DNS resolution errors within

cableguy · May 29, 2025, 11:27am

(This issue led me to the issue I found yesterday but I’m still having this issue while the other issue with nsswitch.conf seems to be fixed.)

I have a wordpress site with a plugin that runs a fetch request. It has worked without issue for a while, but it is not something I check often. I am getting a cURL error 6, which leads me to dns resolution. I then ssh in to my ApisCP and get this: (nslookup using local resolver fails, but dig works.)

[root@cpanel ~]# nslookup brickhouseofwashington.com
Server: 127.0.0.53
Address: 127.0.0.53#53

Non-authoritative answer:
*** Can’t find brickhouseofwashington.com: No answer

[root@cpanel ~]# dig @1.0.0.1 brickhouseofwashington.com

; <<>> DiG 9.11.36-RedHat-9.11.36-16.el8_10.4 <<>> @1.0.0.1 brickhouseofwashington.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54079
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;brickhouseofwashington.com. IN A

;; ANSWER SECTION:
brickhouseofwashington.com. 1799 IN A 108.224.190.154

;; Query time: 21 msec
;; SERVER: 1.0.0.1#53(1.0.0.1)
;; WHEN: Thu May 29 07:25:26 EDT 2025
;; MSG SIZE rcvd: 71

[root@cpanel ~]#

[root@cpanel ~]# nmcli connection show
NAME UUID TYPE DEVICE
ens18 eee5d605-0789-4d10-bc5b-3793d8d6ccb6 ethernet ens18
ens19 f294338d-9b9c-4821-b6bf-19b2455f2e5a ethernet –
[root@cpanel ~]# resolvectl status
Global
LLMNR setting: yes
MulticastDNS setting: yes
DNSOverTLS setting: no
DNSSEC setting: allow-downgrade
DNSSEC supported: yes
Current DNS Server: 1.0.0.1
DNS Servers: 1.0.0.1
1.1.1.1
Fallback DNS Servers: 9.9.9.9
DNS Domain: ~.
DNSSEC NTA: in-addr.arpa
ip6.arpa

Link 2 (ens18)
Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
LLMNR setting: yes
MulticastDNS setting: no
DNSOverTLS setting: no
DNSSEC setting: allow-downgrade
DNSSEC supported: yes
Current DNS Server: 8.8.8.8
DNS Servers: 8.8.8.8
1.1.1.1
2600:1700:8461:b310::1
[root@cpanel ~]#

Any ideas on this one? TYIA!

anatoli · May 29, 2025, 11:43am

lmaooooooo

msaladna · May 29, 2025, 1:35pm

Two considerations:

/etc/resolv.conf within the vfs is bad. Check /home/virtual/FILESYSTEMTEMPLATE/siteinfo/etc/resolv.conf. curl requests within an account use that information to check for DNS. It’s a special one-shot file, so it must first be unlinked, then recreated to copy data from /etc/resolv.conf on the server.

rm -f /home/virtual/FILESYSTEMTEMPLATE/siteinfo/etc/resolv.conf
upcp -sb apnscp/initialize-filesystem-template

Multihomed NIC, similar situation at this case.

That connection has a different DNS server configured: 8.8.8.8, 1.1.1.1, and 2600:1700:8461:b310::1.

For each IP, run the following command:

dig @IP +trace brickhouseofwashington.com

Depending how DNS is configured for the NIC, the offending resolver would be removed from /etc/sysconfig/network-scripts/ifcfg-DEV or /etc/NetworkManager/NetworkManager.conf. My money is on IPv6 resolver being invalid - either IPv6 missing from server or it’s an unrouteable address.

cableguy · May 29, 2025, 3:24pm

Anatoli: what did I miss?

Msaladna, thanks for the help. I’ll take a look when I’m back home.

cableguy · May 29, 2025, 8:34pm

Throwing things at a wall to see what sticks. I will say, I have been out of ApisCP since install and forgot a lot, so I appreacite the help.

1/ ens19 was an old artifact and wasnt being used. ip a show didnt display ens19. I used nmcli to remove 19.

2/ I didnt enable or disable IPv6, but it looks like it pulled a DHCP IPv6 from my provider.

nmcli connection modify ens18 ipv6.method “ignore”
ip -6 addr flush dev ens18

Fixed both the IPv6 IP and the DNS record

3/ Ran the command and checked the files you stated:

/etc/NetworkManager/NetworkManager.conf

Only thing not commented out caught my attention, but I’m not knowledgeable about nmcli to understand if this matters: I assume it is handled else where…?

[main]
dns = none

/etc/hosts also had a ipv6 host to my domain, removed that

…and I’m still having issues

5/ I figured I’d try chatgpt and asked a few questions. I flushed the cache using ‘systemd-resolve --flush-caches’ and that worked. What the heck… crazy. Maybe it was a symptom of the ipv6 dns resolver…? I’ll never know. Thanks again for the help Matt.

greensmart01 · May 31, 2025, 2:25pm

I have / had the same…
I’m running rocky Linux and u?
Will post later my solution sorry for now

greensmart01 · May 31, 2025, 5:34pm

/etc/resolv.conf

``

Bewerk het bestand met:

sudo nano /etc/resolv.conf

``

bewerk de nameserver(s) naar

nameserver 1.0.0.1

nameserver 1.1.1.1

sla deze op

Controleer nu of je wel het juiste ip / adres terug krijt bij een command like: