Re: [gentoo-user] Browsers cannot access WWW while ping and host utilities work as expected.

[Mick <michaelkintzios@gmail.com>]

[-- Attachment #1: Type: Text/Plain, Size: 5523 bytes --]

On Monday 05 Aug 2013 07:06:08 gevisz wrote:
> My thanks to all who replied to my question.
> 
> The problem was with my local router, which I also used as DNS.
> After excluding it from /etc/resolv.config and /etc/init.d/net files,
> Firefox started to work as expected.

Hmm ... I wonder if this is related to my earlier comment about malformed 
packets.

May be worth trying a different firmware for this router.


> Suggestions of  Michael Kintzios

> > This is the new kernel naming scheme of NICs.  Which-ever nomenclature
> > you decide to use, check that that's the only one having a symlink in
> > /etc/init.d to net.lo
> 
> Yes, there is only enp2s15 links to lo in /etc/init.d

The idea here is that you need consistent naming of your iface.  If you have 
settled on the kernel naming of enp2s15, then stick with this throughout your 
configuration.


> After deleting all but my lan router DNS from /etc/conf.d/net and
> /etc/resolv.conf
> files, I had the same problem as before but in addition the host
> utility reports an
> additional error. Please, see the full response below.

You should not need to manually alter anything in your /etc/resolv.conf, which 
will be completed with the DNS server name(s) you have set up in your 
/etc/conf.d/net.


> # host www.google.com
> www.google.com has address 74.125.232.52
> www.google.com has address 74.125.232.48
> www.google.com has address 74.125.232.49
> www.google.com has address 74.125.232.50
> www.google.com has address 74.125.232.51
> ;; Warning: query response not set
> ;; Warning: query response not set

I think this means that the DNS server response is incorrectly formed (or that 
the server respond code does not include a 4 bit RCODE as it should - more 
detail for DNS geeks can be found here:  http://www.ietf.org/rfc/rfc2136.txt)


> Host www.google.com not found: 4(NOTIMP)

The RFC says:  The name server does not support the specified Opcode.  I would 
reflash the firmware, or try any OpenSource alternatives if available for your 
router.


> After leaving in /etc/conf.d/net and /etc/resolv.conf files only the
> DNS of my service
> provider, Firefox started to work as predicted. Thank you!

This may not be ideal (it will introduce some latency in your requests) but if 
you can't fix your router, it'll have to do for now.


> > Can you please show us:
> > ip route show
> > ip addr show
> > ip link show
> 
> $ ip route show
> default via 192.168.0.1 dev enp2s15  metric 2
> 127.0.0.0/8 via 127.0.0.1 dev lo  scope link
> 192.168.0.0/24 dev enp2s15  proto kernel  scope link  src 192.168.0.9

This says that your IP address us 192.168.0.9, but see below.


> $ ip addr show
[snip ...]

> 2: enp2s15: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
> pfifo_fast state UP qlen 1000
>     link/ether <MAC_address_of_my_Ethernet_card> brd ff:ff:ff:ff:ff:ff
>     inet 192.168.0.7/24 brd 192.168.0.255 scope global enp2s15

This says that your ip address is 192.168.0.7 - did you get a different IP 
address between the two commands?  Your /etc/conf.d/net showed that you had 
set up a static address as config_enp2s15="192.168.0.9 ..."  so why is this 
here?


> $ ip link show
[snip ...]

> 2: enp2s15: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
> pfifo_fast state UP mode DEFAULT qlen 1000
>     link/ether <MAC_address_of_my_Ethernet_card> brd ff:ff:ff:ff:ff:ff

OK, this looks good.

 
> Suggestions of Kurian Thayil
> 
> > Can you do a ping and see if the resolv.conf DNS ips are reachable?
> 
> Yes, I can ping all my DNS. Moreover, I successfully use them from my
> Ubuntu installation on the same computer.
> 
> > do a
> > dig @8.8.8.8 www.google.com ## which will do a name resolution with
> > Google DNS servers.
> 
> Here is the output:
> 
> $ dig @8.8.8.8 www.google.co
> 
> ; <<>> DiG 9.9.2 <<>> @8.8.8.8 www.google.co
> ; (1 server found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4036
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 12, AUTHORITY: 4, ADDITIONAL: 5
> 
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ;; QUESTION SECTION:
> ;www.google.co.			IN	A
> 
> ;; ANSWER SECTION:
> www.google.co.		86400	IN	CNAME	www3.l.google.com.
> www3.l.google.com.	13	IN	A	173.194.32.166
> www3.l.google.com.	13	IN	A	173.194.32.167
> www3.l.google.com.	13	IN	A	173.194.32.168
> www3.l.google.com.	13	IN	A	173.194.32.169
> www3.l.google.com.	13	IN	A	173.194.32.174
> www3.l.google.com.	13	IN	A	173.194.32.160
> www3.l.google.com.	13	IN	A	173.194.32.161
> www3.l.google.com.	13	IN	A	173.194.32.162
> www3.l.google.com.	13	IN	A	173.194.32.163
> www3.l.google.com.	13	IN	A	173.194.32.164
> www3.l.google.com.	13	IN	A	173.194.32.165
> 
> ;; AUTHORITY SECTION:
> google.com.		244594	IN	NS	ns3.google.com.
> google.com.		244594	IN	NS	ns2.google.com.
> google.com.		244594	IN	NS	ns4.google.com.
> google.com.		244594	IN	NS	ns1.google.com.
> 
> ;; ADDITIONAL SECTION:
> ns1.google.com.		191550	IN	A	216.239.32.10
> ns2.google.com.		191550	IN	A	216.239.34.10
> ns3.google.com.		191550	IN	A	216.239.36.10
> ns4.google.com.		191550	IN	A	216.239.38.10
> 
> ;; Query time: 96 msec
> ;; SERVER: 8.8.8.8#53(8.8.8.8)
> ;; WHEN: Mon Aug  5 07:59:45 2013
> ;; MSG SIZE  rcvd: 385

OK, Google's public DNS 8.8.8.8 works fine, but your router's internal DNS 
repeater seems to be dodgy.

-- 
Regards,
Mick

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 490 bytes --]