network and dns is working but no internet

I installed a fresh installation and configured my whole KDE desktop.
I guess after “I activated samba or any other windows domain service”* the connection to the local network kept working, also samba is working perfect; but when an application or browser wants to connect to the internet, I get nothing;

• not 100% sure that the problem appeared after configuring samba as I configured a lot of basic things on the first boot…

I tried a lot of things like:

• deleting /etc/resolv.conf
• adding the opendns server ip to resolv.conf
• rebooting several times
• trying as root

-> no result

when I nslookup an url, like nslookup google.com I get the correct ip address.
that works for all urls so i suppose the dns is working properly.

I also disabled the buildin firewall with no result.

What else can I do or test?
it drives me crazy

should I do a fresh install?
can i do that with keeping my desktop configuration? (exept the network configuration)

thanks in advance!

Hello,

Welcome to the openSUSE forums.

That said, we have some good habits here, like do not tell only, but show. E.g. you do not say

when I nslookup an url, like nslookup google.com I get the correct ip address.

but you show:

henk@boven:~> nslookup google.com 
Server:         194.109.6.66 
Address:        194.109.6.66#53 

Non-authoritative answer: 
Name:   google.com 
Address: 172.217.168.238 
Name:   google.com 
Address: 2a00:1450:400e:80c::200e 

henk@boven:~>

(BTW, those CODE tags you get with the # button in the toolbar).

You seem already have done some the checks (allthough you did not prove them by showing) that should be done (from bottom to top). Because you say you can connect within the LAN, I assume we can take it for granted that the NIC is up and has an IP address, That you can do the nslookup proves that you have some DNS server serving you. But we still have no prove that you can go through your router to the internet. So please do (and post):

ping -c1 195.135.221.161

and

pig -c1 forums.opensuse.org

ok I got you, here is the proof:

rogez@larissa:~> su
Password:
larissa:/home/rogez # ping -c1 195.135.221.161
PING 195.135.221.161 (195.135.221.161) 56(84) bytes of data.
64 bytes from 195.135.221.161: icmp_seq=1 ttl=52 time=36.7 ms

--- 195.135.221.161 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 36.741/36.741/36.741/0.000 ms
larissa:/home/rogez # nslookup google.com
Server:         208.67.222.222
Address:        208.67.222.222#53

Non-authoritative answer:
Name:   google.com
Address: 216.58.208.110
Name:   google.com
Address: 2a00:1450:400e:80e::200e

larissa:/home/rogez # nslookup google.be
Server:         208.67.222.222
Address:        208.67.222.222#53

Non-authoritative answer:
Name:   google.be
Address: 142.250.179.131
Name:   google.be
Address: 2a00:1450:400e:801::2003

larissa:/home/rogez # ping -c1 forums.opensuse.org
ping: forums.opensuse.org: Name or service not known
larissa:/home/rogez # pig -c1 forums.opensuse.org
If 'pig' is not a typo you can use command-not-found to lookup the package that contains it, like this:
    cnf pig
larissa:/home/rogez # ping 216.58.208.110
PING 216.58.208.110 (216.58.208.110) 56(84) bytes of data.
64 bytes from 216.58.208.110: icmp_seq=1 ttl=58 time=16.2 ms
64 bytes from 216.58.208.110: icmp_seq=2 ttl=58 time=18.2 ms
^C
--- 216.58.208.110 ping statistics ---
6 packets transmitted, 6 received, 0% packet loss, time 5008ms
rtt min/avg/max/mdev = 13.696/17.588/22.445/2.619 ms
larissa:/home/rogez # ping rogez.be
ping: rogez.be: Name or service not known
larissa:/home/rogez # nslookup rogez.be
Server:         208.67.222.222
Address:        208.67.222.222#53

Non-authoritative answer:
Name:   rogez.be
Address: 185.94.230.73
Name:   rogez.be
Address: 2a00:f10:13f:0:1c00:acff:fe00:136

larissa:/home/rogez # ping 185.94.230.73
PING 185.94.230.73 (185.94.230.73) 56(84) bytes of data.
64 bytes from 185.94.230.73: icmp_seq=1 ttl=52 time=16.6 ms
64 bytes from 185.94.230.73: icmp_seq=2 ttl=52 time=19.4 ms
^C
--- 185.94.230.73 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3005ms
rtt min/avg/max/mdev = 15.625/17.440/19.417/1.434 ms

the strange thing is that I can ping an ip address but not an url, although the dns seems to work trough nslookup…

Show content /etc/nsswitch.conf (and any file in /etc/nsswitch.conf.d if there is any).

nsswitch.conf :

#
# /etc/nsswitch.conf
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# Valid databases are: aliases, ethers, group, gshadow, hosts,
# initgroups, netgroup, networks, passwd, protocols, publickey,
# rpc, services, and shadow.
#
# Valid service provider entries include (in alphabetical order):
#
#    compat            Use /etc files plus *_compat pseudo-db
#    db            Use the pre-processed /var/db files
#    dns            Use DNS (Domain Name Service)
#    files            Use the local files in /etc
#    hesiod            Use Hesiod (DNS) for user lookups
#    nis            Use NIS (NIS version 2), also called YP
#    nisplus            Use NIS+ (NIS version 3)
#
# See `info libc 'NSS Basics'` for more information.
#
# Commonly used alternative service providers (may need installation):
#
#    ldap            Use LDAP directory server
#    myhostname        Use systemd host names
#    mymachines        Use systemd machine names
#    mdns*, mdns*_minimal    Use Avahi mDNS/DNS-SD
#    resolve            Use systemd resolved resolver
#    sss            Use System Security Services Daemon (sssd)
#    systemd            Use systemd for dynamic user option
#    winbind            Use Samba winbind support
#    wins            Use Samba wins support
#    wrapper            Use wrapper module for testing
#
# Notes:
#
# 'sssd' performs its own 'files'-based caching, so it should generally
# come before 'files'.
#
# WARNING: Running nscd with a secondary caching service like sssd may
#        lead to unexpected behaviour, especially with how long
#        entries are cached.
#
# Installation instructions:
#
# To use 'db', install the appropriate package(s) (provide 'makedb' and
# libnss_db.so.*), and place the 'db' in front of 'files' for entries
# you want to be looked up first in the databases, like this:
#
# passwd:    db files
# shadow:    db files
# group:     db files

passwd:        compat
group:        compat
shadow:        compat
# Allow initgroups to default to the setting for group.
# initgroups:    compat

hosts:      [NOTFOUND=return] files mdns_minimal dns
networks:    files dns

aliases:    files usrfiles
ethers:        files usrfiles
gshadow:    files usrfiles
netgroup:    files nis
protocols:    files usrfiles
publickey:    files
rpc:        files usrfiles
services:    files usrfiles

automount:    files nis
bootparams:    files
netmasks:    files

/etc/nsswitch.conf.d does not excist;

You’re the second user (that I know of) reporting lack of internet access after configuring samba. Someone should file a bug report.

The fix is simple, remove [NOTFOUND=return] from hosts line:

hosts:      files mdns_minimal dns

Here is the problem. This is the second report on this forum. Something went wrong during some package installation/update. If you can remember when this problem started you could try to guess suspected package (version).

[NOTFOUND=return] is expected to be after mdns_minimal. You could also check the difference between /etc/nsswitch.conf and /usr/etc/nsswitch,conf and probably just delete /etc version.

You do not really need mdns unless you have local network with many hosts and want to avoid maintaining /etc/hosts or local DNS manually.

Well, I did not ask you to do those ping commands as root.And the two I asked you is enough. I have no idea why all those google things come between the two.

Also, when you need to do things as root (not for ping and nslookup), do not use

su

but

su -

In any case, while I was dining, you already got good advice on the base of what you showed.

danku meester henk, ik hoop dat u lekker gegeten hebt

now what is the difference between su and su - ?
I really don’t know?

Now I finished my dining and I go boot immediately to opensuse and remove the “[NOTFOUND=return]” to see if that is the solution, sounds amazing if that would be it…!

thanks all, I keep u informed!

believe it or not, but removing “[NOTFOUND=return]” from “nsswitch.conf” just fixed it! thanks a million times! now I am very curious how that this all happened…

• so I am like the second case who had this issue after installing samba? how come? (someone wrote that here somewhere)
• “nsswitch.conf” is used for what exactly? (“name service switch”: a switch for different name servers defined on the machine?)
• what was physically happening on my machine? I guess some loop? but where and how exactly? can someone describe?

thanks for learning this new opensuse user see the light here! I really appreciate the quick help I got here. No commercial brand is doing that for it’s customers :).
finally have internet on my suse :)))

Well, the first thing one should o before one uses any command in the shell that is mentioned “somewhere on the internet”, is reading the man page.

man su

There you will read that the - is short for the option -l and is equivalent to the long option --login:

-,** -l**,** --login**Start the shell as a login shell with an environment similar to a real login:
. clears all the environment variables except TERM and variables specified by –whitelist-environment
. initializes the environment variables HOME, SHELL, USER, LOGNAME, and PATH
. changes to the target user’s home directory
. sets argv[0] of the shell to '-’ in order to make the shell a login shell

In short it will then use the environment of the root user and not of the original user. Using the, often not really understood, user environment as root may be lethal. Just go to bed and dream about all the havoc one could create with a PATH variable that lets root execute other programs then those intended. It could become a nightmare.

It may be one of the first things a system manager will learn on a basic Unix system managers course since ~50 years.

No commercial brand is doing that for it’s customers

Just to be sure you understand fully.
There may be employees of openSUSE or SUSE here, but they not here as representatives of either.
We are ALL regular users here and NOT customers.

Eventually the stuff will hit the fan. That’s why I stick to KISS.

yes i know
what I was saying was that you really provide helpful help, it was a compliment, as i don’t give them so often.
not worthless copypaste “support” as they provide on websites of commercial os’ses with expensive licences.

cheers!

It hit me, so now I became a fan.

but still, [NOTFOUND=return] was this piece of code causing a loop? or what exactly went wrong in the routing?
I try to understand;

https://docs.oracle.com/cd/E19683-01/817-4843/a12swit-84565/index.html

NOTFOUND
The source responded with “No such entry.” In other words, the table, map, or file was accessed but the needed information was not found.

…
return
Stop looking for the information.

So [NOTFOUND=return] in the first position for hosts, it was not even trying to resolve names. This action becomes useful after at least one service (e.g. dns).

You mean you do not know whjat nsswitch.conf is supposed to do?

man nsswitch.conf

What loop?

what exactly went wrong in the routing?

What routing? If you asking “why name resolution failed” - I assume initial state of name resolution is NOTFOUND and misplaced directive caused it to stop looking further right away.

Format of the nsswitch.conf File (System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP))

Linux is not Solaris, although in this case functionality is similar enough. But in general you should try to use native Linux documentation. Devil is in details.

The reason is slightly different. Parser failed to find service name in the beginning and stopped looking further so the effect was empty list. As if nothing could provide name resolution. It did not really try to interpret this action.

Basically this is invalid syntax; action is meaningful only after service name and applies to preceding service name. Except invalid syntax would have resulted in glibc using default which is to use DNS. So it is arguably bug in glibc.

Nscd caused some issues here. I now have:

**erlangen:~ #** systemctl status nscd.service systemd-resolved.service  
○ nscd.service - Name Service Cache Daemon 
    ** Loaded: loaded (/usr/lib/systemd/system/nscd.service; disabled; vendor preset: enabled) 
     Active: inactive (dead) **

**●** systemd-resolved.service - Network Name Resolution 
     Loaded: loaded (/usr/lib/systemd/system/systemd-resolved.service; enabled; vendor preset: disabled) 
     Active: **active (running)** since Tue 2021-11-23 18:28:12 CET; 4h 5min ago 
       Docs: man:systemd-resolved.service(8) 
             man:org.freedesktop.resolve1(5) 
             https://www.freedesktop.org/wiki/Software/systemd/writing-network-configuration-managers 
             https://www.freedesktop.org/wiki/Software/systemd/writing-resolver-clients 
   Main PID: 746 (systemd-resolve) 
     Status: "Processing requests..." 
      Tasks: 1 (limit: 4915) 
        CPU: 160ms 
     CGroup: /system.slice/systemd-resolved.service 
             └─746 /usr/lib/systemd/systemd-resolved 

Nov 23 18:28:12 erlangen systemd[1]: Starting Network Name Resolution... 
Nov 23 18:28:12 erlangen systemd-resolved[746]: Positive Trust Anchors: 
Nov 23 18:28:12 erlangen systemd-resolved[746]: . IN DS 20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d 
Nov 23 18:28:12 erlangen systemd-resolved[746]: Negative trust anchors: home.arpa 10.in-addr.arpa 16.172.in-addr.arpa 17.172.in-addr.arpa 18.172.in-addr.arpa 19.172.in-addr.arpa 20.172.in-addr.arpa 21.172.in-addr.arpa 22.172.in-addr.arpa 23.172.in-addr.arpa 24.172.in-add>
Nov 23 18:28:12 erlangen systemd-resolved[746]: Using system hostname 'erlangen'. 
Nov 23 18:28:12 erlangen systemd[1]: Started Network Name Resolution. 
**erlangen:~ #**

Networking is now reliable, fast and virtually maintenance free.