Installer breaks DNS and fails on name resolution

Hi,
I am trying to setup MiaB on fresh install of Ubuntu 18.04 x64 (server edition) as required. However, installer always fails as below. Before installation was started, it was resolved just fine, but fails after install attempt.

I have tried couple of times, even different VMs, at different hosts, at different locations, but still the same.

Any ideas?

Thanks!

I’m guessing your sources.list file needs to be changed.

Try changing from cz.archive.ubuntu.com to a different URL, such as archive.ubuntu.com.

sudo nano /etc/apt/sources.list

Instead of deleting lines, just comment them, then copy paste and edit the new line. Probably something like:

# deb http://cz.archive.ubuntu.com/ubuntu/ bionic universe
deb http://archive.ubuntu.com/ubuntu/ bionic universe

You will need to do this for each line using cz.archive.ubuntu.com.

I did a fresh install, changed mirror URL during process and sources.list now looks as below.

patrik@miab:~$ cat /etc/apt/sources.list
# See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to
# newer versions of the distribution.
deb http://archive.ubuntu.com/ubuntu bionic main restricted
# deb-src http://archive.ubuntu.com/ubuntu bionic main restricted

## Major bug fix updates produced after the final release of the
## distribution.
deb http://archive.ubuntu.com/ubuntu bionic-updates main restricted
# deb-src http://archive.ubuntu.com/ubuntu bionic-updates main restricted

## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team. Also, please note that software in universe WILL NOT receive any
## review or updates from the Ubuntu security team.
deb http://archive.ubuntu.com/ubuntu bionic universe
# deb-src http://archive.ubuntu.com/ubuntu bionic universe
deb http://archive.ubuntu.com/ubuntu bionic-updates universe
# deb-src http://archive.ubuntu.com/ubuntu bionic-updates universe

## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team, and may not be under a free licence. Please satisfy yourself as to
## your rights to use the software. Also, please note that software in
## multiverse WILL NOT receive any review or updates from the Ubuntu
## security team.
deb http://archive.ubuntu.com/ubuntu bionic multiverse
# deb-src http://archive.ubuntu.com/ubuntu bionic multiverse
deb http://archive.ubuntu.com/ubuntu bionic-updates multiverse
# deb-src http://archive.ubuntu.com/ubuntu bionic-updates multiverse

## N.B. software from this repository may not have been tested as
## extensively as that contained in the main release, although it includes
## newer versions of some applications which may provide useful features.
## Also, please note that software in backports WILL NOT receive any review
## or updates from the Ubuntu security team.
deb http://archive.ubuntu.com/ubuntu bionic-backports main restricted universe multiverse
# deb-src http://archive.ubuntu.com/ubuntu bionic-backports main restricted universe multiverse

## Uncomment the following two lines to add software from Canonical's
## 'partner' repository.
## This software is not part of Ubuntu, but is offered by Canonical and the
## respective vendors as a service to Ubuntu users.
# deb http://archive.canonical.com/ubuntu bionic partner
# deb-src http://archive.canonical.com/ubuntu bionic partner

deb http://archive.ubuntu.com/ubuntu bionic-security main restricted
# deb-src http://archive.ubuntu.com/ubuntu bionic-security main restricted
deb http://archive.ubuntu.com/ubuntu bionic-security universe
# deb-src http://archive.ubuntu.com/ubuntu bionic-security universe
deb http://archive.ubuntu.com/ubuntu bionic-security multiverse
# deb-src http://archive.ubuntu.com/ubuntu bionic-security multiverse

Fais in the same fashion:

Installing nsd (DNS server)...

FAILED: apt-get -y -o Dpkg::Options::=--force-confdef -o Dpkg::Options::=--force-confnew install nsd ldnsutils openssh-client
-----------------------------------------
Reading package lists...
Building dependency tree...
Reading state information...
openssh-client is already the newest version (1:7.6p1-4ubuntu0.7).
The following NEW packages will be installed:
  ldnsutils libldns2 nsd
0 upgraded, 3 newly installed, 0 to remove and 0 not upgraded.
Need to get 1,010 kB of archives.
After this operation, 3,155 kB of additional disk space will be used.
Err:1 http://archive.ubuntu.com/ubuntu bionic/universe amd64 nsd amd64 4.1.17-1build1
  Temporary failure resolving 'archive.ubuntu.com'
Ign:2 http://archive.ubuntu.com/ubuntu bionic-updates/main amd64 libldns2 amd64 1.7.0-3ubuntu4.1
Ign:3 http://archive.ubuntu.com/ubuntu bionic-updates/universe amd64 ldnsutils amd64 1.7.0-3ubuntu4.1
Err:2 http://archive.ubuntu.com/ubuntu bionic-updates/main amd64 libldns2 amd64 1.7.0-3ubuntu4.1
  Temporary failure resolving 'archive.ubuntu.com'
Err:3 http://archive.ubuntu.com/ubuntu bionic-updates/universe amd64 ldnsutils amd64 1.7.0-3ubuntu4.1
  Temporary failure resolving 'archive.ubuntu.com'
E: Failed to fetch http://archive.ubuntu.com/ubuntu/pool/universe/n/nsd/nsd_4.1.17-1build1_amd64.deb  Temporary failure resolving 'archive.ubuntu.com'
E: Failed to fetch http://archive.ubuntu.com/ubuntu/pool/main/l/ldns/libldns2_1.7.0-3ubuntu4.1_amd64.deb  Temporary failure resolving 'archive.ubuntu.com'
E: Failed to fetch http://archive.ubuntu.com/ubuntu/pool/universe/l/ldns/ldnsutils_1.7.0-3ubuntu4.1_amd64.deb  Temporary failure resolving 'archive.ubuntu.com'
E: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing?

Need more ideas. :slight_smile:

Thanks

What happens if you run sudo apt-get update?

Use a different Ubuntu 18.04 installation media source.

Its all broken now.

patrik@miab:~$ sudo apt-get update
sudo: unable to resolve host miab.example.com: Resource temporarily unava                                                                             ilable
[sudo] password for patrik:
Err:1 http://archive.ubuntu.com/ubuntu bionic InRelease
  Temporary failure resolving 'archive.ubuntu.com'
Err:2 http://ppa.launchpad.net/certbot/certbot/ubuntu bionic InRelease
  Temporary failure resolving 'ppa.launchpad.net'
Err:3 http://archive.ubuntu.com/ubuntu bionic-updates InRelease
  Temporary failure resolving 'archive.ubuntu.com'
Err:4 http://ppa.launchpad.net/duplicity-team/duplicity-release-git/ubuntu bionic InRelease
  Temporary failure resolving 'ppa.launchpad.net'
Err:5 http://archive.ubuntu.com/ubuntu bionic-backports InRelease
  Temporary failure resolving 'archive.ubuntu.com'
Err:6 http://archive.ubuntu.com/ubuntu bionic-security InRelease
  Temporary failure resolving 'archive.ubuntu.com'
Reading package lists... Done
W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/bionic/InRelease  Temporary failure resolving 'archive.ubuntu.com'
W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/bionic-updates/InRelease  Temporary failure resolving 'archive.ubuntu.com'
W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/bionic-backports/InRelease  Temporary failure resolving 'archive.ubuntu.com'
W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/bionic-security/InRelease  Temporary failure resolving 'archive.ubuntu.com'
W: Failed to fetch http://ppa.launchpad.net/certbot/certbot/ubuntu/dists/bionic/InRelease  Temporary failure resolving 'ppa.launchpad.net'
W: Failed to fetch http://ppa.launchpad.net/duplicity-team/duplicity-release-git/ubuntu/dists/bionic/InRelease  Temporary failure resolving 'ppa.launchpad.net'
W: Some index files failed to download. They have been ignored, or old ones used instead.

What would that be? I downloaded https://releases.ubuntu.com/18.04/ubuntu-18.04.6-live-server-amd64.iso + hash verified, both machines downloaded independently. What I can do next time is to install without “updating installer” at the begining of the process.

What is the output of

dig ubuntu.archive.com

Before install attempt:

patrik@miab:~$ dig ubuntu.archive.com

; <<>> DiG 9.11.3-1ubuntu1.17-Ubuntu <<>> ubuntu.archive.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 4922
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;ubuntu.archive.com.            IN      A

;; Query time: 320 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Thu Jun 23 15:47:16 UTC 2022
;; MSG SIZE  rcvd: 47

After failed install:

patrik@miab:~$ dig ubuntu.archive.com

; <<>> DiG 9.11.3-1ubuntu1.17-Ubuntu <<>> ubuntu.archive.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 4881
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: dadaba27185a3a6c264f4cad62b48db30f0c7d9ebff0ac61 (good)
;; QUESTION SECTION:
;ubuntu.archive.com.            IN      A

;; Query time: 9 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Jun 23 17:58:43 CEST 2022
;; MSG SIZE  rcvd: 75

Does this output show that you have a public IP address:

ip a

This might be a case where Bind is somehow non-operative. You can check the status of Bind9 with systemctl status bind9
Another way to check this is to edit /etc/resolv.conf and replace 127.0.0.1 with 8.8.8.8 in effect using a google DNS instead of localhost. Then perform a apt-get update and see if the servers are resolved.

@openletter
I cant see my public ip in the output of ip a, only local one and piblic IPv6.

However, public IPv4 was detected at the begining of the setup:

Primary Hostname: miab.example.com
Public IP Address: XXX.XX.XXX.XXX
Public IPv6 Address: XXXX:XXX:XXXX:XXXX::XXX
Private IP Address: XX.XX.XX.XX
Mail-in-a-Box Version:  v57a

@KiekerJan
Here you go.

patrik@miab:~$ systemctl status bind9
● bind9.service - BIND Domain Name Server
   Loaded: loaded (/lib/systemd/system/bind9.service; enabled; vendor preset: enabled)
   Active: active (running) since Thu 2022-06-23 17:57:21 CEST; 4h 40min ago
     Docs: man:named(8)
  Process: 24859 ExecStop=/usr/sbin/rndc stop (code=exited, status=0/SUCCESS)
 Main PID: 24862 (named)
    Tasks: 7 (limit: 4915)
   CGroup: /system.slice/bind9.service
           └─24862 /usr/sbin/named -f -u bind -4

Jun 23 21:57:21 miab.example.com named[24862]: REFUSED unexpected RCODE resolving './DNSKEY/IN': 192.33.4.12#53
Jun 23 21:57:21 miab.example.com named[24862]: REFUSED unexpected RCODE resolving './NS/IN': 192.33.4.12#53
Jun 23 21:57:21 miab.example.com named[24862]: REFUSED unexpected RCODE resolving './DNSKEY/IN': 193.0.14.129#53
Jun 23 21:57:21 miab.example.com named[24862]: REFUSED unexpected RCODE resolving './NS/IN': 193.0.14.129#53
Jun 23 21:57:21 miab.example.com named[24862]: REFUSED unexpected RCODE resolving './DNSKEY/IN': 192.203.230.10#53
Jun 23 21:57:21 miab.example.com named[24862]: REFUSED unexpected RCODE resolving './NS/IN': 192.203.230.10#53
Jun 23 21:57:21 miab.example.com named[24862]: REFUSED unexpected RCODE resolving './DNSKEY/IN': 192.112.36.4#53
Jun 23 21:57:21 miab.example.com named[24862]: managed-keys-zone: Unable to fetch DNSKEY set '.': failure
Jun 23 21:57:21 miab.example.com named[24862]: REFUSED unexpected RCODE resolving './NS/IN': 192.112.36.4#53
Jun 23 21:57:21 miab.example.com named[24862]: resolver priming query complete

After updating /etc/resolv.conf as suggested, apt-get update was able to resolve the servers.

What is the output of the dig command after changing resolv.conf?

It would be:


patrik@miab:~$ dig ubuntu.archive.com

; <<>> DiG 9.11.3-1ubuntu1.17-Ubuntu <<>> ubuntu.archive.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 45096
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;ubuntu.archive.com.            IN      A

;; AUTHORITY SECTION:
archive.com.            3600    IN      SOA     aliza.ns.cloudflare.com. dns.cloudflare.com. 2280965295 10000 2400 604800 3600

;; Query time: 182 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Fri Jun 24 21:49:28 CEST 2022
;; MSG SIZE  rcvd: 107

Still havent managed to install. After running the setup again, it DNS gets broken again.

Mail-in-a-Box Version:  v57a


Updating system packages...
Installing system packages...
Initializing system random number generator...
Firewall is active and enabled on system startup
Installing nsd (DNS server)...

FAILED: apt-get -y -o Dpkg::Options::=--force-confdef -o Dpkg::Options::=--force-confnew install nsd ldnsutils openssh-client
-----------------------------------------
Reading package lists...
Building dependency tree...
Reading state information...
openssh-client is already the newest version (1:7.6p1-4ubuntu0.7).
The following NEW packages will be installed:
  ldnsutils libldns2 nsd
0 upgraded, 3 newly installed, 0 to remove and 0 not upgraded.
Need to get 1,010 kB of archives.
After this operation, 3,155 kB of additional disk space will be used.
Err:1 http://cz.archive.ubuntu.com/ubuntu bionic/universe amd64 nsd amd64 4.1.17-1build1
  Temporary failure resolving 'cz.archive.ubuntu.com'
Ign:2 http://cz.archive.ubuntu.com/ubuntu bionic-updates/main amd64 libldns2 amd64 1.7.0-3ubuntu4.1
Ign:3 http://cz.archive.ubuntu.com/ubuntu bionic-updates/universe amd64 ldnsutils amd64 1.7.0-3ubuntu4.1
Err:2 http://cz.archive.ubuntu.com/ubuntu bionic-updates/main amd64 libldns2 amd64 1.7.0-3ubuntu4.1
  Temporary failure resolving 'cz.archive.ubuntu.com'
Err:3 http://cz.archive.ubuntu.com/ubuntu bionic-updates/universe amd64 ldnsutils amd64 1.7.0-3ubuntu4.1
  Temporary failure resolving 'cz.archive.ubuntu.com'
E: Failed to fetch http://cz.archive.ubuntu.com/ubuntu/pool/universe/n/nsd/nsd_4.1.17-1build1_amd64.deb  Temporary failure resolving 'cz.archive.ubuntu.com'
E: Failed to fetch http://cz.archive.ubuntu.com/ubuntu/pool/main/l/ldns/libldns2_1.7.0-3ubuntu4.1_amd64.deb  Temporary failure resolving 'cz.archive.ubuntu.com'
E: Failed to fetch http://cz.archive.ubuntu.com/ubuntu/pool/universe/l/ldns/ldnsutils_1.7.0-3ubuntu4.1_amd64.deb  Temporary failure resolving 'cz.archive.ubuntu.com'
E: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing?
-----------------------------------------
patrik@miab:~$
patrik@miab:~$ sudo nano /etc/resolv.conf
sudo: unable to resolve host miab.example.com: Resource temporarily unavailable
patrik@miab:~$ cat /etc/resolv.conf
nameserver 127.0.0.1
patrik@miab:~$

Why is the setup not working for me? Any chance I am doing something wrong?

I think the dig command you need to try is dig archive.ubuntu.com , but that doesn’t lead to a solution.
I vaguely remember there might be issues surrounding the use of ipv6 and bind9, so check the following:

  • Is there a file /etc/bind/named.conf.options that contains the line listen-on-v6 { any; };? If yes, replace the word any with ::1 (keep the ;)
  • Restart both nsd and the named service

If memory serves, bind9 listens to ipv6 addresses it shouldn’t listen to, and this gets in the way of nsd.

1 Like

Yeah, sorry about that! lulz…

I have the following and IPv6 has been working without any problems:

$ cat /etc/bind/named.conf.options
options {
	directory "/var/cache/bind";
...
	dnssec-validation auto;

	auth-nxdomain no;    # conform to RFC1035
	listen-on-v6 { any; };

	listen-on { 127.0.0.1; };

	max-recursion-queries 100;
};

Again, it’s all vague memories, but could it have to do with the order in which the programs take control of the ipv6 interface? Which might differ from system to system. So if bind comes first, no issue. But if nsd comes first, bind throws a fit.

But taking one step back. My hypothesis is that bind9 is somehow not able to answer the dns queries from localhost. Let’s first see if that is the case: try dig @127.0.0.1 version.bind chaos txt and dig @::1 version.bind chaos txt and see what the answers are.

Also, is there logfile for bind9? Does it give any errors?

patrik@miab:~$ dig @127.0.0.1 version.bind chaos txt

; <<>> DiG 9.11.3-1ubuntu1.17-Ubuntu <<>> @127.0.0.1 version.bind chaos txt
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22080
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: cd8ee077766128d900a2917f62c9a2313320796ed97c48d0 (good)
;; QUESTION SECTION:
;version.bind.                  CH      TXT

;; ANSWER SECTION:
version.bind.           0       CH      TXT     "9.11.3-1ubuntu1.17-Ubuntu"

;; AUTHORITY SECTION:
version.bind.           0       CH      NS      version.bind.

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat Jul 09 17:43:45 CEST 2022
;; MSG SIZE  rcvd: 121
patrik@miab:~$ dig @::1 version.bind chaos txt

; <<>> DiG 9.11.3-1ubuntu1.17-Ubuntu <<>> @::1 version.bind chaos txt
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached

Looks same as yours!

patrik@miab:~$ cat /etc/bind/named.conf.options
options {
        directory "/var/cache/bind";

        dnssec-validation auto;

        auth-nxdomain no;    # conform to RFC1035
        listen-on-v6 { any; };

        listen-on { 127.0.0.1; };

        max-recursion-queries 100;
};

Changed the file as sugested (any to ::1) but result is the same.

patrik@miab:~$ dig archive.ubuntu.com
; <<>> DiG 9.11.3-1ubuntu1.17-Ubuntu <<>> archive.ubuntu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 26674
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 1b330ec478e417eedf286d7462c9a4502fb6e465aa8733fb (good)
;; QUESTION SECTION:
;archive.ubuntu.com.            IN      A

;; Query time: 8 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat Jul 09 17:52:48 CEST 2022
;; MSG SIZE  rcvd: 75

I hope you have more ideas (and time).

Have you asked your ISP about this?