{"id":1089,"date":"2023-12-11T11:24:18","date_gmt":"2023-12-11T16:24:18","guid":{"rendered":"https:\/\/sunapi386.ca\/wordpress\/?p=1089"},"modified":"2024-01-02T23:37:25","modified_gmt":"2024-01-03T04:37:25","slug":"resolving-dns-issues-on-a-vpn-connected-ubuntu-machine","status":"publish","type":"post","link":"https:\/\/sunapi386.ca\/wordpress\/resolving-dns-issues-on-a-vpn-connected-ubuntu-machine\/","title":{"rendered":"Resolving DNS Issues on a VPN-Connected Ubuntu Machine"},"content":{"rendered":"\n<h1 class=\"wp-block-heading\">Introduction<\/h1>\n\n\n\n<p>Recently, I encountered a challenging issue while working with a machine (10.7.0.12) connected via a WireGuard VPN, with the host at 10.7.0.1. The core problem was a lack of internet access, despite a functioning network connection. This blog post details the steps I took to diagnose and resolve this DNS-related issue.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">The Problem<\/h2>\n\n\n\n<p>While SSH&#8217;d into <code>10.7.0.12<\/code>, I realized I couldn&#8217;t access the internet. The first hint of trouble came when I tried pinging Google:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>ping google.com\nping: google.com: Temporary failure in name resolution<\/code><\/pre>\n\n\n\n<p>This error pointed towards a potential DNS issue, especially since my SSH connection was active, indicating that the network was operational.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Diagnosing the Issue<\/h2>\n\n\n\n<p>To further investigate, I ran <code>nslookup<\/code> to check DNS resolution:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>nslookup google.com\n;; communications error to 10.7.0.1#53: connection refused\nServer:        127.0.0.53\nAddress:    127.0.0.53#53\n\n** server can't find google.com: SERVFAIL<\/code><\/pre>\n\n\n\n<p>These results confirmed that DNS queries to <code>10.7.0.1<\/code> were being refused, despite the machine itself being reachable (verified by pinging <code>10.7.0.1<\/code>).<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Resolving the Issue<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Step 1: Local DNS Test on the Host<\/h3>\n\n\n\n<p>On the host machine (<code>10.7.0.1<\/code>), I tested DNS resolution locally with <code>nslookup google.com 127.0.0.1<\/code>, which worked fine. This hinted that the issue might be related to a firewall configuration.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Step 2: Checking and Updating Firewall Settings<\/h3>\n\n\n\n<p>Using <code>ufw status numbered<\/code>, I discovered that the IP I was using wasn\u2019t on the allowlist. After adding it and restarting the <code>dnsmasq<\/code> service, I was able to resolve DNS queries from <code>10.7.0.12<\/code>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Step 3: Configuring Conditional DNS Forwarding<\/h3>\n\n\n\n<p>However, a new requirement emerged: I needed to ensure that only DNS queries for domains ending in <code>.ds<\/code> were forwarded to <code>10.7.0.1<\/code>. To achieve this, I configured <code>dnsmasq<\/code> on <code>10.7.0.12<\/code>:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>echo 'server=\/ds\/10.7.0.1' | sudo tee -a \/etc\/dnsmasq.conf\nsudo systemctl restart dnsmasq<\/code><\/pre>\n\n\n\n<p>Note you need to have <code>server=8.8.8.8<\/code> or something as well in order to resolve dns normally. Otherwise <code>127.0.0.53#53<\/code> cannot resolve DNS.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Step 4: Verifying the Configuration<\/h3>\n\n\n\n<p>Finally, I verified that DNS queries for <code>.ds<\/code> domains were correctly directed to <code>10.7.0.1<\/code>, while others were handled locally on <code>10.7.0.12<\/code>. This was done using <code>dig<\/code> or <code>nslookup<\/code> with different domain types.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Conclusion<\/h2>\n\n\n\n<p>In this case, a combination of firewall adjustment and DNS forwarding configuration resolved the internet access problem.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Introduction Recently, I encountered a challenging issue while working with a machine (10.7.0.12) connected via a WireGuard VPN, with the host at 10.7.0.1. The core problem was a lack of internet access, despite a functioning network connection. This blog post details the steps I took to diagnose and resolve this DNS-related issue. The Problem While &hellip; <a href=\"https:\/\/sunapi386.ca\/wordpress\/resolving-dns-issues-on-a-vpn-connected-ubuntu-machine\/\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">Resolving DNS Issues on a VPN-Connected Ubuntu Machine<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[34],"tags":[],"class_list":["post-1089","post","type-post","status-publish","format-standard","hentry","category-thoughts"],"_links":{"self":[{"href":"https:\/\/sunapi386.ca\/wordpress\/wp-json\/wp\/v2\/posts\/1089","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sunapi386.ca\/wordpress\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sunapi386.ca\/wordpress\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sunapi386.ca\/wordpress\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/sunapi386.ca\/wordpress\/wp-json\/wp\/v2\/comments?post=1089"}],"version-history":[{"count":3,"href":"https:\/\/sunapi386.ca\/wordpress\/wp-json\/wp\/v2\/posts\/1089\/revisions"}],"predecessor-version":[{"id":1094,"href":"https:\/\/sunapi386.ca\/wordpress\/wp-json\/wp\/v2\/posts\/1089\/revisions\/1094"}],"wp:attachment":[{"href":"https:\/\/sunapi386.ca\/wordpress\/wp-json\/wp\/v2\/media?parent=1089"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sunapi386.ca\/wordpress\/wp-json\/wp\/v2\/categories?post=1089"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sunapi386.ca\/wordpress\/wp-json\/wp\/v2\/tags?post=1089"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}