My /etc/resolv.conf will not be written so DNS resolution is not working.
I'm running Ubuntu Server 16.04.1 LTS in a virtual machine on our office server.
This is my /etc/network/interfaces:
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
source /etc/network/interfaces.d/*
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto ens3
iface ens3 inet static
address 192.168.222.104
netmask 255.255.255.0
gateway 192.168.222.1
gateway 192.168.222.1
dns-nameservers 192.168.222.1 8.8.8.8
dns-search internal.domain
post-up iptables-restore < /etc/iptables.up.rules
(/etc/network/interfaces.d is empty)
I've already tried running sudo dpkg-reconfigure resolvconf and sudo ln -sf /run/resolvconf/resolv.conf /etc/resolv.conf as mentioned in this answer. But my /etc/resolv.conf still remains empty:
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
What else can I try to get DNS resolution back on this server?
NOTE: The same setup works on the other 5 servers which run Ubuntu in other VMs on the same hardware.
They all show a /etc/resolv.conf like
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 192.168.222.1
nameserver 8.8.8.8
search internal.domain
and for those DNS resolution works perfect.
Is there any configuration I'm missing?
Just in case I also added my /etc/iptables.up.rules (which is also more or less the same on all 6 Servers and) which I've set up taking some hints from this guide:
*filter
# Allow all outgoing, but drop incoming and forwarding packets by default
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
# Custom per-protocol chains
:UDP - [0:0]
:TCP - [0:0]
:ICMP - [0:0]
# Acceptable UDP traffic
# Acceptable TCP traffic
-A TCP -p tcp --dport 22 -j ACCEPT
-A TCP -p tcp --dport 80 -j ACCEPT
-A TCP -p tcp --dport 443 -j ACCEPT
-A TCP -p tcp --dport 10000 -j ACCEPT
# Acceptable ICMP traffic
-A ICMP -p icmp -j ACCEPT
# Boilerplate acceptance policy
-A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
-A INPUT -i lo -j ACCEPT
# Drop invalid packets
-A INPUT -m conntrack --ctstate INVALID -j DROP
# Pass traffic to protocol-specific chains
## Only allow new connections (established and related should already be handled)
## For TCP, additionally only allow new SYN packets since that is the only valid
## method for establishing a new TCP connection
-A INPUT -p udp -m conntrack --ctstate NEW -j UDP
-A INPUT -p tcp --syn -m conntrack --ctstate NEW -j TCP
-A INPUT -p icmp -m conntrack --ctstate NEW -j ICMP
# Reject anything that's fallen through to this point
## Try to be protocol-specific w/ rejection message
-A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable
-A INPUT -p tcp -j REJECT --reject-with tcp-reset
-A INPUT -j REJECT --reject-with icmp-proto-unreachable
# Commit the changes
COMMIT
*raw
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
*security
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
*mangle
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
/etc/resolvconf/resolv.conf.d/baseis empty .. how should it look like? And will this permanently fix the problem? Since it is an office server I can't reconfigure it all the time e.g. after reboots, updates etc. – derHugo Sep 21 '17 at 08:07/etc/resolv.confto it (for example,nameserver 192.168.222.1, orsearch internal.domain). The file is read byresolvconfwhenever it updates, so it should persist across reboots. – muru Sep 21 '17 at 08:08