180 bytes from 198.97.190.53#53(h.root-servers.net) in 28 ms

;; UDP setup with 2001:503:83eb::30#53(2001:503:83eb::30) for keyserver.ubuntu.com failed: network unreachable.
;; no servers could be reached
;; UDP setup with 2001:503:83eb::30#53(2001:503:83eb::30) for keyserver.ubuntu.com failed: network unreachable.
;; no servers could be reached
;; UDP setup with 2001:503:83eb::30#53(2001:503:83eb::30) for keyserver.ubuntu.com failed: network unreachable.
ubuntu.com.		172800	IN	NS	ns1.canonical.com.
ubuntu.com.		172800	IN	NS	ns2.canonical.com.
ubuntu.com.		172800	IN	NS	ns3.canonical.com.
CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 900 IN NSEC3 1 1 0 - CK0Q3UDG8CEKKAE7RUKPGCT1DVSSH8LL NS SOA RRSIG DNSKEY NSEC3PARAM
CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 900 IN RRSIG NSEC3 13 2 900 20250620002602 20250612231602 40097 com. 4Jdbo8fzOK2TDem7S2s83cetG51x9u/8msmXzEkcsASQ0a0Z7w4W47Ft HWrJPG22UMX3lR8Cg151T6wK6C2RLA==
894IO8AM9NDQ8VM84GPASGU0QDHFLFS1.com. 900 IN NSEC3 1 1 0 - 894IV2SV1RTOAHAPRJ3DNEI88AIOLRK9 NS DS RRSIG
894IO8AM9NDQ8VM84GPASGU0QDHFLFS1.com. 900 IN RRSIG NSEC3 13 2 900 20250620013442 20250613002442 40097 com. 9NzC04yYCfVrRG1xDyRJujW5GytxruQVFmG/LXqkBP5M+D158eqALlKQ PvTmRkCfhpowHwpy1zA4W+3T2N0e3g==
;; Received 574 bytes from 192.48.79.30#53(j.gtld-servers.net) in 34 ms

;; UDP setup with 2620:2d:4000:1::43#53(2620:2d:4000:1::43) for keyserver.ubuntu.com failed: network unreachable.
;; UDP setup with 2620:2d:4000:1::44#53(2620:2d:4000:1::44) for keyserver.ubuntu.com failed: network unreachable.
keyserver.ubuntu.com.	600	IN	A	185.125.188.26
keyserver.ubuntu.com.	600	IN	A	185.125.188.27
ubuntu.com.		172800	IN	NS	ns3.canonical.com.
ubuntu.com.		172800	IN	NS	ns2.canonical.com.
ubuntu.com.		172800	IN	NS	ns1.canonical.com.
;; Received 176 bytes from 185.125.190.65#53(ns1.canonical.com) in 151 ms

Ipv6 failing is pretty expected as I haven't configured it and in the gpg config I force it to use Ipv4.

Quote from: mrbrklyn – on
You stated above that you changed your routers DNS entries, not that you bypassed it.  It is not a subtle difference.  One is you think you changed the settings in your router.  The other you BYPASSED the router through a manual entry in the /etc/resolv.conf file which bypasses the router for DNS inquiries all together.

Sorry, before I posted this thread I manually edited /etc/resolv.conf and added 1.1.1.1 and 8.8.8.8. That is "bypassing" the router's DNS forwarding. It did nothing different from what I'm experiencing with the default DNS setup with my router.

Re: Trouble with DNS on fresh Artix Base install OpenRC, connmand, (dhcpd?)

Reply #34
that is umbuntu.   Didn't you say that keys.openpgp.org is the name that you can not resolve?

BTW - they look like they are having troubles and you've all but tested your network and your DNS and both are working, according to your results

Code: [Select]
flatbush:[ruben]:~$ dig keys.openpgp.org

; <<>> DiG 9.20.9 <<>> keys.openpgp.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 38322
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: f54a0c722c65ba4d01000000684cfe97319f4d5d860448d9 (good)
;; QUESTION SECTION:
;keys.openpgp.org.              IN      A

;; Query time: 0 msec
;; SERVER: 10.0.0.37#53(10.0.0.37) (UDP)
;; WHEN: Sat Jun 14 00:46:04 EDT 2025
;; MSG SIZE  rcvd: 73

You can trace that to see where the trouble is
It looks like their autheticated SOA is having trouble

Code: [Select]
D39489CD78A86BEB0D8A0AEAFF14745C0D 16E1DE32
org.                    86400   IN      RRSIG   DS 8 1 86400 20250626170000 20250613160000 53148 . Fr5EHyEP8o9OTashZoWqUypfgJalSYfCy0SoSOe7gHsombv8hjXenuYe kO9N8O9VrPfcFXO7bl70gnIVi/9LqbHS+gRV86qscZpAqraoHc5rkjuH krV0t69MVipUbclQT5wDKbAh4c1Cmti+aXGvaUtbEB7scRE+ARe8zji5 yc8RfpjKhZw3ZXoSF4vDN1EqsBqZCbAlZ/vAS4H3GLld0NRO6DBniTpW 2hQcPfU9V8oxyO6SR5Yz0cCcV60b2D+epCoQnPpBo5oyRi4EElNnYA8T JOtNLkxoeOAW2PqE1gfNAK1l214atioXV9HQaPcEN3qJY3kWghosVS3q HMgtqQ==
;; Received 788 bytes from 202.12.27.33#53(m.root-servers.net) in 76 ms

openpgp.org.            3600    IN      NS      ns2.swcp.com.
openpgp.org.            3600    IN      NS      ns2.nmia.com.
openpgp.org.            3600    IN      DS      26041 8 2 E68586C464FD449D62B879BC5913214C93FF841D0490A4E7D405324C 81DAC25C
openpgp.org.            3600    IN      RRSIG   DS 8 2 3600 20250630152615 20250609142615 321 org. uidUTdbFQA9yclJr572q40KDqf0EguI8WPRzL/DUWkpdCIetwzfnYgpG npFH8YOkYDYsy0HOrrGHTIGOV2gxEv1FthrbGHWYvNNH2cOQ1DsyY++V KVbjWIRbhApjcwrwIl7t6idQ4F2a7fJsWa4HZctkU/l4JebnNtDxwHir 93g=
couldn't get address for 'ns2.swcp.com': failure
couldn't get address for 'ns2.nmia.com': failure
dig: couldn't get address for 'ns2.swcp.com': no more

You can try different DNS servers to see if this is a regional problem

dig +trace @1.1.1.1 keys.openpgp.org

THERE IS a current record that has not timed out from 1.1.1.1

Code: [Select]
flatbush:[ruben]:~$ dig @1.1.1.1 keys.openpgp.org

; <<>> DiG 9.20.9 <<>> @1.1.1.1 keys.openpgp.org
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45668
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;keys.openpgp.org.              IN      A

;; ANSWER SECTION:
keys.openpgp.org.       2911    IN      A       195.201.47.43

;; Query time: 20 msec
;; SERVER: 1.1.1.1#53(1.1.1.1) (UDP)
;; WHEN: Sat Jun 14 00:53:00 EDT 2025
;; MSG SIZE  rcvd: 61


That is a cached record and will not exist forever.

My guess is that there is nothing wrong with your set up, such as we can see, and we tried by examining all the moving parts, one by one.

It looks like it is out of your hands and openpgp.org is having troubles on an administrative level.

It is a twocows domain
flatbush:[ruben]:~$ whois openpgp.org
Domain Name: openpgp.org
Registry Domain ID: a5369e21b7e547b6a8aadbdaac5e1628-LROR
Registrar WHOIS Server: whois.tucows.com
Registrar URL: http://www.tucows.com
Updated Date: 2024-12-26T20:05:12Z
Creation Date: 2000-01-24T12:38:32Z
Registry Expiry Date: 2026-01-24T12:38:31Z
Registrar: Tucows Domains Inc.
Registrar IANA ID: 69
Registrar Abuse Contact Email: [email protected]
Registrar Abuse Contact Phone: +1.4165350123
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited

Seems to be a problem with the SOA record
Code: [Select]
flatbush:[ruben]:~$ dig -t SOA  keys.openpgp.org

; <<>> DiG 9.20.9 <<>> -t SOA keys.openpgp.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 43860
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: fe75e943cbdb281c01000000684d01cbd73e1b8fe57a9274 (good)
;; QUESTION SECTION:
;keys.openpgp.org.              IN      SOA

;; Query time: 3 msec
;; SERVER: 10.0.0.37#53(10.0.0.37) (UDP)
;; WHEN: Sat Jun 14 00:59:45 EDT 2025
;; MSG SIZE  rcvd: 73

 

Re: Trouble with DNS on fresh Artix Base install OpenRC, connmand, (dhcpd?)

Reply #35
actually, they have been blocked at the 216.0.0.0/8 level because of abuse of the network...

so there is that...

That is on my DNS.  I see it on other dns servers as well on both North American coastlines.

OTOH - on Panix, it is open and the DNS for opengpg.org works.

I don't know if the ip addresses are being blocked or if that is the exact cause of your issue.  That may or may not be contributing to the problem.