Domain name resolve problem

I have some problem with DNS name resolving.

In a terminal, I can use nslookup to resolve some certain domain, but when I try to ping it, it complains that Name or service not known.

$> nslookup

Non-authoritative answer:
Address:	canonical name =

$> ping
ping: Name or service not known

ps, I’m in China behind the great firewall

in my /etc/resolv.conf, there is a line

options edns0

I removed it and seems everything is ok now. But this options seems to be needed by some other part of the system, I’m not sure whether it is proper to remove it.

The option is set here: NixOS Search - Loading...

I’m not sure about what it exactly does either, but I wonder if it tries to verify DNSSEC and finds that it’s being intercepted?

I think it allows to use bigger queries but it might be filtered/lost by middleboxes. I had to remove it from my config too. Maybe it should default to false.

1 Like

Yes, it does not trigger DNSSEC validation at all. (That would be problem in China’s stock DNS, too.) EDNS0 was standardized in 90’s in IETF, and yet some (rarer) middle-boxes still have problems. In such cases I believe networking.dnsExtensionMechanism = false; should be just fine.

Is this still recommended? I’m having DNS issues on 20.03 with networkmanager.

I’m not aware of any related change since then.

Thanks! I made an issue about it as the above solution didn’t work for me.