Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Thursday, October 25, 2018 7:29 AM
Hello,
I create an resource group with my VM inside... with everything necessary as well as virtual network, network interface, network security group...
My VM (Ubuntu) works and got internet (I can ping 8.8.8.8) but it cannot resolve DNS (trying nslookup www.google.com or dig www.google.com).
Only the port 53 is blocked. I thought it was the "security group" fault but it doesn't change anything when I make a rule.
Inbound & outbound : port 53 -> to 53 | protocol any
I try a lot of different solutions but nothing works.
Any idea ?
Have a good day
All replies (17)
Thursday, October 25, 2018 8:00 AM | 1 vote
Hi,
What is your machine using for DNS resolution? i.e. Azure DNS, Google DNS etc
Thanks
Thursday, October 25, 2018 8:15 AM
Hello,
It uses Azure DNS.
(I already try to change it with google dns but nothing changes, the port 53 seems to be blocked)
Thursday, October 25, 2018 8:19 AM | 2 votes
OK,
Could you help us what does dig<any internal domain name> give as output?
What does etc/resolv.conf have?
Thursday, October 25, 2018 8:23 AM
Sure
/etc/resolv.conf
nameserver 168.63.129.16
search luwp1pyeegzejceexjgfjfusqf.ax.internal.cloudapp.net
result of dig
;; global options: +cmd
;; connection timed out; no servers could be reached
Thursday, October 25, 2018 8:35 AM | 1 vote
Ok, thanks.
What is in /etc/nsswitch.conf ?
Thursday, October 25, 2018 8:55 AM
Yes,
passwd: compat
group: compat
shadow: compat
gshadow: files
hosts: files dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
~
Thursday, October 25, 2018 9:43 AM | 1 vote
Hi,
Is the VM firewall enabled, if so what rules do you have in iptables?
Thursday, October 25, 2018 9:57 AM
support@myVm:~$ service iptables status
● iptables.service
Loaded: not-found (Reason: No such file or directory)
Active: inactive (dead)
And
support@myVm:~$ sudo ufw status
Status: inactive
My rules in iptables...
support@myVm:~$ sudo iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
Everything is inactive and empty because I use the "network security group" as a firewall
(default rules with my rule Inbound & outbound : port 53 -> to 53 | protocol any)
Thursday, October 25, 2018 10:26 AM | 1 vote
Great, what is in your /etc/hosts file
Thursday, October 25, 2018 11:08 AM
127.0.1.1 myVm myVm
127.0.0.1 localhost
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
Friday, October 26, 2018 12:30 PM
Hello,
There is something else to do ? Any idea ?
Have a good day!
Monday, October 29, 2018 6:28 PM
hello Julien1510
I would like to ask your help discarding some items, could you please provide the output of the following
nslookup
server 8.8.8.8
microsoft.com
additionally I have some questions
1. is this a new VM?
2. if yes was it working before?
3. if the VM running as part as a Vnet that may have an NSG? I saw that you already added an exception but I am not sure if this is at the VM level or at the Vnet level
best
Thursday, November 1, 2018 3:58 PM
hello Julien1510
I would like to follow up with you on this issue, has there been any change on your implementation, I trust that the issue is resolved since you haven't had a chance to reply to my previous post
best
Thursday, November 8, 2018 1:36 PM
Hello,
Thanks for your answer. No.. It didn't still work
nslookup
server 8.8.8.8
microsoft.com
support@myVM-QUAL:~$ nslookup
> server 8.8.8.8
Default server: 8.8.8.8
Address: 8.8.8.8#53
> microsoft.com
Server: 8.8.8.8
Address: 8.8.8.8#53
Non-authoritative answer:
Name: microsoft.com
Address: 13.77.161.179
Name: microsoft.com
Address: 40.76.4.15
Name: microsoft.com
Address: 40.112.72.205
Name: microsoft.com
Address: 40.113.200.201
Name: microsoft.com
Address: 104.215.148.63
>
additionally I have some questions
1. is this a new VM?
It's a new VM on Azure but it was before on ESXi (and working well)
2. if yes was it working before?
This VM works perfectly on ESXi
3. if the VM running as part as a Vnet that may have an NSG? I saw that you already added an exception but I am not sure if this is at the VM level or at the Vnet level
I'm not sure to understand your question... But I have a resource group inside my resource group there are those items
- Public IP Adresse
- Network interface
- Virtual machine
- Network security group (NSG ?)
- Virtual network
- Storage account
Have a good day
Thursday, November 8, 2018 4:21 PM
hello Julien1510
it seems that the public DNS is working fine, I think we may need to engage our support team, however before that I would like to ask you to set this public DNS (8.8.8.8) as the actual DNS for the virtual machine through the azure portal, the following document describe the process to update this information, if you find any problem with the process or have any question please let me know
Best
Friday, November 9, 2018 12:22 PM
Hello
I have already tried..
#NSLOOKUP microsoft.com - ;; connection timed out; no servers could be reached
But I can ping outside
Have a good day
Friday, November 9, 2018 5:04 PM
Hello Julien1510
We should get you in touch with support to have it investigated and resolved. definitely the situation you are facing does not seem to be right
Do you have the ability to open a technical support ticket? If not, you can email me at [email protected] and provide me with your SubscriptionID and link to this thread. I can enable one for you.
best