Domain name resolve problem

astrojhgu · September 4, 2018, 4:11am

I have some problem with DNS name resolving.

In a terminal, I can use nslookup to resolve some certain domain, but when I try to ping it, it complains that Name or service not known.
e.g.,

$> nslookup www.github.com
Server:		8.8.8.8
Address:	8.8.8.8#53

Non-authoritative answer:
Name:	www.github.com
Address: 203.208.39.99
www.github.com	canonical name = github.com.

$> ping www.github.com
ping: www.github.com: Name or service not known

ps, I’m in China behind the great firewall

UPDATED:
in my /etc/resolv.conf, there is a line

options edns0

I removed it and seems everything is ok now. But this options seems to be needed by some other part of the system, I’m not sure whether it is proper to remove it.

manveru · September 4, 2018, 8:24am

The option is set here: NixOS Search

I’m not sure about what it exactly does either, but I wonder if it tries to verify DNSSEC and finds that it’s being intercepted?

teto · September 4, 2018, 12:22pm

I think it allows to use bigger queries but it might be filtered/lost by middleboxes. I had to remove it from my config too. Maybe it should default to false.

vcunat · September 6, 2018, 12:03pm

Yes, it does not trigger DNSSEC validation at all. (That would be problem in China’s stock DNS, too.) EDNS0 was standardized in 90’s in IETF, and yet some (rarer) middle-boxes still have problems. In such cases I believe networking.dnsExtensionMechanism = false; should be just fine.

mjlbach · May 6, 2020, 4:33am

Is this still recommended? I’m having DNS issues on 20.03 with networkmanager.

vcunat · May 8, 2020, 7:45am

I’m not aware of any related change since then.

mjlbach · May 8, 2020, 8:34am

Thanks! I made an issue about it as the above solution didn’t work for me.

https://github.com/NixOS/nixpkgs/issues/87221