Installer breaks DNS and fails on name resolution

#1

Hi,
I am trying to setup MiaB on fresh install of Ubuntu 18.04 x64 (server edition) as required. However, installer always fails as below. Before installation was started, it was resolved just fine, but fails after install attempt.

image
image2128×713 46 KB

I have tried couple of times, even different VMs, at different hosts, at different locations, but still the same.

Any ideas?

Thanks!

#2

I’m guessing your sources.list file needs to be changed.

Try changing from cz.archive.ubuntu.com to a different URL, such as archive.ubuntu.com.

sudo nano /etc/apt/sources.list

Instead of deleting lines, just comment them, then copy paste and edit the new line. Probably something like:

# deb http://cz.archive.ubuntu.com/ubuntu/ bionic universe
deb http://archive.ubuntu.com/ubuntu/ bionic universe

You will need to do this for each line using cz.archive.ubuntu.com.

#3

I did a fresh install, changed mirror URL during process and sources.list now looks as below.

patrik@miab:~$ cat /etc/apt/sources.list
# See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to
# newer versions of the distribution.
deb http://archive.ubuntu.com/ubuntu bionic main restricted
# deb-src http://archive.ubuntu.com/ubuntu bionic main restricted

## Major bug fix updates produced after the final release of the
## distribution.
deb http://archive.ubuntu.com/ubuntu bionic-updates main restricted
# deb-src http://archive.ubuntu.com/ubuntu bionic-updates main restricted

## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team. Also, please note that software in universe WILL NOT receive any
## review or updates from the Ubuntu security team.
deb http://archive.ubuntu.com/ubuntu bionic universe
# deb-src http://archive.ubuntu.com/ubuntu bionic universe
deb http://archive.ubuntu.com/ubuntu bionic-updates universe
# deb-src http://archive.ubuntu.com/ubuntu bionic-updates universe

## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team, and may not be under a free licence. Please satisfy yourself as to
## your rights to use the software. Also, please note that software in
## multiverse WILL NOT receive any review or updates from the Ubuntu
## security team.
deb http://archive.ubuntu.com/ubuntu bionic multiverse
# deb-src http://archive.ubuntu.com/ubuntu bionic multiverse
deb http://archive.ubuntu.com/ubuntu bionic-updates multiverse
# deb-src http://archive.ubuntu.com/ubuntu bionic-updates multiverse

## N.B. software from this repository may not have been tested as
## extensively as that contained in the main release, although it includes
## newer versions of some applications which may provide useful features.
## Also, please note that software in backports WILL NOT receive any review
## or updates from the Ubuntu security team.
deb http://archive.ubuntu.com/ubuntu bionic-backports main restricted universe multiverse
# deb-src http://archive.ubuntu.com/ubuntu bionic-backports main restricted universe multiverse

## Uncomment the following two lines to add software from Canonical's
## 'partner' repository.
## This software is not part of Ubuntu, but is offered by Canonical and the
## respective vendors as a service to Ubuntu users.
# deb http://archive.canonical.com/ubuntu bionic partner
# deb-src http://archive.canonical.com/ubuntu bionic partner

deb http://archive.ubuntu.com/ubuntu bionic-security main restricted
# deb-src http://archive.ubuntu.com/ubuntu bionic-security main restricted
deb http://archive.ubuntu.com/ubuntu bionic-security universe
# deb-src http://archive.ubuntu.com/ubuntu bionic-security universe
deb http://archive.ubuntu.com/ubuntu bionic-security multiverse
# deb-src http://archive.ubuntu.com/ubuntu bionic-security multiverse

Fais in the same fashion:

Installing nsd (DNS server)...

FAILED: apt-get -y -o Dpkg::Options::=--force-confdef -o Dpkg::Options::=--force-confnew install nsd ldnsutils openssh-client
-----------------------------------------
Reading package lists...
Building dependency tree...
Reading state information...
openssh-client is already the newest version (1:7.6p1-4ubuntu0.7).
The following NEW packages will be installed:
  ldnsutils libldns2 nsd
0 upgraded, 3 newly installed, 0 to remove and 0 not upgraded.
Need to get 1,010 kB of archives.
After this operation, 3,155 kB of additional disk space will be used.
Err:1 http://archive.ubuntu.com/ubuntu bionic/universe amd64 nsd amd64 4.1.17-1build1
  Temporary failure resolving 'archive.ubuntu.com'
Ign:2 http://archive.ubuntu.com/ubuntu bionic-updates/main amd64 libldns2 amd64 1.7.0-3ubuntu4.1
Ign:3 http://archive.ubuntu.com/ubuntu bionic-updates/universe amd64 ldnsutils amd64 1.7.0-3ubuntu4.1
Err:2 http://archive.ubuntu.com/ubuntu bionic-updates/main amd64 libldns2 amd64 1.7.0-3ubuntu4.1
  Temporary failure resolving 'archive.ubuntu.com'
Err:3 http://archive.ubuntu.com/ubuntu bionic-updates/universe amd64 ldnsutils amd64 1.7.0-3ubuntu4.1
  Temporary failure resolving 'archive.ubuntu.com'
E: Failed to fetch http://archive.ubuntu.com/ubuntu/pool/universe/n/nsd/nsd_4.1.17-1build1_amd64.deb  Temporary failure resolving 'archive.ubuntu.com'
E: Failed to fetch http://archive.ubuntu.com/ubuntu/pool/main/l/ldns/libldns2_1.7.0-3ubuntu4.1_amd64.deb  Temporary failure resolving 'archive.ubuntu.com'
E: Failed to fetch http://archive.ubuntu.com/ubuntu/pool/universe/l/ldns/ldnsutils_1.7.0-3ubuntu4.1_amd64.deb  Temporary failure resolving 'archive.ubuntu.com'
E: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing?

Need more ideas. :slight_smile:

Thanks

#4

What happens if you run sudo apt-get update?

#5

Use a different Ubuntu 18.04 installation media source.

#6

Its all broken now.

patrik@miab:~$ sudo apt-get update
sudo: unable to resolve host miab.example.com: Resource temporarily unava                                                                             ilable
[sudo] password for patrik:
Err:1 http://archive.ubuntu.com/ubuntu bionic InRelease
  Temporary failure resolving 'archive.ubuntu.com'
Err:2 http://ppa.launchpad.net/certbot/certbot/ubuntu bionic InRelease
  Temporary failure resolving 'ppa.launchpad.net'
Err:3 http://archive.ubuntu.com/ubuntu bionic-updates InRelease
  Temporary failure resolving 'archive.ubuntu.com'
Err:4 http://ppa.launchpad.net/duplicity-team/duplicity-release-git/ubuntu bionic InRelease
  Temporary failure resolving 'ppa.launchpad.net'
Err:5 http://archive.ubuntu.com/ubuntu bionic-backports InRelease
  Temporary failure resolving 'archive.ubuntu.com'
Err:6 http://archive.ubuntu.com/ubuntu bionic-security InRelease
  Temporary failure resolving 'archive.ubuntu.com'
Reading package lists... Done
W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/bionic/InRelease  Temporary failure resolving 'archive.ubuntu.com'
W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/bionic-updates/InRelease  Temporary failure resolving 'archive.ubuntu.com'
W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/bionic-backports/InRelease  Temporary failure resolving 'archive.ubuntu.com'
W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/bionic-security/InRelease  Temporary failure resolving 'archive.ubuntu.com'
W: Failed to fetch http://ppa.launchpad.net/certbot/certbot/ubuntu/dists/bionic/InRelease  Temporary failure resolving 'ppa.launchpad.net'
W: Failed to fetch http://ppa.launchpad.net/duplicity-team/duplicity-release-git/ubuntu/dists/bionic/InRelease  Temporary failure resolving 'ppa.launchpad.net'
W: Some index files failed to download. They have been ignored, or old ones used instead.
#7

What would that be? I downloaded https://releases.ubuntu.com/18.04/ubuntu-18.04.6-live-server-amd64.iso + hash verified, both machines downloaded independently. What I can do next time is to install without “updating installer” at the begining of the process.

#8

What is the output of

dig ubuntu.archive.com
#9

Before install attempt:

patrik@miab:~$ dig ubuntu.archive.com

; <<>> DiG 9.11.3-1ubuntu1.17-Ubuntu <<>> ubuntu.archive.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 4922
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;ubuntu.archive.com.            IN      A

;; Query time: 320 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Thu Jun 23 15:47:16 UTC 2022
;; MSG SIZE  rcvd: 47

After failed install:

patrik@miab:~$ dig ubuntu.archive.com

; <<>> DiG 9.11.3-1ubuntu1.17-Ubuntu <<>> ubuntu.archive.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 4881
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: dadaba27185a3a6c264f4cad62b48db30f0c7d9ebff0ac61 (good)
;; QUESTION SECTION:
;ubuntu.archive.com.            IN      A

;; Query time: 9 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Jun 23 17:58:43 CEST 2022
;; MSG SIZE  rcvd: 75
#10

Does this output show that you have a public IP address:

ip a
#11

This might be a case where Bind is somehow non-operative. You can check the status of Bind9 with systemctl status bind9
Another way to check this is to edit /etc/resolv.conf and replace 127.0.0.1 with 8.8.8.8 in effect using a google DNS instead of localhost. Then perform a apt-get update and see if the servers are resolved.

#12

@openletter
I cant see my public ip in the output of ip a, only local one and piblic IPv6.

However, public IPv4 was detected at the begining of the setup:

Primary Hostname: miab.example.com
Public IP Address: XXX.XX.XXX.XXX
Public IPv6 Address: XXXX:XXX:XXXX:XXXX::XXX
Private IP Address: XX.XX.XX.XX
Mail-in-a-Box Version:  v57a

@KiekerJan
Here you go.

patrik@miab:~$ systemctl status bind9
● bind9.service - BIND Domain Name Server
   Loaded: loaded (/lib/systemd/system/bind9.service; enabled; vendor preset: enabled)
   Active: active (running) since Thu 2022-06-23 17:57:21 CEST; 4h 40min ago
     Docs: man:named(8)
  Process: 24859 ExecStop=/usr/sbin/rndc stop (code=exited, status=0/SUCCESS)
 Main PID: 24862 (named)
    Tasks: 7 (limit: 4915)
   CGroup: /system.slice/bind9.service
           └─24862 /usr/sbin/named -f -u bind -4

Jun 23 21:57:21 miab.example.com named[24862]: REFUSED unexpected RCODE resolving './DNSKEY/IN': 192.33.4.12#53
Jun 23 21:57:21 miab.example.com named[24862]: REFUSED unexpected RCODE resolving './NS/IN': 192.33.4.12#53
Jun 23 21:57:21 miab.example.com named[24862]: REFUSED unexpected RCODE resolving './DNSKEY/IN': 193.0.14.129#53
Jun 23 21:57:21 miab.example.com named[24862]: REFUSED unexpected RCODE resolving './NS/IN': 193.0.14.129#53
Jun 23 21:57:21 miab.example.com named[24862]: REFUSED unexpected RCODE resolving './DNSKEY/IN': 192.203.230.10#53
Jun 23 21:57:21 miab.example.com named[24862]: REFUSED unexpected RCODE resolving './NS/IN': 192.203.230.10#53
Jun 23 21:57:21 miab.example.com named[24862]: REFUSED unexpected RCODE resolving './DNSKEY/IN': 192.112.36.4#53
Jun 23 21:57:21 miab.example.com named[24862]: managed-keys-zone: Unable to fetch DNSKEY set '.': failure
Jun 23 21:57:21 miab.example.com named[24862]: REFUSED unexpected RCODE resolving './NS/IN': 192.112.36.4#53
Jun 23 21:57:21 miab.example.com named[24862]: resolver priming query complete

After updating /etc/resolv.conf as suggested, apt-get update was able to resolve the servers.

#13

What is the output of the dig command after changing resolv.conf?

#14

It would be:


patrik@miab:~$ dig ubuntu.archive.com

; <<>> DiG 9.11.3-1ubuntu1.17-Ubuntu <<>> ubuntu.archive.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 45096
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;ubuntu.archive.com.            IN      A

;; AUTHORITY SECTION:
archive.com.            3600    IN      SOA     aliza.ns.cloudflare.com. dns.cloudflare.com. 2280965295 10000 2400 604800 3600

;; Query time: 182 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Fri Jun 24 21:49:28 CEST 2022
;; MSG SIZE  rcvd: 107