Join Log in
Score:0
avatar Server

Centos server can ping IPs - but cannot ping domains

ru flag
Iman

I have 3 servers with DigitalOcean (AMS3). Suddenly, three servers at the same time faced the same issue. It seems the servers cannot connect to the outside world. I tried to ping different IP addresses and domains. Here are the results:

ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmpseq=1 ttl=60 time=2.11 ms
64 bytes from 8.8.8.8: icmpseq=2 ttl=60 time=0.946 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=60 time=0.724 ms

ping google.com
ping: google.com: Name or service not known

I searched for a solution on StackOverflow, ServerFault, and DO Community. There were suggestions that the file /etc/resolv.conf might have issues. Here is my /etc/resolv.conf file:

cat /etc/resolv.conf
; Created by cloud-init on instance boot automatically, do not edit.
nameserver 8.8.8.8
nameserver 8.8.4.4

The contents of other files you may want to see:

cat /etc/nsswitch.conf

passwd:     files sss
shadow:     files sss
group:      files sss
#initgroups: files sss

#hosts:     db files nisplus nis dns
hosts:      files dns myhostname

# Example - obey only what nisplus tells us...
#services:   nisplus [NOTFOUND=return] files
#networks:   nisplus [NOTFOUND=return] files
#protocols:  nisplus [NOTFOUND=return] files
#rpc:        nisplus [NOTFOUND=return] files
#ethers:     nisplus [NOTFOUND=return] files
#netmasks:   nisplus [NOTFOUND=return] files

bootparams: nisplus [NOTFOUND=return] files

ethers:     files
netmasks:   files
networks:   files
protocols:  files
rpc:        files
services:   files sss

netgroup:   nisplus sss

publickey:  nisplus

automount:  files nisplus sss
aliases:    files nisplus

cat /etc/sysconfig/network-scripts/ifcfg-eth0

BOOTPROTO=none
DEFROUTE=yes
DEVICE=eth0
GATEWAY=174.138.0.1
HWADDR=16:68:53:c5:4e:5e
IPADDR=174.138.X.Y
IPADDR1=10.18.0.19
IPV6ADDR=2A03:B0C0:0002:00D0:0000:0000:X:Y/64
IPV6INIT=yes
IPV6_DEFAULTGW=2A03:B0C0:0002:00D0:0000:0000:0000:0001
MTU=1500
NETMASK=255.255.240.0
NETMASK1=255.255.0.0
ONBOOT=yes
TYPE=Ethernet
USERCTL=no

dig google.com @8.8.8.8

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.4 <<>> google.com @8.8.8.8
;; global options: +cmd
;; connection timed out; no servers could be reached

dig google.com @2001:4860:4860::8888

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.4 <<>> google.com @2001:4860:4860::8888
;; global options: +cmd
;; connection timed out; no servers could be reached

cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 bizcloud-vds bizcloud-vds
127.0.0.1 localhost.localdomain localhost
127.0.0.1 localhost4.localdomain4 localhost4

::1 bizcloud-vds bizcloud-vds
::1 localhost.localdomain localhost
::1 localhost6.localdomain6 localhost6

174.138.XXX.YYY           cm105srv.ABC.ir cm105srv

Any help is appreciated.

176
0 + 0
cn flag
Bob
DNS resolving is broken. Check with for example the `dig` command line tool if the problem is with connecting to a particular name server I.e. `dig www.Google.com @8.8.8.8` or `dig www.google.com @2001:4860:4860::8888` to test if the issue is IPv4 vs IPv6 related - if the name servers work then the issue is in the configuration of your systems. When they don’t respond the issue may be in your network, for example a firewall configuration
0
Reply
fr flag
Tomek
What's in /etc/hosts file?
0
Reply
ru flag
Iman
@Bob I have updated the question and added the requested information. Please check it.
0
Reply
ru flag
Iman
@Tomek I have updated the question and added the requested information. Please check it.
0
Reply
fr flag
Tomek
bizcloud-vds mapping to 127.0.0.1 and ::1 is unnecessary (hostname mapping is handled by myhostname nss pluging in nsswitch.conf) and duplicated (name repeated twice in each line). I doubt it would help but you can give it a try. Additionally it looks like google dns is blocked somewhere. Shouldn't you use DigitalOcean nameservers? You can also try 1.1.1.1 (cloudflare) and 9.9.9.9 (quad9).
0
Reply
ru flag
Iman
@Tomek I have removed those two lines and restarted the droplet. But still no luck. I have 3 servers with the same problem. Those two are using DigitalOcean DNS and the problem persists on three servers. So, I think the Google DNS should not be the case. I also tried 1.1.1.1 and it was not the solution.
0
Reply
fr flag
Tomek
Then look at your firewall settings and resolver configuration (`man host.conf`, check configuration files and environment settings). If there is no error there then this is likely either someone else blocking you along the path or you should consider the possibility the servers were compromised.
0
Reply
ru flag
Iman
@Tomek I already disabled the firewalld and CSF. Configuration files seems to be fine. Is it possible to be a problem from DO side?
0
Reply
fr flag
Tomek
Possible. The fact 1.1.1.1 also doesn't work may indicate they started blocking public DNS resolvers. Try to use DNS resolver they provide and see if this works.
0
Reply
Arden Smith avatar
pe flag
Arden Smith
Share the config of the `firewalld`
0
Reply
ru flag
Iman
@ArdenSmith `firewalld` is already disabled: https://pasteboard.co/I6ua4WrON6vK.png
0
Reply
cn flag
Bob
Since you can ping but can’t query the Google public resolver 8.8.8.8 DNS traffic to/from them is blocked. If you don’t have a host based firewall you may have a security group / firewall at the provider level that blocks traffic on UDP (and possibly TCP) port 53. Check your ingress and egress rules.
0
Reply
Score:0
Arden Smith avatar Server
pe flag
Arden Smith

To configure an interface to use particular DNS servers, add the following lines to the ifcfg file:

 PEERDNS=no
 DNS1=ip-address
 DNS2=ip-address

where ip-address is the address of a DNS server. This will cause the network service to update /etc/resolv.conf with the specified DNS servers specified. Only one DNS server address is necessary, the other is optional.

0 + 0
ru flag
Iman
Unfortunately, this solution does not work.
0
Reply
Arden Smith avatar
pe flag
Arden Smith
Share the update of `ifcfg` config
0
Reply
ru flag
Iman
Sure. Here is a screenshot: https://pasteboard.co/86MuiXSFeJ0m.png for the file `/etc/sysconfig/network-scripts/ifcfg-eth0`
0
Reply
Arden Smith avatar
pe flag
Arden Smith
check which interface is active
0
Reply
ru flag
Iman
Do you mean [this](https://pasteboard.co/i2sdJMbHCXn7.png) and [this](https://pasteboard.co/OW0icJLTAhhO.png)
0
Reply
Arden Smith avatar
pe flag
Arden Smith
I mean `nmcli con show` and a `ping` test using both ip address at once as source and the google dns as destination together with a `traceroute` and a `tcpdump` in order to identify where the error
0
Reply
ru flag
Iman
NetworkManager is not installed on the server. I am not sure if I can install it because the server cannot connect to any URL to download it.
0
Reply
Arden Smith avatar
pe flag
Arden Smith
Test with a `traceroute` , `ping` with both ip address once at time like source and the google dns as destination, plus a `tcpdump`
0
Reply
ru flag
Iman
I am a programmer with narrow server experience. I am not sure how to do that. If there is a command to achieve it, could you please share it?
0
Reply
Score:0
avatar Server
ru flag
Iman

It took me a couple of days but I have found the source of the problem. I have created a new DigitalOcean droplet and the newly created server had the same problem. So, I figured out there is something wrong with DO itself. I hope this helps the others with the same problem.

0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.