Checking DNS settings

Available in VPC

If you do not use the DNS settings provided by NAVER Cloud Platform, normal communication with the servers provided for internal management may not be possible. If possible, do not set up DNS separately. If you set up DNS separately, you may encounter errors in the process of creating a server with a server image or setting the admin password.

CentOS, Rocky Linux

Inspect the DNS settings and file in the RedHat OS provided on NAVER Cloud Platform.

1. Check the DNS settings of NAVER Cloud Platform received from DHCP. The IPs of the DNS server provided in the VPC environment are 169.254.169.53 and 169.254.169.54.

   [root@centos78 ~]# grep domain-name /var/lib/dhclient/dhclient--eth0.lease
   option domain-name-servers 169.254.169.53,169.254.169.54;
   option domain-name-servers 169.254.169.53,169.254.169.54;
   

2. Check the settings and content of the /etc/resolv.conf file.

   • If the contents of the file differ from the following, normal communication with NAVER Cloud Platform DNS server may not be possible. However, after editing the file and rebooting the OS, it is initialized to NAVER Cloud Platform settings received from DHCP.

   [root@centos78 ~]# cat /etc/resolv.conf
   ; generated by /usr/sbin/dhclient-script
   nameserver 169.254.169.53
   nameserver 169.254.169.54
   

3. Check the DNS query operation using the nslookup command.

   • When the query works correctly, 169.254.1.5 and 169.254.80.160 are displayed.

     [root@centos78 ~]# nslookup repo.ncloud.com
     Server:        169.254.169.53
     Address:    169.254.169.53#53
     
     Non-authoritative answer:
     repo.ncloud.com    canonical name = repo.ncloud.grm.ncloud.com.
     Name:    repo.ncloud.grm.ncloud.com
     Address: 169.254.1.5
     Name:    repo.ncloud.grm.ncloud.com
     Address: 169.254.80.160
     

   • When using another DNS than the DNS provided on NAVER Cloud Platform, a completely different IP will be received.

     [root@centos78 ~]# nslookup repo.ncloud.com 8.8.8.8
     Server:        8.8.8.8
     Address:    8.8.8.8#53
     
     Non-authoritative answer:
     repo.ncloud.com    canonical name = repo.ncloud.grm.ncloud.com.
     Name:    repo.ncloud.grm.ncloud.com
     Address: 10.250.5.105
     

Ubuntu

Ubuntu 18.04 and Ubuntu 20.04 provided by NAVER Cloud Platform use systemd-resolved. Inspect the DNS settings and files on the Ubuntu OS.

1. Check the settings and content of the /etc/resolv.conf file.

   • Check if the file's symbolic link exists.
     • Ubuntu 18.04

       root@ubuntu1804:~# ll /etc/resolv.conf
       lrwxrwxrwx 1 root root 29 Nov 13  2019 /etc/resolv.conf -> ../run/resolvconf/resolv.conf
       

     • Ubuntu 20.04

       root@ubuntu2004:~# ll /etc/resolv.conf
       lrwxrwxrwx 1 root root 39 Jan 24  2022 /etc/resolv.conf -> ../run/systemd/resolve/stub-resolv.conf
       

2. Check if the contents of the file are the same as the following: However, the options edns0 trust-ad option may be absent or different depending on the OS version.

   • Ubuntu 18.04

     root@ubuntu1804:~# cat /etc/resolv.conf
     # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
     ... Omitted...
     nameserver 127.0.0.53
     

   • Ubuntu 20.04

     root@ubuntu2004:~# cat /etc/resolv.conf
     # This file is managed by man:systemd-resolved(8). Do not edit.
     ... Omitted...
     nameserver 127.0.0.53
     options edns0 trust-ad
     

3. Check the DNS settings of NAVER Cloud Platform received from DHCP.

   root@ubuntu2004:~# cat /run/systemd/resolved.conf.d/isc-dhcp-v4-eth0.conf
   [Resolve]
   DNS=169.254.169.53 169.254.169.54
   

4. Check the configured DNS settings on the OS. The IPs of the DNS server provided in the VPC environment are 169.254.169.53 and 169.254.169.54.

   root@ubuntu2004:~# cat /run/systemd/resolve/resolv.conf
   ... Omitted...
   nameserver 169.254.169.53
   nameserver 169.254.169.54
   

   • If it appears as follows, the DNS server settings are in an abnormal state.

     root@ubuntu2004:~# tail -2 /run/systemd/resolve/resolv.conf
     
     # No DNS servers known.
     

   • If applicable, handle it as follows:

     root@ubuntu2004:~# cat /run/systemd/resolved.conf.d/isc-dhcp-v4-eth0.conf
     [Resolve]
     DNS=169.254.169.53 169.254.169.54
     
     root@ubuntu2004:~# systemctl restart systemd-resolved
     root@ubuntu2004:~# tail -2 /run/systemd/resolve/resolv.conf
     nameserver 169.254.169.53
     nameserver 169.254.169.54
     

5. Check if the systemd-resolved daemon is running and its status.

   • The systemd-resolved daemon must be enabled in the list of installed units for it to work properly after booting.

     root@ubuntu2004:~# systemctl list-unit-files | grep systemd-resolved.service
     systemd-resolved.service               enabled         enabled
     

   • The systemd-resolved daemon must be active for it to work properly.

     root@ubuntu2004:~# systemctl status systemd-resolved.service
     ● systemd-resolved.service - Network Name Resolution
          Loaded: loaded (/lib/systemd/system/systemd-resolved.service; enabled; vendor preset: enabled)
          Active: active (running) since Sat 2023-01-07 00:29:09 KST; 2 months 4 days ago
            Docs: man:systemd-resolved.service(8)
                  https://www.freedesktop.org/wiki/Software/systemd/resolved
                  https://www.freedesktop.org/wiki/Software/systemd/writing-network-configuration-managers
                  https://www.freedesktop.org/wiki/Software/systemd/writing-resolver-clients
        Main PID: 587 (systemd-resolve)
          Status: "Processing requests..."
           Tasks: 1 (limit: 9421)
          Memory: 4.7M
          CGroup: /system.slice/systemd-resolved.service
                  └─587 /lib/systemd/systemd-resolved
     

   • Check the connection status of the IP address 127.0.0.53. It must be LISTEN through port 53 (nameservice port) by the systemd-resolve service.

     root@ubuntu2004:~# netstat -anp | grep 127.0.0.53
     tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      587/systemd-resolve
     udp        0      0 127.0.0.53:53           0.0.0.0:*                           587/systemd-resolve
     

6. Check the DNS settings in the systemd-resolve service.

   • Use the following command to verify the DNS server information that sends queries.
     • Ubuntu 18.04

       root@ubuntu1804:~# systemd-resolve --status
       Global
                DNS Servers: 169.254.169.53
                             169.254.169.54
        ... Omitted...
       

     • Ubuntu 20.04

       root@ubuntu2004:~# systemd-resolve --status
       Global
              LLMNR setting: no                 
       MulticastDNS setting: no                 
         DNSOverTLS setting: no                 
             DNSSEC setting: no                 
           DNSSEC supported: no                 
         Current DNS Server: 169.254.169.53     
                DNS Servers: 169.254.169.53     
                             169.254.169.54
       ... Omitted...
       

7. Check the permissions of the /etc/hosts file.

   • The read permissions must be granted to the Other User of the /etc/hosts file for the systemd-resolved daemon to operate properly. By default, the /etc/hosts file has permission set to 644.

   root@ubuntu2004:~# ls -l /etc/hosts
   -rw-r--r-- 1 root root 186 Jan 24  2022 /etc/hosts
   

8. Check the DNS query operation using the nslookup command.

   • When the query works correctly, 169.254.1.5 and 169.254.80.160 are displayed.

     root@ubuntu2004:~# nslookup repo.ncloud.com
     Server:		   127.0.0.53
     Address:	   127.0.0.53#53
     
     Non-authoritative answer:
     repo.ncloud.com	canonical name = repo.ncloud.grm.ncloud.com.
     repo.ncloud.grm.ncloud.com	canonical name = kr-vpc-init.ncloud.grm.ncloud.com.
     Name:	kr-vpc-init.ncloud.grm.ncloud.com
     Address: 169.254.1.5
     Name:	kr-vpc-init.ncloud.grm.ncloud.com
     Address: 169.254.80.160
     

   • When using another DNS than the DNS provided on NAVER Cloud Platform, a completely different IP will be received.

     root@ubuntu2004:~# nslookup repo.ncloud.com 8.8.8.8
     Server:        8.8.8.8
     Address:    8.8.8.8#53
     
     Non-authoritative answer:
     repo.ncloud.com    canonical name = repo.ncloud.grm.ncloud.com.
     Name:    repo.ncloud.grm.ncloud.com
     Address: 10.250.5.105
     

FAQ related to DNS

Q. The following isc_socket_bind error occurs when querying DNS. What should I do?

[root@ncp-server ~]# nslookup repo.ncloud.com
Server:     169.254.169.53
Address:    169.254.169.53#53
 
Non-authoritative answer:
repo.ncloud.com canonical name = repo.ncloud.grm.ncloud.com.
repo.ncloud.grm.ncloud.com  canonical name = kr-vpc-init.ncloud.grm.ncloud.com.
Name:   kr-vpc-init.ncloud.grm.ncloud.com
Address: 169.254.80.160
Name:   kr-vpc-init.ncloud.grm.ncloud.com
Address: 169.254.1.5

nslookup: isc_socket_bind: address in use

The issue occurs when the ip_local_port_range value is too small for the customer service network environment, or when there are too many socket ports currently in use.
You can check the ip_local_port_range as follows: By default, the minimum port is 32768, and the maximum port is 60999.

[root@ncp-server ~]# sysctl net.ipv4.ip_local_port_range
net.ipv4.ip_local_port_range = 32768    60999

If the server can be rebooted, reboot in the OS. If it cannot be rebooted, check the number of currently used sockets and organize the unnecessary sockets or increase the ip_local_port_range value.
DNS query in normal status is output as follows:

[root@ncp-server ~]# nslookup repo.ncloud.com
Server:     169.254.169.53
Address:    169.254.169.53#53
 
Non-authoritative answer:
repo.ncloud.com canonical name = repo.ncloud.grm.ncloud.com.
repo.ncloud.grm.ncloud.com  canonical name = kr-vpc-init.ncloud.grm.ncloud.com.
Name:   kr-vpc-init.ncloud.grm.ncloud.com
Address: 169.254.80.160
Name:   kr-vpc-init.ncloud.grm.ncloud.com
Address: 169.254.1.5