Failed to fetch webpage, temporary failure resolving domain

  • by

1.0 Error

While configuring a Linux server, the error Failed to fetch webpage, temporary failure resolving domain was observed.

$ sudo apt-get update
Err:1 ... bionic InRelease
  Temporary failure resolving ...
Err:2 ... bionic-updates InRelease
  Temporary failure resolving ...
...
Reading package lists... Done
W: Failed to fetch ...  Temporary failure resolving ...
...

Also, the dig command would not work.

$ dig example.com

; <<>> DiG 9.11.3-1ubuntu1-Ubuntu <<>> example.com
;; global options: +cmd
;; connection timed out; no servers could be reached

2.0 Solution

Obviously the DNS resolution was not working. In this particular system, the DNS server on the localhost was being used. However, the strict iptables rules were not allowing network traffic from the localhost. The problem was solved by adding rules to allow bidirectional traffic from the localhost.

...
iptables -N val_input
iptables -N val_output

# allow packets with NEW, ESTABLISHED and RELATED states
iptables -A val_input -m state --state NEW,ESTABLISHED,RELATED -i lo -j RETURN
iptables -A val_output -m state --state NEW,ESTABLISHED,RELATED -o lo -j RETURN

iptables -A val_input -j DROP
iptables -A val_output -j DROP

iptables -A INPUT -p tcp -j val_input
iptables -A OUTPUT -p tcp -j val_output

# allow DNS queries and replies - client
iptables -A INPUT -p udp  -i eth0 --sport 53 -j ACCEPT
iptables -A OUTPUT -p udp  -o eth0 --dport 53 -j ACCEPT
iptables -A INPUT -p tcp  -i eth0 --sport 53 -j ACCEPT
iptables -A OUTPUT -p tcp  -o eth0 --dport 53 -j ACCEPT

# allow everything on localhost
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

# set policies for chains
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP

After the above-mentioned change, the commands, which were giving error earlier, work fine.

$ sudo apt-get update
Hit:1 ... bionic InRelease
Get:2 ... bionic-updates InRelease [88.7 kB]
...
Fetched 806 kB in 1s (1,023 kB/s)                                                                                     
Reading package lists... Done
$
$ dig example.com

; <<>> DiG 9.11.3-1ubuntu1-Ubuntu <<>> example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3121
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;example.com.                   IN      A

;; ANSWER SECTION:
example.com.            23074   IN      A       93.184.216.34

;; Query time: 0 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Sat Jul 07 16:38:26 UTC 2018
;; MSG SIZE  rcvd: 56
0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments