Failed to fetch webpage, temporary failure resolving domain

1.0 Error

While configuring a Linux server, the error Failed to fetch webpage, temporary failure resolving domain was observed.

$ sudo apt-get update Err:1 http://mirrors.xxxxxx.com/ubuntu bionic InRelease Temporary failure resolving 'mirrors.xxxxxx.com' Err:2 http://mirrors.xxxxxx.com/ubuntu bionic-updates InRelease Temporary failure resolving 'mirrors.xxxxxx.com' Err:3 http://mirrors.xxxxxx.com/ubuntu bionic-backports InRelease Temporary failure resolving 'mirrors.xxxxxx.com' Err:4 http://security.ubuntu.com/ubuntu bionic-security InRelease Temporary failure resolving 'security.ubuntu.com' Reading package lists... Done W: Failed to fetch http://mirrors.xxxxxx.com/ubuntu/dists/bionic/InRelease Temporary failure resolving 'mirrors.xxxxxx.com' W: Failed to fetch http://mirrors.xxxxxx.com/ubuntu/dists/bionic-updates/InRelease Temporary failure resolving 'mirrors.xxxxxx.com' W: Failed to fetch http://mirrors.xxxxxx.com/ubuntu/dists/bionic-backports/InRelease Temporary failure resolving 'mirrors.xxxxxx.com' W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/bionic-security/InRelease Temporary failure resolving 'security.ubuntu.com' W: Some index files failed to download. They have been ignored, or old ones used instead.

Also, the dig command would not work.

$ dig example.com ; <<>> DiG 9.11.3-1ubuntu1-Ubuntu <<>> example.com ;; global options: +cmd ;; connection timed out; no servers could be reached

2.0 Solution

Obviously the DNS resolution was not working. In this particular system, the DNS server on the localhost was being used. However, the strict iptables rules were not allowing network traffic from the localhost. The problem was solved by adding rules to allow bidirectional traffic from the localhost.

... iptables -N val_input iptables -N val_output # allow packets with NEW, ESTABLISHED and RELATED states iptables -A val_input -m state --state NEW,ESTABLISHED,RELATED -i lo -j RETURN iptables -A val_output -m state --state NEW,ESTABLISHED,RELATED -o lo -j RETURN iptables -A val_input -j DROP iptables -A val_output -j DROP iptables -A INPUT -p tcp -j val_input iptables -A OUTPUT -p tcp -j val_output # allow DNS queries and replies - client iptables -A INPUT -p udp -i eth0 --sport 53 -j ACCEPT iptables -A OUTPUT -p udp -o eth0 --dport 53 -j ACCEPT iptables -A INPUT -p tcp -i eth0 --sport 53 -j ACCEPT iptables -A OUTPUT -p tcp -o eth0 --dport 53 -j ACCEPT # allow everything on localhost iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT # set policies for chains iptables -P INPUT DROP iptables -P OUTPUT DROP iptables -P FORWARD DROP

After the above-mentioned change, the commands, which were giving error earlier, work fine.

$ sudo apt-get update Hit:1 http://mirrors.xxxxxx.com/ubuntu bionic InRelease Get:2 http://mirrors.xxxxxx.com/ubuntu bionic-updates InRelease [88.7 kB] Get:3 http://mirrors.xxxxxx.com/ubuntu bionic-backports InRelease [74.6 kB] Get:4 http://mirrors.xxxxxx.com/ubuntu bionic-updates/main i386 Packages [157 kB] Get:5 http://security.ubuntu.com/ubuntu bionic-security InRelease [83.2 kB] Get:6 http://mirrors.xxxxxx.com/ubuntu bionic-updates/main amd64 Packages [175 kB] Get:7 http://mirrors.xxxxxx.com/ubuntu bionic-updates/universe i386 Packages [113 kB] Get:8 http://mirrors.xxxxxx.com/ubuntu bionic-updates/universe amd64 Packages [113 kB] Fetched 806 kB in 1s (1,023 kB/s) Reading package lists... Done $ $ dig example.com ; <<>> DiG 9.11.3-1ubuntu1-Ubuntu <<>> example.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3121 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 65494 ;; QUESTION SECTION: ;example.com. IN A ;; ANSWER SECTION: example.com. 23074 IN A 93.184.216.34 ;; Query time: 0 msec ;; SERVER: 127.0.0.53#53(127.0.0.53) ;; WHEN: Sat Jul 07 16:38:26 UTC 2018 ;; MSG SIZE rcvd: 56

Software: