After offline upgrade from Leap 15.0 to 15.1 I have a strange problem with resolving addresses. Firefox can’t open any pages, ping not working, but nslookup, dig and host commands works like a charm.
$ host conncheck.opensuse.org
conncheck.opensuse.org is an alias for proxy.opensuse.org.
proxy.opensuse.org is an alias for proxy-nue.opensuse.org.
proxy-nue.opensuse.org has address 195.135.221.140
proxy-nue.opensuse.org has IPv6 address 2620:113:80c0:8::16
but
$ ping conncheck.opensuse.org
ping: conncheck.opensuse.org: Неизвестное имя или служба (bad address in Russian)
$ cat /etc/host.conf
#
# /etc/host.conf - resolver configuration file
#
# Please read the manual page host.conf(5) for more information.
#
#
# The following option is only used by binaries linked against
# libc4 or libc5. This line should be in sync with the "hosts"
# option in /etc/nsswitch.conf.
#
order hosts, bind
#
# The following options are used by the resolver library:
#
multi on
$ cat /etc/resolv.conf
### /etc/resolv.conf is a symlink to /var/run/netconfig/resolv.conf
### autogenerated by netconfig!
#
# Before you change this file manually, consider to define the
# static DNS configuration using the following variables in the
# /etc/sysconfig/network/config file:
# NETCONFIG_DNS_STATIC_SEARCHLIST
# NETCONFIG_DNS_STATIC_SERVERS
# NETCONFIG_DNS_FORWARDER
# or disable DNS configuration updates via netconfig by setting:
# NETCONFIG_DNS_POLICY=''
#
# See also the netconfig(8) manual page and other documentation.
#
### Call "netconfig update -f" to force adjusting of /etc/resolv.conf.
search svalx.net
nameserver 192.168.1.1
nameserver fe80::c2c1:c0ff:fedb:ec7%eth0
nameserver 2a02:2698::c2c1:c0ff:fedb:ec7
$ cat /etc/nsswitch.conf
#
# /etc/nsswitch.conf
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Legal entries are:
#
# compat Use compatibility setup
# nisplus Use NIS+ (NIS version 3)
# nis Use NIS (NIS version 2), also called YP
# dns Use DNS (Domain Name Service)
# files Use the local files
# [NOTFOUND=return] Stop searching if not found so far
#
# For more information, please read the nsswitch.conf.5 manual page.
#
passwd: compat
group: compat
shadow: compat
hosts: files mdns_minimal dns
networks: files dns
services: files
protocols: files
rpc: files
ethers: files
netmasks: files
netgroup: files nis
publickey: files
bootparams: files
automount: files nis
aliases: files
I use (and used early on 15.0) NetworkManager on wired network with DHCP. Firewalld is disabled.
All things looks fine and I can’t find cause of corruption. Help me please…
And yes, I can ping any hosts by IP over v4 or v6 protocols:
$ host conncheck.opensuse.org
conncheck.opensuse.org is an alias for proxy.opensuse.org.
proxy.opensuse.org is an alias for proxy-nue.opensuse.org.
proxy-nue.opensuse.org has address 195.135.221.140
proxy-nue.opensuse.org has IPv6 address 2620:113:80c0:8::16
$ ping 195.135.221.140
PING 195.135.221.140 (195.135.221.140) 56(84) bytes of data.
64 bytes from 195.135.221.140: icmp_seq=1 ttl=52 time=67.9 ms
64 bytes from 195.135.221.140: icmp_seq=2 ttl=52 time=67.7 ms
^C
--- 195.135.221.140 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 67.758/67.847/67.937/0.275 ms
$ ping 2620:113:80c0:8::16
PING 2620:113:80c0:8::16(2620:113:80c0:8::16) 56 data bytes
64 bytes from 2620:113:80c0:8::16: icmp_seq=1 ttl=54 time=64.3 ms
64 bytes from 2620:113:80c0:8::16: icmp_seq=2 ttl=54 time=64.2 ms
64 bytes from 2620:113:80c0:8::16: icmp_seq=3 ttl=54 time=64.5 ms
^C
--- 2620:113:80c0:8::16 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 64.223/64.358/64.514/0.316 ms
Yes, I done this. resolv.conf is not changed, and DNS issue remains. I tried use other DNS server eg Google public DNS 8.8.8.8, I switched to Wicked but no changes.
$ ip address
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 94:de:80:a8:2a:b9 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.100/24 brd 192.168.1.255 scope global noprefixroute dynamic eth0
valid_lft 76475sec preferred_lft 76475sec
inet6 2a02:2698::1cc9:872/128 scope global noprefixroute dynamic
valid_lft 33280sec preferred_lft 33280sec
inet6 fe80::fee6:a785:87d0:dc0e/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 52:54:00:46:e0:5d brd ff:ff:ff:ff:ff:ff
inet 192.168.2.1/24 brd 192.168.2.255 scope global virbr0
valid_lft forever preferred_lft forever
inet6 2a02:2698::3195:2::1/96 scope global
valid_lft forever preferred_lft forever
inet6 fe80::5054:ff:fe46:e05d/64 scope link
valid_lft forever preferred_lft forever
4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN group default qlen 1000
link/ether 52:54:00:46:e0:5d brd ff:ff:ff:ff:ff:ff
I found out a solution. AppArmor was a cause of dns issue. It blocked access nscd to /run/netconfig/resolv.conf. I was needed refresh AppArmor cache for fixing that. Thank you for your concern!
Rather, it’s my local flaw. rpmconfigcheck showed me unresolved /etc/apparmor.d/abstractions/nameservice.rpmnew. I has move it to /etc/apparmor.d/abstractions/nameservice, restarted apparmor.service, but no changes has been applied yet, until I was deleted all files in /var/lib/apparmor/cache and rebooted.