Jump to content
Not connected, Your IP: 18.117.166.52
lex.luthor

ERROR: RESOLVE_ERROR with bluetit

Recommended Posts

I installed AirVPN Suite and I got it working the first time but then I stop and start the service and now I can't connect:

● bluetit.service - AirVPN Bluetit Daemon
     Loaded: loaded (/etc/systemd/system/bluetit.service; enabled; vendor preset: enabled)
     Active: active (running) since Tue 2021-11-23 22:29:29 GMT; 20s ago
    Process: 25627 ExecStart=/sbin/bluetit (code=exited, status=0/SUCCESS)
   Main PID: 25637 (bluetit)
      Tasks: 4 (limit: 4483)
     Memory: 5.0M
     CGroup: /system.slice/bluetit.service
             └─25637 /sbin/bluetit

Nov 23 22:29:48 betelgeuse bluetit[25637]: EVENT: RECONNECTING
Nov 23 22:29:48 betelgeuse bluetit[25637]: ERROR: N_RECONNECT
Nov 23 22:29:48 betelgeuse bluetit[25637]: EVENT: RESOLVE
Nov 23 22:29:48 betelgeuse bluetit[25637]: Setting up network filter and lock
Nov 23 22:29:48 betelgeuse bluetit[25637]: Allowing system DNS 127.0.0.53 to pass through the network filter
Nov 23 22:29:49 betelgeuse bluetit[25637]: WARNING: Cannot resolve nl3.ipv6.vpn.airdns.org (Temporary failure in name resolution)
Nov 23 22:29:49 betelgeuse bluetit[25637]: Network filter and lock successfully activated
Nov 23 22:29:49 betelgeuse bluetit[25637]: ERROR: RESOLVE_ERROR
Nov 23 22:29:49 betelgeuse bluetit[25637]: Transport Error: DNS resolve error on 'nl3.ipv6.vpn.airdns.org' for UDP session: Host not >
Nov 23 22:29:49 betelgeuse bluetit[25637]: Client terminated, restarting in 2000 ms...


I had the same issue with hummingbird (that's the reason I switched to AirVPN suite by the way). Everything started after a blackout, I solved the problem with --recover-network (apparently), then the day after I decided to switch from hummingbird 1.1.0 to hummingbird 1.1.2 and there is where this issue started.

Running Linux Lite (Ubuntu 20.4.3)

Thanks in advance for any help.

log.txt

Share this post


Link to post

Well, it's clear the DNS servers are not reset. Don't run the suite on boot (systemctl disable bluetit.service) and try a reboot. Is it still like that?


NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post

I disabled bluetit service and reboot the box:

● bluetit.service - AirVPN Bluetit Daemon
     Loaded: loaded (/etc/systemd/system/bluetit.service; disabled; vendor pres>
     Active: inactive (dead)

I got back internet connectivity but, of course, airvpn is not active. Then I re-enable it and reboot the box. Same issue 😞
I update the log (attached) with more details but I'm still puzzled. An extract:

Nov 24 11:12:43 betelgeuse systemd[1]: Starting AirVPN Bluetit Daemon...
Nov 24 11:12:43 betelgeuse bluetit: Starting Bluetit - AirVPN OpenVPN 3 Service 1.1.0 - 4 June 2021
Nov 24 11:12:43 betelgeuse bluetit: OpenVPN core 3.7 AirVPN linux x86_64 64-bit
Nov 24 11:12:43 betelgeuse bluetit: Copyright (C) 2012-2020 OpenVPN Inc. All rights reserved.
Nov 24 11:12:43 betelgeuse bluetit: Bluetit daemon started with PID 4203
Nov 24 11:12:43 betelgeuse bluetit: External network is reachable via gateway 192.168.1.1 through interface enp1s0
Nov 24 11:12:43 betelgeuse systemd[1]: Started AirVPN Bluetit Daemon.
Nov 24 11:12:43 betelgeuse bluetit: Successfully connected to D-Bus
Nov 24 11:12:43 betelgeuse bluetit: Reading run control directives from file /etc/airvpn/bluetit.rc
Nov 24 11:12:43 betelgeuse bluetit: IPv6 is available in this system
Nov 24 11:12:43 betelgeuse bluetit: Bluetit successfully initialized and ready
Nov 24 11:12:43 betelgeuse systemd-resolved[3629]: Flushed all caches.
Nov 24 11:12:43 betelgeuse bluetit: Requesting network IP and country to AirVPN ipleak.net via secure connection
Nov 24 11:12:43 betelgeuse bluetit: ERROR: Cannot detect system location: Cannot resolve ipleak.net
Nov 24 11:12:43 betelgeuse bluetit: Starting AirVPN boot connection
Nov 24 11:12:43 betelgeuse bluetit: IPv6 is enabled
Nov 24 11:12:43 betelgeuse bluetit: AirVPN Manifest updater thread started
Nov 24 11:12:43 betelgeuse bluetit: AirVPN Manifest update interval is 15 minutes
Nov 24 11:12:43 betelgeuse bluetit: AirVPN Manifest update suspended: AirVPN boot connection initialization in progress
Nov 24 11:12:43 betelgeuse bluetit: Updating AirVPN Manifest
Nov 24 11:12:43 betelgeuse bluetit: Network filter and lock are using iptables-legacy
Nov 24 11:12:43 betelgeuse bluetit: Successfully loaded kernel module iptable_filter
Nov 24 11:12:43 betelgeuse bluetit: Successfully loaded kernel module iptable_nat
Nov 24 11:12:43 betelgeuse bluetit: Successfully loaded kernel module iptable_mangle
Nov 24 11:12:43 betelgeuse bluetit: Successfully loaded kernel module iptable_security
Nov 24 11:12:43 betelgeuse bluetit: Successfully loaded kernel module iptable_raw
Nov 24 11:12:43 betelgeuse bluetit: Successfully loaded kernel module ip6table_filter
Nov 24 11:12:43 betelgeuse bluetit: Successfully loaded kernel module ip6table_nat
Nov 24 11:12:43 betelgeuse bluetit: Successfully loaded kernel module ip6table_mangle
Nov 24 11:12:43 betelgeuse bluetit: Successfully loaded kernel module ip6table_security
Nov 24 11:12:43 betelgeuse bluetit: Successfully loaded kernel module ip6table_raw
Nov 24 11:12:43 betelgeuse bluetit: Network filter successfully initialized
Nov 24 11:12:43 betelgeuse bluetit: Session network filter and lock successfully enabled
Nov 24 11:12:43 betelgeuse bluetit: AirVPN bootstrap servers are now allowed to pass through the network filter
Nov 24 11:12:43 betelgeuse bluetit: Waiting for a valid AirVPN Manifest to be available
Nov 24 11:12:44 betelgeuse bluetit: AirVPN Manifest successfully retrieved from server
Nov 24 11:12:44 betelgeuse bluetit: Logging in AirVPN user lex.luthor
Nov 24 11:12:45 betelgeuse bluetit: ERROR: Cannot detect user location: Please use "country" directive in /etc/airvpn/bluetit.rc
Nov 24 11:12:45 betelgeuse bluetit: AirVPN user lex.luthor successfully logged in
Nov 24 11:12:45 betelgeuse bluetit: Selected user key: Default
Nov 24 11:12:45 betelgeuse bluetit: Starting connection to currently best AirVPN server in Netherlands
Nov 24 11:12:45 betelgeuse bluetit: Starting VPN Connection
Nov 24 11:12:45 betelgeuse systemd-resolved[3629]: Flushed all caches.
Nov 24 11:12:45 betelgeuse bluetit: OpenVPN3 client successfully created and initialized.
Nov 24 11:12:45 betelgeuse bluetit: TUN persistence is enabled.
Nov 24 11:12:45 betelgeuse bluetit: Successfully set OpenVPN3 client configuration
Nov 24 11:12:45 betelgeuse bluetit: Starting OpenVPN3 connection thread
Nov 24 11:12:45 betelgeuse bluetit: OpenVPN core 3.7 AirVPN linux x86_64 64-bit
Nov 24 11:12:45 betelgeuse bluetit: Frame=512/2048/512 mssfix-ctrl=1250
Nov 24 11:12:45 betelgeuse bluetit: UNUSED OPTIONS#0126 [resolv-retry] [infinite]#0127 [nobind]#0128 [persist-key]#0129 [persist-tun]#01210 [auth-nocache]#01211 [verb] [3]#01212 [explicit-exit-notify] [5]
Nov 24 11:12:45 betelgeuse bluetit: EVENT: RESOLVE
Nov 24 11:12:45 betelgeuse bluetit: WARNING: NetworkManager is running on this system and may interfere with DNS management and cause DNS leaks
Nov 24 11:12:45 betelgeuse bluetit: WARNING: systemd-resolved is running on this system and may interfere with DNS management and cause DNS leaks
Nov 24 11:12:45 betelgeuse bluetit: Local IPv4 address 192.168.1.3
Nov 24 11:12:45 betelgeuse bluetit: Local IPv6 address fe80::2ee7:36c0:98d7:64a6
Nov 24 11:12:45 betelgeuse bluetit: Local interface enp1s0
Nov 24 11:12:45 betelgeuse bluetit: Local interface enp2s0
Nov 24 11:12:45 betelgeuse bluetit: Local interface wlp3s0
Nov 24 11:12:45 betelgeuse bluetit: Setting up network filter and lock
Nov 24 11:12:45 betelgeuse bluetit: Allowing system DNS 127.0.0.53 to pass through the network filter
Nov 24 11:12:45 betelgeuse bluetit: Connection statistics updater thread started
Nov 24 11:12:45 betelgeuse bluetit: WARNING: Cannot resolve nl3.ipv6.vpn.airdns.org (Temporary failure in name resolution)
Nov 24 11:12:45 betelgeuse bluetit: Network filter and lock successfully activated
Nov 24 11:12:45 betelgeuse bluetit: DNS pre-resolve error on nl3.ipv6.vpn.airdns.org: Host not found (non-authoritative), try again later
Nov 24 11:12:45 betelgeuse bluetit: ERROR: RESOLVE_ERROR
Nov 24 11:12:45 betelgeuse bluetit: EVENT: RESOLVE
Nov 24 11:12:45 betelgeuse bluetit: WARNING: NetworkManager is running on this system and may interfere with DNS management and cause DNS leaks
Nov 24 11:12:45 betelgeuse bluetit: WARNING: systemd-resolved is running on this system and may interfere with DNS management and cause DNS leaks
Nov 24 11:12:45 betelgeuse bluetit: Local IPv4 address 192.168.1.3
Nov 24 11:12:45 betelgeuse bluetit: Local IPv6 address fe80::2ee7:36c0:98d7:64a6
Nov 24 11:12:45 betelgeuse bluetit: Local interface enp1s0
Nov 24 11:12:45 betelgeuse bluetit: Local interface enp2s0
Nov 24 11:12:45 betelgeuse bluetit: Local interface wlp3s0
Nov 24 11:12:45 betelgeuse bluetit: Setting up network filter and lock
Nov 24 11:12:45 betelgeuse bluetit: Allowing system DNS 127.0.0.53 to pass through the network filter
Nov 24 11:12:45 betelgeuse bluetit: WARNING: Cannot resolve nl3.ipv6.vpn.airdns.org (Temporary failure in name resolution)
Nov 24 11:12:45 betelgeuse bluetit: Network filter and lock successfully activated
Nov 24 11:12:45 betelgeuse bluetit: ERROR: RESOLVE_ERROR
Nov 24 11:12:45 betelgeuse bluetit: Transport Error: DNS resolve error on 'nl3.ipv6.vpn.airdns.org' for UDP session: Host not found (non-authoritative), try again later

.



log2.txt

Share this post


Link to post

Why don't you post your Bluetit/Goldcrest configuration instead? ;)
/etc/airvpn/bluetit.rc
~/.config/goldcrest.rc OR /root/.config/goldcrest.rc

You should redact the password and key name before posting it.


NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post

Sure. Here is the /etc/airvpn/bluetit.rc:
 

#
# bluetit runcontrol file
#

# AirVPN bootstrap servers

bootserver                  http://63.33.78.166
bootserver                  http://52.48.66.85
bootserver                  http://54.93.175.114
bootserver                  http://63.33.116.50

# RSA Parameters

rsaexponent                 AQAB
rsamodulus                  <Key>

# bootserver                <ip|url>
# rsaexponent                <value>
# rsamodulus                <value>
airconnectatboot            country
# networklockpersist        <on|iptables|nftables|pf|off>
airusername                lex.luthor
airpassword                <my-password>
# airkey                    <airvpn_user_key>
# airserver                    <airvpn_server_name>
aircountry                netherlands
# airproto                    <udp|tcp>
# airport                    <port>
# aircipher                    <cipher_name>
airipv6                    on
# air6to4                    <on|off>
# manifestupdateinterval    <minutes>
# airwhiteserverlist        <server list>
# airblackserverlist        <server list>
# airwhitecountrylist        <server list>
# airblackcountrylist        <server list>
# country                    <ISO code>
# remote                    <ip|url list>
# proto                        <udp|tcp>
# port                        <port>
# tunpersist                <yes|no>
# cipher                    <cipher_names>
# maxconnretries            <number>
# tcpqueuelimit                <value>
# ncpdisable                <yes|no>
# networklock                <on|iptables|nftables|pf|off>
# ignorednspush                <yes|no>
# timeout                    <seconds>
# compress                    <yes|no|asym>
# tlsversionmin                <disabled|default|tls_1_x>
# proxyhost                    <ip|url>
# proxyport                    <port>
# proxyusername                <username>
# proxypassword                <password>
# proxybasic                <yes|no>

I didn't configure goldcrest (from what I understood is not necessary... at least at this stage) so settings are the default:
 
#
# goldcrest runcontrol file
#

# air-server        <server_name>
# air-tls-mode        <auto|auth|crypt>
# air-ipv6        <on|off>
# air-6to4        <on|off>
# air-user        <username>
# air-password        <password>
# air-key        <name>
# cipher        <cipher_name>
# proto            <udp|tcp>
# server        <server_ip|server_url>
# port            <port>
# tcp-queue-limit    <n>
# ncp-disable        <yes|no>
# network-lock        <on|iptables|nftables|pf|off>
# ignore-dns-push    <yes|no>
# ipv6            <yes|no|default>
# timeout        <seconds>
# compress        <yes|no|asym>
# proxy-host        <host_ip|host_url>
# proxy-port        <port>
# proxy-username    <proxy_username>
# proxy-password    <proxy_password>
# proxy-basic        <yes|no>
# alt-proxy        <yes|no>
# persist-tun        <on|off>
# conn-stat-interval        <seconds>



 

Share this post


Link to post
@lex.luthor

Hello!
Nov 24 11:12:45 betelgeuse bluetit: WARNING: Cannot resolve nl3.ipv6.vpn.airdns.org (Temporary failure in name resolution)
Apparently your local DNS has problems with AAAA.

Try to connect in IPv4 by re-setting "airipv6" to off (default value) in bluetit.rc. If your ISP does not support IPv6, you can anyway tunnel IPv6 over IPv4 (set "air6to4" to on).

Kind regards
 

Share this post


Link to post

Sure... here it is:
 

Nov 25 10:38:17 betelgeuse systemd[1]: Starting AirVPN Bluetit Daemon...
Nov 25 10:38:17 betelgeuse bluetit: Starting Bluetit - AirVPN OpenVPN 3 Service 1.1.0 - 4 June 2021
Nov 25 10:38:17 betelgeuse bluetit: OpenVPN core 3.7 AirVPN linux x86_64 64-bit
Nov 25 10:38:17 betelgeuse bluetit: Copyright (C) 2012-2020 OpenVPN Inc. All rights reserved.
Nov 25 10:38:17 betelgeuse systemd[1]: bluetit.service: Can't open PID file /etc/airvpn/bluetit.lock (yet?) after start: Operation not permitted
Nov 25 10:38:17 betelgeuse bluetit: Bluetit daemon started with PID 364053
Nov 25 10:38:17 betelgeuse bluetit: External network is reachable via gateway 192.168.1.1 through interface enp1s0
Nov 25 10:38:17 betelgeuse bluetit: Successfully connected to D-Bus
Nov 25 10:38:17 betelgeuse bluetit: Reading run control directives from file /etc/airvpn/bluetit.rc
Nov 25 10:38:17 betelgeuse bluetit: IPv6 is available in this system
Nov 25 10:38:17 betelgeuse bluetit: Bluetit successfully initialized and ready
Nov 25 10:38:17 betelgeuse systemd[1]: Started AirVPN Bluetit Daemon.
Nov 25 10:38:17 betelgeuse systemd-resolved[178941]: Flushed all caches.
Nov 25 10:38:17 betelgeuse bluetit: Requesting network IP and country to AirVPN ipleak.net via secure connection
Nov 25 10:38:17 betelgeuse bluetit: ERROR: Cannot detect system location: Cannot resolve ipleak.net
Nov 25 10:38:17 betelgeuse bluetit: Starting AirVPN boot connection
Nov 25 10:38:17 betelgeuse bluetit: AirVPN Manifest updater thread started
Nov 25 10:38:17 betelgeuse bluetit: AirVPN Manifest update interval is 15 minutes
Nov 25 10:38:17 betelgeuse bluetit: AirVPN Manifest update suspended: AirVPN boot connection initialization in progress
Nov 25 10:38:18 betelgeuse bluetit: Network filter and lock are using iptables-legacy
Nov 25 10:38:18 betelgeuse bluetit: Successfully loaded kernel module iptable_filter
Nov 25 10:38:18 betelgeuse bluetit: Successfully loaded kernel module iptable_nat
Nov 25 10:38:18 betelgeuse bluetit: Successfully loaded kernel module iptable_mangle
Nov 25 10:38:18 betelgeuse bluetit: Successfully loaded kernel module iptable_security
Nov 25 10:38:18 betelgeuse bluetit: Successfully loaded kernel module iptable_raw
Nov 25 10:38:18 betelgeuse bluetit: Successfully loaded kernel module ip6table_filter
Nov 25 10:38:18 betelgeuse bluetit: Successfully loaded kernel module ip6table_nat
Nov 25 10:38:18 betelgeuse bluetit: Successfully loaded kernel module ip6table_mangle
Nov 25 10:38:18 betelgeuse bluetit: Successfully loaded kernel module ip6table_security
Nov 25 10:38:18 betelgeuse bluetit: Successfully loaded kernel module ip6table_raw
Nov 25 10:38:18 betelgeuse bluetit: Network filter successfully initialized
Nov 25 10:38:18 betelgeuse bluetit: Session network filter and lock successfully enabled
Nov 25 10:38:18 betelgeuse bluetit: AirVPN bootstrap servers are now allowed to pass through the network filter
Nov 25 10:38:18 betelgeuse bluetit: Waiting for a valid AirVPN Manifest to be available
Nov 25 10:38:18 betelgeuse bluetit: Updating AirVPN Manifest
Nov 25 10:38:18 betelgeuse bluetit: AirVPN Manifest successfully retrieved from server
Nov 25 10:38:19 betelgeuse bluetit: Logging in AirVPN user lex.luthor
Nov 25 10:38:19 betelgeuse bluetit: ERROR: Cannot detect user location: Please use "country" directive in /etc/airvpn/bluetit.rc
Nov 25 10:38:19 betelgeuse bluetit: AirVPN user lex.luthor successfully logged in
Nov 25 10:38:19 betelgeuse bluetit: Selected user key: Default
Nov 25 10:38:19 betelgeuse bluetit: Starting connection to currently best AirVPN server in Netherlands
Nov 25 10:38:19 betelgeuse bluetit: Starting VPN Connection
Nov 25 10:38:19 betelgeuse systemd-resolved[178941]: Flushed all caches.
Nov 25 10:38:19 betelgeuse bluetit: OpenVPN3 client successfully created and initialized.
Nov 25 10:38:19 betelgeuse bluetit: TUN persistence is enabled.
Nov 25 10:38:19 betelgeuse bluetit: Successfully set OpenVPN3 client configuration
Nov 25 10:38:19 betelgeuse bluetit: Starting OpenVPN3 connection thread
Nov 25 10:38:19 betelgeuse bluetit: OpenVPN core 3.7 AirVPN linux x86_64 64-bit
Nov 25 10:38:19 betelgeuse bluetit: Frame=512/2048/512 mssfix-ctrl=1250
Nov 25 10:38:19 betelgeuse bluetit: UNUSED OPTIONS#0126 [resolv-retry] [infinite]#0127 [nobind]#0128 [persist-key]#0129 [persist-tun]#01210 [auth-nocache]#01211 [verb] [3]#01212 [explicit-exit-notify] [5]
Nov 25 10:38:19 betelgeuse bluetit: EVENT: RESOLVE
Nov 25 10:38:19 betelgeuse bluetit: WARNING: NetworkManager is running on this system and may interfere with DNS management and cause DNS leaks
Nov 25 10:38:19 betelgeuse bluetit: WARNING: systemd-resolved is running on this system and may interfere with DNS management and cause DNS leaks
Nov 25 10:38:19 betelgeuse bluetit: Local IPv4 address 192.168.1.3
Nov 25 10:38:19 betelgeuse bluetit: Local IPv6 address fe80::2ee7:36c0:98d7:64a6
Nov 25 10:38:19 betelgeuse bluetit: Local interface enp1s0
Nov 25 10:38:19 betelgeuse bluetit: Local interface enp2s0
Nov 25 10:38:19 betelgeuse bluetit: Local interface wlp3s0
Nov 25 10:38:19 betelgeuse bluetit: Setting up network filter and lock
Nov 25 10:38:19 betelgeuse bluetit: Allowing system DNS 127.0.0.53 to pass through the network filter
Nov 25 10:38:19 betelgeuse bluetit: Connection statistics updater thread started
Nov 25 10:38:19 betelgeuse bluetit: WARNING: Cannot resolve nl3.vpn.airdns.org (Temporary failure in name resolution)
Nov 25 10:38:19 betelgeuse bluetit: Network filter and lock successfully activated
Nov 25 10:38:19 betelgeuse bluetit: DNS pre-resolve error on nl3.vpn.airdns.org: Host not found (non-authoritative), try again later
Nov 25 10:38:19 betelgeuse bluetit: ERROR: RESOLVE_ERROR
Nov 25 10:38:19 betelgeuse bluetit: EVENT: RESOLVE
Nov 25 10:38:19 betelgeuse bluetit: WARNING: NetworkManager is running on this system and may interfere with DNS management and cause DNS leaks
Nov 25 10:38:19 betelgeuse bluetit: WARNING: systemd-resolved is running on this system and may interfere with DNS management and cause DNS leaks
Nov 25 10:38:19 betelgeuse bluetit: Local IPv4 address 192.168.1.3
Nov 25 10:38:19 betelgeuse bluetit: Local IPv6 address fe80::2ee7:36c0:98d7:64a6
Nov 25 10:38:19 betelgeuse bluetit: Local interface enp1s0
Nov 25 10:38:19 betelgeuse bluetit: Local interface enp2s0
Nov 25 10:38:19 betelgeuse bluetit: Local interface wlp3s0
Nov 25 10:38:19 betelgeuse bluetit: Setting up network filter and lock
Nov 25 10:38:19 betelgeuse bluetit: Allowing system DNS 127.0.0.53 to pass through the network filter
Nov 25 10:38:19 betelgeuse bluetit: WARNING: Cannot resolve nl3.vpn.airdns.org (Temporary failure in name resolution)
Nov 25 10:38:19 betelgeuse bluetit: Network filter and lock successfully activated
Nov 25 10:38:19 betelgeuse bluetit: ERROR: RESOLVE_ERROR
Nov 25 10:38:19 betelgeuse bluetit: Transport Error: DNS resolve error on 'nl3.vpn.airdns.org' for UDP session: Host not found (non-authoritative), try again later


 

Share this post


Link to post

@lex.luthor

Hello!

Thanks. As you can see the error is different now, AAAA is no more into the game. The problem now is that your DNS doesn't work, not even in IPv4. Fix it or, as a workaround, have Bluetit connect to specific servers, so that it will not rely on names resolutions.

Kind regards
 

Share this post


Link to post
4 hours ago, lex.luthor said:

Thanks for your help. Can you please point me in the right direction to resolve the issue with my DNS?


Hello!

Sure. From your descriptions we assume that it's systemd-resolved the daemon handling DNS setting in your Ubuntu 20 system, so we suggest you check here:
https://unix.stackexchange.com/questions/588658/override-ubuntu-20-04-dns-using-systemd-resolved

Do not miss this bug, just in case it's relevant in your case: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1774632
The bug is pointed out in the above linked thread but in a minor comment and it could be missed. When you know it, patch is straightforward.

If you need a recommendation on DNS servers, we suggest Quad9 (9.9.9.9) and OpenNIC, also see https://www.quad9.net/ and https://www.opennic.org

If we're wrong about our first assumption, please tell us how your system handles DNS settings and we will point you in the (hopefully :) ) right direction.

Kind regards
 

Share this post


Link to post

Thanks. That was indeed really helpful. I use systemd-networkd and systemd-resolved. I followed the instructions above (including the bug).
Internet works when bluetit is down but as soon as I start the bluetit service a can't reach any website.


From the log I can se some progress. It looks like the DNS issue has been resolved?

 

Nov 25 21:39:10 betelgeuse bluetit: Successfully loaded kernel module iptable_raw
Nov 25 21:39:10 betelgeuse bluetit: Successfully loaded kernel module ip6table_filter
Nov 25 21:39:10 betelgeuse bluetit: Successfully loaded kernel module ip6table_nat
Nov 25 21:39:10 betelgeuse bluetit: Successfully loaded kernel module ip6table_mangle
Nov 25 21:39:10 betelgeuse bluetit: Successfully loaded kernel module ip6table_security
Nov 25 21:39:10 betelgeuse bluetit: Successfully loaded kernel module ip6table_raw
Nov 25 21:39:10 betelgeuse bluetit: Network filter successfully initialized
Nov 25 21:39:10 betelgeuse bluetit: Session network filter and lock successfully enabled
Nov 25 21:39:10 betelgeuse bluetit: AirVPN bootstrap servers are now allowed to pass through the network filter
Nov 25 21:39:10 betelgeuse bluetit: Waiting for a valid AirVPN Manifest to be available
Nov 25 21:39:10 betelgeuse bluetit: AirVPN Manifest successfully retrieved from server
Nov 25 21:39:11 betelgeuse bluetit: Logging in AirVPN user lex.luthor
Nov 25 21:39:11 betelgeuse bluetit: AirVPN user lex.luthor successfully logged in
Nov 25 21:39:11 betelgeuse bluetit: Selected user key: Default
Nov 25 21:39:11 betelgeuse bluetit: Starting connection to currently best AirVPN server in Netherlands
Nov 25 21:39:11 betelgeuse bluetit: Starting VPN Connection
Nov 25 21:39:11 betelgeuse systemd-resolved[780]: Flushed all caches.
Nov 25 21:39:11 betelgeuse bluetit: OpenVPN3 client successfully created and initialized.
Nov 25 21:39:11 betelgeuse bluetit: TUN persistence is enabled.
Nov 25 21:39:11 betelgeuse bluetit: Successfully set OpenVPN3 client configuration
Nov 25 21:39:11 betelgeuse bluetit: Starting OpenVPN3 connection thread
Nov 25 21:39:11 betelgeuse bluetit: OpenVPN core 3.7 AirVPN linux x86_64 64-bit
Nov 25 21:39:11 betelgeuse bluetit: Connection statistics updater thread started
Nov 25 21:39:11 betelgeuse bluetit: Frame=512/2048/512 mssfix-ctrl=1250
Nov 25 21:39:11 betelgeuse bluetit: UNUSED OPTIONS#0126 [resolv-retry] [infinite]#0127 [nobind]#0128 [persist-key]#0129 [persist-tun]#01210 [auth-nocache]#01211 [verb] [3]#01212 [explicit-exit-notify] [5]
Nov 25 21:39:11 betelgeuse bluetit: EVENT: RESOLVE
Nov 25 21:39:11 betelgeuse bluetit: WARNING: systemd-resolved is running on this system and may interfere with DNS management and cause DNS leaks
Nov 25 21:39:11 betelgeuse bluetit: Local IPv4 address 192.168.1.3
Nov 25 21:39:11 betelgeuse bluetit: Local IPv6 address fe80::2e8:4cff:fe68:3909
Nov 25 21:39:11 betelgeuse bluetit: Local interface enp1s0
Nov 25 21:39:11 betelgeuse bluetit: Local interface enp2s0
Nov 25 21:39:11 betelgeuse bluetit: Local interface wlp3s0
Nov 25 21:39:11 betelgeuse bluetit: Setting up network filter and lock
Nov 25 21:39:11 betelgeuse bluetit: Allowing system DNS 9.9.9.9 to pass through the network filter
Nov 25 21:39:21 betelgeuse bluetit: WARNING: Cannot resolve nl3.vpn.airdns.org (Temporary failure in name resolution)
Nov 25 21:39:21 betelgeuse bluetit: Network filter and lock successfully activated
Nov 25 21:39:23 betelgeuse bluetit: Contacting 213.152.162.7:443 via UDP
Nov 25 21:39:23 betelgeuse bluetit: EVENT: WAIT
Nov 25 21:39:23 betelgeuse bluetit: net_route_best_gw query IPv4: 213.152.162.7/32
Nov 25 21:39:23 betelgeuse bluetit: sitnl_route_best_gw result: via 192.168.1.1 dev enp1s0
Nov 25 21:39:23 betelgeuse bluetit: net_route_add: 213.152.162.7/32 via 192.168.1.1 dev enp1s0 table 0 metric 0
Nov 25 21:39:23 betelgeuse bluetit: Connecting to [nl3.vpn.airdns.org]:443 (213.152.162.7) via UDPv4
Nov 25 21:39:23 betelgeuse bluetit: UDP send exception: send: Operation not permitted
Nov 25 21:39:23 betelgeuse bluetit: ERROR: NETWORK_SEND_ERROR
Nov 25 21:39:24 betelgeuse bluetit: UDP send exception: send: Operation not permitted
Nov 25 21:39:24 betelgeuse bluetit: ERROR: NETWORK_SEND_ERROR
Nov 25 21:39:25 betelgeuse bluetit: UDP send exception: send: Operation not permitted
Nov 25 21:39:25 betelgeuse bluetit: ERROR: NETWORK_SEND_ERROR
Nov 25 21:39:26 betelgeuse bluetit: UDP send exception: send: Operation not permitted
Nov 25 21:39:26 betelgeuse bluetit: ERROR: NETWORK_SEND_ERROR
Nov 25 21:39:27 betelgeuse bluetit: UDP send exception: send: Operation not permitted
Nov 25 21:39:27 betelgeuse bluetit: ERROR: NETWORK_SEND_ERROR
Nov 25 21:39:28 betelgeuse bluetit: UDP send exception: send: Operation not permitted
Nov 25 21:39:28 betelgeuse bluetit: ERROR: NETWORK_SEND_ERROR
Nov 25 21:39:29 betelgeuse bluetit: UDP send exception: send: Operation not permitted
Nov 25 21:39:29 betelgeuse bluetit: ERROR: NETWORK_SEND_ERROR
Nov 25 21:39:30 betelgeuse bluetit: UDP send exception: send: Operation not permitted
Nov 25 21:39:30 betelgeuse bluetit: ERROR: NETWORK_SEND_ERROR
Nov 25 21:39:31 betelgeuse bluetit: UDP send exception: send: Operation not permitted
Nov 25 21:39:31 betelgeuse bluetit: ERROR: NETWORK_SEND_ERROR
Nov 25 21:39:32 betelgeuse bluetit: UDP send exception: send: Operation not permitted
Nov 25 21:39:32 betelgeuse bluetit: ERROR: NETWORK_SEND_ERROR
Nov 25 21:39:33 betelgeuse bluetit: Server poll timeout, trying next remote entry...
Nov 25 21:39:33 betelgeuse bluetit: EVENT: RECONNECTING
Nov 25 21:39:33 betelgeuse bluetit: ERROR: N_RECONNECT
Nov 25 21:39:33 betelgeuse bluetit: Contacting 213.152.162.7:443 via UDP
Nov 25 21:39:33 betelgeuse bluetit: EVENT: WAIT
Nov 25 21:39:33 betelgeuse bluetit: net_route_del: 213.152.162.7/32 via 192.168.1.1 dev enp1s0 table 0 metric 0
Nov 25 21:39:33 betelgeuse bluetit: net_route_best_gw query IPv4: 213.152.162.7/32
Nov 25 21:39:33 betelgeuse bluetit: sitnl_route_best_gw result: via 192.168.1.1 dev enp1s0
Nov 25 21:39:33 betelgeuse bluetit: net_route_add: 213.152.162.7/32 via 192.168.1.1 dev enp1s0 table 0 metric 0
Nov 25 21:39:33 betelgeuse bluetit: Connecting to [nl3.vpn.airdns.org]:443 (213.152.162.7) via UDPv4
Nov 25 21:39:33 betelgeuse bluetit: UDP send exception: send: Operation not permitted
Nov 25 21:39:33 betelgeuse bluetit: ERROR: NETWORK_SEND_ERROR
Nov 25 21:39:34 betelgeuse bluetit: UDP send exception: send: Operation not permitted
Nov 25 21:39:34 betelgeuse bluetit: ERROR: NETWORK_SEND_ERROR
Nov 25 21:39:35 betelgeuse bluetit: UDP send exception: send: Operation not permitted
Nov 25 21:39:35 betelgeuse bluetit: ERROR: NETWORK_SEND_ERROR
Nov 25 21:39:36 betelgeuse bluetit: UDP send exception: send: Operation not permitted
Nov 25 21:39:36 betelgeuse bluetit: ERROR: NETWORK_SEND_ERROR
Nov 25 21:39:37 betelgeuse bluetit: UDP send exception: send: Operation not permitted
Nov 25 21:39:37 betelgeuse bluetit: ERROR: NETWORK_SEND_ERROR
Nov 25 21:39:38 betelgeuse bluetit: UDP send exception: send: Operation not permitted


 

Share this post


Link to post
@lex.luthor

Hello!

Yes, some progress in names resolution which is now successful (even though we still see an initial failure, then the resolution is successful and correct). Unfortunately now a new problem has come out: UDP appears as a blocked protocol. Might it be that you're running some other firewall frontend such as ufw that's creating some interfering rules? We remember (but we could be wrong) that some default ufw configurations create custom chains and that UDP to some ports get blocked. If that's the case can you please try again with ufw (or any other custom fw frontend) completely disabled? The error message:
Nov 25 21:39:38 betelgeuse bluetit: UDP send exception: send: Operation not permitted
is a typical error hinting to a local, and not external, system UDP block.

Kind regards
 

Share this post


Link to post

I'll give it a try but I think it's worth to recollect how the problem start in the first place. After a blackout (so ... my Ubuntu box didn't shutdown gracefully). I couldn't restart it.
Problem was hummingbird 1.1.0 registered as service an forcing the entire OS to reboot (hummingbird seems to have similar errors related to DNS resolution from what I remember but can't be 100% sure). I managed somehow to sort the mess out with `--network recover` option but at the next reboot same issue. Then I tried to install bluetit to see if things were different (they weren't).

I'll take a look at ufw but could it be that because of the blackout, hummingbird messed up some firewall rules. I think the lock is achieved via iptables no? Just and idea anyway.

Share this post


Link to post

So... uwt is not installed. There is firewalld on Linux Lite (Ubunto based distro) but is disabled by default (I indeed verify this).

Then there is iptables but I can't see anything wrong in it. With bluetit runing I see this rules:

 

sudo iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  255.255.255.255      anywhere            
ACCEPT     all  --  192.168.0.0/16       192.168.0.0/16      
ACCEPT     all  --  10.0.0.0/8           10.0.0.0/8          
ACCEPT     all  --  172.16.0.0/12        172.16.0.0/12       
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere            
DROP       all  --  anywhere             anywhere            

Chain FORWARD (policy DROP)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            
DROP       all  --  anywhere             anywhere            

Chain OUTPUT (policy DROP)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             255.255.255.255     
ACCEPT     all  --  192.168.0.0/16       192.168.0.0/16      
ACCEPT     all  --  10.0.0.0/8           10.0.0.0/8          
ACCEPT     all  --  172.16.0.0/12        172.16.0.0/12       
ACCEPT     all  --  192.168.0.0/16       base-address.mcast.net/24
ACCEPT     all  --  10.0.0.0/8           base-address.mcast.net/24
ACCEPT     all  --  172.16.0.0/12        base-address.mcast.net/24
ACCEPT     all  --  192.168.0.0/16       239.255.255.250     
ACCEPT     all  --  10.0.0.0/8           239.255.255.250     
ACCEPT     all  --  172.16.0.0/12        239.255.255.250     
ACCEPT     all  --  192.168.0.0/16       239.255.255.253     
ACCEPT     all  --  10.0.0.0/8           239.255.255.253     
ACCEPT     all  --  172.16.0.0/12        239.255.255.253     
ACCEPT     icmp --  anywhere             anywhere             icmp echo-reply
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere             state ESTABLISHED
ACCEPT     all  --  anywhere             ec2-63-33-78-166.eu-west-1.compute.amazonaws.com
ACCEPT     all  --  anywhere             ec2-52-48-66-85.eu-west-1.compute.amazonaws.com
ACCEPT     all  --  anywhere             ec2-54-93-175-114.eu-central-1.compute.amazonaws.com
ACCEPT     all  --  anywhere             ec2-63-33-116-50.eu-west-1.compute.amazonaws.com
ACCEPT     all  --  anywhere             dns9.quad9.net      
DROP       all  --  anywhere             anywhere  

 

Share this post


Link to post
@lex.luthor

Hello!

Please check rules with Bluetit not running as well. Make sure that INPUT and OUTPUT chains policy is, for both chains, set to ACCEPT when Bluetit is not running. If it's not, make sure to flush all rules and set the proper policy before you start Bluetit again.

Registering a root process like Hummingbird as a "service" is another Window-ish abomination made easy by systemd which incredibly discourages true daemons even in the documentation! In general it is a bad idea. Use real daemons like Bluetit instead as you are correctly doing now, please do not follow the Windows-ish logic of systemd, at least in this case.

Feel free to keep us posted!

Kind regards
 

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...