Morning and thank you for reading this post.
This morning I am having network issue only on my fedora system, running fedora 35 xfce.
I can ping the router and nothing else. Cannot go on the internet but synergy is working.
Need some trouble shooting help, I would like to put static IP on it but after we get the server back on the internet.
RDSweb
Is the default gateway set correctly?
As far as I can tell, yes.
$ netstat -r
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
default _gateway 0.0.0.0 UG 0 0 0 enp14s0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 enp14s0
But dns is not resolving the name???
I like to add that nothing was installed yesterday, no updates.
But I would like to setup static ip.
Cannot get firefox, chrome to go out on internet. Tried Tor no issue, On internet with Tor only.
Please clarify, because I’m confused. You can ping your router, presumably 192.168.1.1, so you have at least a local network. Can you ping 8.8.8.8 or other well-known IPv4 addresses? If so, you have access to the external network but have a DNS issue. If you can’t ping an address outside your 192.168.1.0 network, you may have a router issue.
Hello Dave,
Well that answer it, see below;
I believe you have found my problem, now how to fix?
[robert@redwolf ~]$ netstat -ar
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
default _gateway 0.0.0.0 UG 0 0 0 enp14s0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 enp14s0
[robert@redwolf ~]$ ping -c 4 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=116 time=18.1 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=116 time=18.9 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=116 time=23.9 ms
64 bytes from 8.8.8.8: icmp_seq=4 ttl=116 time=23.0 ms
— 8.8.8.8 ping statistics —
4 packets transmitted, 4 received, 0% packet loss, time 3005ms
rtt min/avg/max/mdev = 18.053/20.958/23.927/2.521 ms
[robert@redwolf ~]$ nslookup google
;; connection timed out; no servers could be reached
[robert@redwolf ~]$ nslookup yahoo
;; connection timed out; no servers could be reached
My router
[robert@redwolf ~]$ ping -c 4 192.168.1.1
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=0.415 ms
64 bytes from 192.168.1.1: icmp_seq=2 ttl=64 time=0.363 ms
64 bytes from 192.168.1.1: icmp_seq=3 ttl=64 time=0.418 ms
64 bytes from 192.168.1.1: icmp_seq=4 ttl=64 time=0.355 ms
— 192.168.1.1 ping statistics —
4 packets transmitted, 4 received, 0% packet loss, time 3111ms
rtt min/avg/max/mdev = 0.355/0.387/0.418/0.028 ms
Now according to dnschecker google is 142.251.40.206, at least one of google servers
[robert@redwolf ~]$ ping -c 4 142.251.40.206
PING 142.251.40.206 (142.251.40.206) 56(84) bytes of data.
64 bytes from 142.251.40.206: icmp_seq=1 ttl=114 time=39.4 ms
64 bytes from 142.251.40.206: icmp_seq=2 ttl=114 time=36.9 ms
64 bytes from 142.251.40.206: icmp_seq=3 ttl=114 time=35.0 ms
64 bytes from 142.251.40.206: icmp_seq=4 ttl=114 time=42.3 ms
— 142.251.40.206 ping statistics —
4 packets transmitted, 4 received, 0% packet loss, time 3004ms
rtt min/avg/max/mdev = 34.975/38.408/42.313/2.749 ms
Again dnschecker said yahoo is 74.6.231.21, at least one of Yahoo servers.
[robert@redwolf ~]$ ping -c 4 74.6.231.21
PING 74.6.231.21 (74.6.231.21) 56(84) bytes of data.
64 bytes from 74.6.231.21: icmp_seq=1 ttl=48 time=53.6 ms
64 bytes from 74.6.231.21: icmp_seq=2 ttl=48 time=52.8 ms
64 bytes from 74.6.231.21: icmp_seq=3 ttl=48 time=56.5 ms
64 bytes from 74.6.231.21: icmp_seq=4 ttl=48 time=50.0 ms
— 74.6.231.21 ping statistics —
4 packets transmitted, 4 received, 0% packet loss, time 3004ms
rtt min/avg/max/mdev = 49.989/53.231/56.522/2.329 ms
okay, so you have a DNS issue. What’s /etc/resolv.conf look like? (paste using </> special formatting)
Output of nslookup google.com might normally look like
[dbuck@sunshine ~]$ nslookup google.com
Server: 127.0.0.53
Address: 127.0.0.53#53
Non-authoritative answer:
Name: google.com
Address: 142.251.214.142
Name: google.com
Address: 2607:f8b0:4005:814::200e
where the server matches the one in /etc/resolv.conf. Something could have muddied that file.
And if you do a systemctl status, are there any failed units?
Hi Dave,
I did not see any errror on the systemctl status, 200+ lines.
Here is results;
cat /etc/resolv.conf
nameserver 127.0.0.53
options edns0 trust-ad
search .
[robert@redwolf ~]$ nslookup google.com
;; connection timed out; no servers could be reached
[robert@redwolf ~]$ resolvectl --no-pager status
Global
Protocols: LLMNR=resolve -mDNS -DNSOverTLS DNSSEC=no/unsupported
resolv.conf mode: stub
Link 2 (enp14s0)
Current Scopes: LLMNR/IPv4
Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Link 3 (enp15s0)
Current Scopes: none
Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Link 4 (ipv6leakintrf0)
Current Scopes: DNS
Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: ::1
DNS Servers: ::1
DNS Domain: ~.
Usually your local router will provide the DNS settings, but I don’t see them here. Could be that something reset those settings in your router, or could be the router provided them but the NetworkManager rejected them. Perhaps either you or some software on your system overrode NetworkManager global settings. A bit strange and indeterminate to me at this point. Let’s look at the NetworkManager config: sudo NetworkManager --print-config. See for example on debugging this NetworkManager & systemd-resloved: DHCP provided DNS server isn't used (#484) · Issues · NetworkManager / NetworkManager · GitLab
There is a ipv6leakintrf0 interface from a (Proton?) VPN, intended to block ipv6, which should not be there. Please bring up the VPN and bring it down again, and see whether it disappears. Switch the “kill switch” off if available in the VPN app. Or try to remove the interface with “ip link del ipv6leakintrf0” and restart the normal connection in NetworkManager. If you do not use VPN and the ipv6leak is visible in “nmcli con”, use “nmcli con delete ipv6leakintrf0” to remove it.
The actual resolvcectl output shows that you do not have a DNS server. Normally, the router supplies them via DHCP. May be the VPN software removed them. But if you use manually entered IP, you have to specify them in NetworkManager or /etc/systemd/resolved.conf. In the current Fedora configuration, NOT in /etc/resolv.conf.
[robert@redwolf ~]$ sudo NetworkManager --print-config
NetworkManager configuration: /etc/NetworkManager/NetworkManager.conf
[main]
# plugins=keyfile,ifcfg-rh
# rc-manager=auto
# auth-polkit=true
# dhcp=internal
# iwd-config-path=
[logging]
# backend=journal
# audit=false
# no-auto-default file "/var/lib/NetworkManager/no-auto-default.state"
Hello Hmmsjan,
I do use the vpn, however one day everything was working shutodown my linux server. Then the next day I power it up like normally do, login, using web broswer and no dns. Not sure what cause it, right now just trying to get it back. Once I do get it back the way it was, I’m going to make copy of the files, and make notes. So I know how to fix it. Since I’m not using ipv6 at the moment I going to disable it.
Any help is appreciate.
Since we have figure out what is wrong , we just need to fix it.
Here is what I want done.
Bonus
All the while I am document in my notes on the command that we used to fix/configure network.
It has been a while since I have manually configure network.
I just checked it with ProtonVPN. In order to prevent dnsleak, it removes the DNS server for the internet link, which can be done nicely with systemd-resolved. In addition, it creates a dummy interface to serve as blackhole for IPv6. If the app is not closed properly, e,g, kill -9 <allprotonvpnrelated processes>, a NetworkManager connection pvpn-ipv6leak-protection is left, which is up after NetworkManager is restarted. It has ipv6.DNS=::1. For some reasons, I’m in exactly the same connection as you, reestablishing the wireless connection does not help. resolvectl shows de ipv6leak as Defaultroute and no DNS on WLS1. I do not understand it yet, but it’s exactly the same. “nmcli con down pvpn-ipv6leak-connection” is sufficient to restore connection. I do not understand it exactly, but I hope it helps you. Best to bring down the VPN before shutdown.
H.janssen,
Thank you for the tip, I will add it to my notes to bring down vpn first before shutdown server. My server is wire to gigabit hub which is wired to router.
RDSweb
Is this explainable ???
Working situation resolvectl extract:
Link 3 (wls1)
Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 192.168.2.254
DNS Servers: 192.168.2.254 fe80::b2ac:d2ff:fe57:410e%32596
DNS Domain: home
nmcli con up pvpn-ipv6leak-protection
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/7)
Link 3 (wls1)
Current Scopes: LLMNR/IPv4 LLMNR/IPv6
Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Link 24 (ipv6leakintrf0)
Current Scopes: DNS
Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupport>
Current DNS Server: ::1
DNS Servers: ::1
DNS Domain: ~.
The ipv6leakintrf0 dummy interface takes over the whole DNS and wls1 is out of order.
The config file in /etc/NetworkManager/system-connections of this connection
contains
dns=::1;
dns-priority=-1400
ignore-auto-dns=true
I do not know what it means, but it looks like this takes over the complete DNS if the dummy connection is started…
This problems was earlier reported on this forum, am I wrong if I consider this as a serious problem? But is it NetworkManager or the third-party VPN provider?
Either NetworkManager should not remember this connection, or the VPN app should include a service to delete this thing upon system start.
Any help is appreciate.
Since we have figure out what is wrong , we just need to fix it.
Here is what I want done.
Bonus
All the while I am document in my notes on the command that we used to fix/configure network.
It has been a while since I have manually configure network.
Explained:
You can set both the global default and connection-specific ipv4.dns-priority and ipv6.dns-priority parameters to a value between -2147483647 and 2147483647.
So the IPv6 trap takes the complete DNS with priority -1400. Why does the VPN work? It has a DNS priority of -1500…