DNS issue while updating Proxmox VE

L

lockharj

New Member
Jun 21, 2023
5
0
1
Hi, let me preface by saying I've seen plenty of posts on how to update the resolv.conf file through the CLI and GUI, but please hear me out...

Steps I've taken:
1) Updates > Repositories: added no-subscription repository, status is enabled
4 enabled apt repositories present:
ftp.us.debain.org/debian bullseye main contrib
ftp.us.debain.org/debian bullseye-updates main contrib
security.debain.org/debian bullseye-security main contrib
download.proxmox.com/debian/pve bullseye pve-no-subscription

2) Updates > [Refresh], output:
starting apt-get update
Err:1 http://ftp.us.debian.org/debian bullseye InRelease
Temporary failure resolving 'ftp.us.debian.org'
Err:2 http://security.debian.org bullseye-security InRelease
Temporary failure resolving 'security.debian.org'
Err:3 http://download.proxmox.com/debian/pve bullseye InRelease
Temporary failure resolving 'download.proxmox.com'
Err:4 http://ftp.us.debian.org/debian bullseye-updates InRelease
Temporary failure resolving 'ftp.us.debian.org'
Reading package lists...
W: Failed to fetch http://ftp.us.debian.org/debian/dists/bullseye/InRelease Temporary failure resolving 'ftp.us.debian.org'
W: Failed to fetch http://ftp.us.debian.org/debian/dists/bullseye-updates/InRelease Temporary failure resolving 'ftp.us.debian.org'
W: Failed to fetch http://security.debian.org/dists/bullseye-security/InRelease Temporary failure resolving 'security.debian.org'
W: Failed to fetch http://download.proxmox.com/debian/pve/dists/bullseye/InRelease Temporary failure resolving 'download.proxmox.com'
W: Some index files failed to download. They have been ignored, or old ones used instead.
TASK OK

I'm able to see the current vs. new versions, and there are deltas, signaling that the 'update' command is working.

3) [Upgrade], output:
Starting system upgrade: apt-get dist-upgrade
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Calculating upgrade... Done
The following NEW packages will be installed:
pve-kernel-5.15.107-2-pve
The following packages will be upgraded:
libssl1.1 openssl pve-kernel-5.15
3 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 79.2 MB of archives.
After this operation, 400 MB of additional disk space will be used.
Do you want to continue? [Y/n] y
Err:1 http://security.debian.org bullseye-security/main amd64 libssl1.1 amd64 1.1.1n-0+deb11u5
Temporary failure resolving 'security.debian.org'
Err:2 http://download.proxmox.com/debian/pve bullseye/pve-no-subscription amd64 pve-kernel-5.15.107-2-pve amd64 5.15.107-2
Temporary failure resolving 'download.proxmox.com'
Err:3 http://download.proxmox.com/debian/pve bullseye/pve-no-subscription amd64 pve-kernel-5.15 all 7.4-3
Temporary failure resolving 'download.proxmox.com'
Err:4 http://security.debian.org bullseye-security/main amd64 openssl amd64 1.1.1n-0+deb11u5
Temporary failure resolving 'security.debian.org'
E: Failed to fetch http://security.debian.org/pool/updates/main/o/openssl/libssl1.1_1.1.1n-0+deb11u5_amd64.deb Temporary failure resolving 'security.debian.org'
E: Failed to fetch http://security.debian.org/pool/updates/main/o/openssl/openssl_1.1.1n-0+deb11u5_amd64.deb Temporary failure resolving 'security.debian.org'
E: Failed to fetch http://download.proxmox.com/debian/...ve-kernel-5.15.107-2-pve_5.15.107-2_amd64.deb Temporary failure resolving 'download.proxmox.com'
E: Failed to fetch http://download.proxmox.com/debian/...on/binary-amd64/pve-kernel-5.15_7.4-3_all.deb Temporary failure resolving 'download.proxmox.com'
E: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing?

System not fully up to date (found 4 new packages)


4) Checked DNS settings in System > DNS, changed DNS server 1 from Cloudflare DNS (1.1.1.1) to my DHCP server's IP, which is a Sophos XG VM, when I rerun update there's a series of TASK ERRORs, output:
starting apt-get update
Err:1 http://download.proxmox.com/debian/pve bullseye InRelease
Cannot initiate the connection to download.proxmox.com:80 (2607:5300:203:7dc2::162). - connect (101: Network is unreachable) Could not connect to download.proxmox.com:80 (144.217.225.162). - connect (113: No route to host)
Err:2 http://security.debian.org bullseye-security InRelease
Cannot initiate the connection to debian.map.fastlydns.net:80 (2a04:4e42:8a::644). - connect (101: Network is unreachable) Could not connect to debian.map.fastlydns.net:80 (146.75.106.132). - connect (113: No route to host) Cannot initiate the connection to security.debian.org:80 (2a04:4e42:600::644). - connect (101: Network is unreachable) Cannot initiate the connection to security.debian.org:80 (2a04:4e42:200::644). - connect (101: Network is unreachable) Cannot initiate the connection to security.debian.org:80 (2a04:4e42::644). - connect (101: Network is unreachable) Cannot initiate the connection to security.debian.org:80 (2a04:4e42:400::644). - connect (101: Network is unreachable) Could not connect to security.debian.org:80 (151.101.130.132). - connect (113: No route to host) Could not connect to security.debian.org:80 (151.101.194.132). - connect (113: No route to host) Could not connect to security.debian.org:80 (151.101.66.132). - connect (113: No route to host) Could not connect to security.debian.org:80 (151.101.2.132). - connect (113: No route to host)
Ign:3 http://ftp.us.debian.org/debian bullseye InRelease
Ign:4 http://ftp.us.debian.org/debian bullseye-updates InRelease
Err:5 http://ftp.us.debian.org/debian bullseye Release
Cannot initiate the connection to ftp.us.debian.org:80 (2600:3402:200:227::2). - connect (101: Network is unreachable) Cannot initiate the connection to ftp.us.debian.org:80 (2600:3404:200:237::2). - connect (101: Network is unreachable) Cannot initiate the connection to ftp.us.debian.org:80 (2620:0:861:2:208:80:154:139). - connect (101: Network is unreachable)
Err:6 http://ftp.us.debian.org/debian bullseye-updates Release
Cannot initiate the connection to ftp.us.debian.org:80 (2600:3402:200:227::2). - connect (101: Network is unreachable) Cannot initiate the connection to ftp.us.debian.org:80 (2600:3404:200:237::2). - connect (101: Network is unreachable) Cannot initiate the connection to ftp.us.debian.org:80 (2620:0:861:2:208:80:154:139). - connect (101: Network is unreachable)
Reading package lists...
E: The repository 'http://ftp.us.debian.org/debian bullseye Release' no longer has a Release file.
E: The repository 'http://ftp.us.debian.org/debian bullseye-updates Release' no longer has a Release file.
TASK ERROR: command 'apt-get update' failed: exit code 100

5) I tried changing the DNS to Google (8.8.8.8), output was just like using Cloudflare DNS, but again upgrade command fails.

6) For search domain I'm just including a random domain I registered, didn't know what to do there
 
Sorry for the delay in getting back:

I can't run dig command from the Sophos VM, since that package isn't available, but ran it from another client VM within Proxmox too and got the following output:
;; ANSWER SECTION:
debian.org. 195 IN A 149.20.4.15
debian.org. 195 IN A 130.89.148.77
debian.org. 195 IN A 128.31.0.62

;; Query time: 12 msec
;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP)
;; WHEN: Thu Jun 22 19:22:12 UTC 2023
;; MSG SIZE rcvd: 87

From Proxmox VE:
connection timed out; no servers could be reached

Hope that helps and thanks in advance!
 
(on PVE host) what is the output of : ip route

(on PVE host) what is the output of : cat /etc/resolv.conf
 
Last edited:
ip route:
default via 172.16.16.1 dev vmbr0 proto kernel onlink
172.16.16.0/24 dev vmbro proto kernel scope link src 172.16.16.11

cat /etc/resolv.conf
search proxmox.local
nameserver 172.16.16.11
nameserver 1.1.1.1
nameserver 8.8.8.8
 
In /etc/resolv.conf :

If 172.16.16.11 is your PVE host and it does not have Unbound or other DNS services running,
replace it with Sophos ip address (if that has DNS service running).

Don't know if your Sophos vm is handling ALL network traffic from inside to the internet,
in that case you can remove 1.1.1.1 and 8.8.8.8 and only set 172.16.16.1 in resolv.conf as DNS resolver.
 
Yes, 172.16.16.16 is the Sophos VM and it routes all network traffic.

Tried:
1) Removing Google and Cloudflare DNS, resulted in "TASK ERROR: command 'apt-get update' failed: exit code 100"
2) Changed DNS to only have 172.16.16.16, same result
2) Changed DNS to only have 172.16.16.1, same result

It seems like I get a task OK only when pointed to a public DNS server.

Since I'm not seeing any increases to the # of packages that need to be upgraded, I've got the feeling that these are from when the connection was working properly, and even the apt-update isn't working. So the different messages are basically meaningless, since none of the DNS settings resolve the apt-upgrade situation.
 
lockharj said:
Yes, 172.16.16.16 is the Sophos VM and it routes all network traffic.

Tried:
1) Removing Google and Cloudflare DNS, resulted in "TASK ERROR: command 'apt-get update' failed: exit code 100"
2) Changed DNS to only have 172.16.16.16, same result
2) Changed DNS to only have 172.16.16.1, same result

It seems like I get a task OK only when pointed to a public DNS server.

Since I'm not seeing any increases to the # of packages that need to be upgraded, I've got the feeling that these are from when the connection was working properly, and even the apt-update isn't working. So the different messages are basically meaningless, since none of the DNS settings resolve the apt-upgrade situation.
Click to expand...

(in your internal network) what device is your DNS server? I thought the Sophos vm?
Anyway, put your DNS device ip address in /etc/resolv.conf
You can also put 1.1.1.1 in there, but if Sophos handles all DNS resolving it makes no sense

Why can vm's do a successfull DNS query, and the PVE host not?

(on PVE host) what is the output of : cat /etc/network/interfaces
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back