While configuring a Linux server, the error
Failed to fetch webpage, temporary failure resolving domain was observed.
$ sudo apt-get update Err:1 ... bionic InRelease Temporary failure resolving ... Err:2 ... bionic-updates InRelease Temporary failure resolving ... ... Reading package lists... Done W: Failed to fetch ... Temporary failure resolving ... ...
Also, the dig command would not work.
$ dig example.com ; <<>> DiG 9.11.3-1ubuntu1-Ubuntu <<>> example.com ;; global options: +cmd ;; connection timed out; no servers could be reached
Obviously the DNS resolution was not working. In this particular system, the DNS server on the localhost was being used. However, the strict iptables rules were not allowing network traffic from the localhost. The problem was solved by adding rules to allow bidirectional traffic from the localhost.
... iptables -N val_input iptables -N val_output # allow packets with NEW, ESTABLISHED and RELATED states iptables -A val_input -m state --state NEW,ESTABLISHED,RELATED -i lo -j RETURN iptables -A val_output -m state --state NEW,ESTABLISHED,RELATED -o lo -j RETURN iptables -A val_input -j DROP iptables -A val_output -j DROP iptables -A INPUT -p tcp -j val_input iptables -A OUTPUT -p tcp -j val_output # allow DNS queries and replies - client iptables -A INPUT -p udp -i eth0 --sport 53 -j ACCEPT iptables -A OUTPUT -p udp -o eth0 --dport 53 -j ACCEPT iptables -A INPUT -p tcp -i eth0 --sport 53 -j ACCEPT iptables -A OUTPUT -p tcp -o eth0 --dport 53 -j ACCEPT # allow everything on localhost iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT # set policies for chains iptables -P INPUT DROP iptables -P OUTPUT DROP iptables -P FORWARD DROP
After the above-mentioned change, the commands, which were giving error earlier, work fine.
$ sudo apt-get update Hit:1 ... bionic InRelease Get:2 ... bionic-updates InRelease [88.7 kB] ... Fetched 806 kB in 1s (1,023 kB/s) Reading package lists... Done $ $ dig example.com ; <<>> DiG 9.11.3-1ubuntu1-Ubuntu <<>> example.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3121 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 65494 ;; QUESTION SECTION: ;example.com. IN A ;; ANSWER SECTION: example.com. 23074 IN A 22.214.171.124 ;; Query time: 0 msec ;; SERVER: 127.0.0.53#53(127.0.0.53) ;; WHEN: Sat Jul 07 16:38:26 UTC 2018 ;; MSG SIZE rcvd: 56