Failed to fetch webpage, temporary failure resolving domain

1.0 Error

While configuring a Linux server, the error Failed to fetch webpage, temporary failure resolving domain was observed.

$ sudo apt-get update
Err:1 http://mirrors.xxxxxx.com/ubuntu bionic InRelease
  Temporary failure resolving 'mirrors.xxxxxx.com'
Err:2 http://mirrors.xxxxxx.com/ubuntu bionic-updates InRelease
  Temporary failure resolving 'mirrors.xxxxxx.com'
Err:3 http://mirrors.xxxxxx.com/ubuntu bionic-backports InRelease
  Temporary failure resolving 'mirrors.xxxxxx.com'
Err:4 http://security.ubuntu.com/ubuntu bionic-security InRelease
  Temporary failure resolving 'security.ubuntu.com'
Reading package lists... Done
W: Failed to fetch http://mirrors.xxxxxx.com/ubuntu/dists/bionic/InRelease  Temporary failure resolving 'mirrors.xxxxxx.com'
W: Failed to fetch http://mirrors.xxxxxx.com/ubuntu/dists/bionic-updates/InRelease  Temporary failure resolving 'mirrors.xxxxxx.com'
W: Failed to fetch http://mirrors.xxxxxx.com/ubuntu/dists/bionic-backports/InRelease  Temporary failure resolving 'mirrors.xxxxxx.com'
W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/bionic-security/InRelease  Temporary failure resolving 'security.ubuntu.com'
W: Some index files failed to download. They have been ignored, or old ones used instead.

Also, the dig command would not work.

$ dig example.com

; <<>> DiG 9.11.3-1ubuntu1-Ubuntu <<>> example.com
;; global options: +cmd
;; connection timed out; no servers could be reached

2.0 Solution

Obviously the DNS resolution was not working. In this particular system, the DNS server on the localhost was being used. However, the strict iptables rules were not allowing network traffic from the localhost. The problem was solved by adding rules to allow bidirectional traffic from the localhost.

...
iptables -N val_input
iptables -N val_output

# allow packets with NEW, ESTABLISHED and RELATED states
iptables -A val_input -m state --state NEW,ESTABLISHED,RELATED -i lo -j RETURN
iptables -A val_output -m state --state NEW,ESTABLISHED,RELATED -o lo -j RETURN

iptables -A val_input -j DROP
iptables -A val_output -j DROP

iptables -A INPUT -p tcp -j val_input
iptables -A OUTPUT -p tcp -j val_output

# allow DNS queries and replies - client
iptables -A INPUT -p udp  -i eth0 --sport 53 -j ACCEPT
iptables -A OUTPUT -p udp  -o eth0 --dport 53 -j ACCEPT
iptables -A INPUT -p tcp  -i eth0 --sport 53 -j ACCEPT
iptables -A OUTPUT -p tcp  -o eth0 --dport 53 -j ACCEPT

# allow everything on localhost
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

# set policies for chains
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP

After the above-mentioned change, the commands, which were giving error earlier, work fine.

$ sudo apt-get update
Hit:1 http://mirrors.xxxxxx.com/ubuntu bionic InRelease
Get:2 http://mirrors.xxxxxx.com/ubuntu bionic-updates InRelease [88.7 kB]
Get:3 http://mirrors.xxxxxx.com/ubuntu bionic-backports InRelease [74.6 kB]
Get:4 http://mirrors.xxxxxx.com/ubuntu bionic-updates/main i386 Packages [157 kB]        
Get:5 http://security.ubuntu.com/ubuntu bionic-security InRelease [83.2 kB]        
Get:6 http://mirrors.xxxxxx.com/ubuntu bionic-updates/main amd64 Packages [175 kB]                          
Get:7 http://mirrors.xxxxxx.com/ubuntu bionic-updates/universe i386 Packages [113 kB]                            
Get:8 http://mirrors.xxxxxx.com/ubuntu bionic-updates/universe amd64 Packages [113 kB]                               
Fetched 806 kB in 1s (1,023 kB/s)                                                                                     
Reading package lists... Done
$
$ dig example.com

; <<>> DiG 9.11.3-1ubuntu1-Ubuntu <<>> example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3121
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;example.com.                   IN      A

;; ANSWER SECTION:
example.com.            23074   IN      A       93.184.216.34

;; Query time: 0 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Sat Jul 07 16:38:26 UTC 2018
;; MSG SIZE  rcvd: 56