I have some problem with DNS name resolving.
In a terminal, I can use
nslookup to resolve some certain domain, but when I try to ping it, it complains that
Name or service not known.
$> nslookup www.github.com
www.github.com canonical name = github.com.
$> ping www.github.com
ping: www.github.com: Name or service not known
ps, I’m in China behind the great firewall
in my /etc/resolv.conf, there is a line
I removed it and seems everything is ok now. But this options seems to be needed by some other part of the system, I’m not sure whether it is proper to remove it.
The option is set here: NixOS Search - Loading...
I’m not sure about what it exactly does either, but I wonder if it tries to verify DNSSEC and finds that it’s being intercepted?
I think it allows to use bigger queries but it might be filtered/lost by middleboxes. I had to remove it from my config too. Maybe it should default to false.
Yes, it does not trigger DNSSEC validation at all. (That would be problem in China’s stock DNS, too.) EDNS0 was standardized in 90’s in IETF, and yet some (rarer) middle-boxes still have problems. In such cases I believe
networking.dnsExtensionMechanism = false; should be just fine.
Is this still recommended? I’m having DNS issues on 20.03 with networkmanager.
I’m not aware of any related change since then.
Thanks! I made an issue about it as the above solution didn’t work for me.