Domain name resolve problem

I have some problem with DNS name resolving.

In a terminal, I can use nslookup to resolve some certain domain, but when I try to ping it, it complains that Name or service not known.
e.g.,

$> nslookup www.github.com
Server:		8.8.8.8
Address:	8.8.8.8#53

Non-authoritative answer:
Name:	www.github.com
Address: 203.208.39.99
www.github.com	canonical name = github.com.

$> ping www.github.com
ping: www.github.com: Name or service not known

ps, I’m in China behind the great firewall

UPDATED:
in my /etc/resolv.conf, there is a line

options edns0

I removed it and seems everything is ok now. But this options seems to be needed by some other part of the system, I’m not sure whether it is proper to remove it.

The option is set here: https://nixos.org/nixos/options.html#edns0

I’m not sure about what it exactly does either, but I wonder if it tries to verify DNSSEC and finds that it’s being intercepted?

I think it allows to use bigger queries but it might be filtered/lost by middleboxes. I had to remove it from my config too. Maybe it should default to false.

1 Like

Yes, it does not trigger DNSSEC validation at all. (That would be problem in China’s stock DNS, too.) EDNS0 was standardized in 90’s in IETF, and yet some (rarer) middle-boxes still have problems. In such cases I believe networking.dnsExtensionMechanism = false; should be just fine.