/etc/hosts - issue with apt resolver or network configuration?

T

triks

Member
Oct 17, 2022
44
3
13
Australia
After 2 hours of testing I managed to create a workaround but wondering if anyone knows what the issue could be?

Running "apt update" I see these errors at the end of the process:
W: Failed to fetch http://ftp.debian.org/debian/dists/bookworm/InRelease Temporary failure resolving 'ftp.debian.org'
W: Failed to fetch http://ftp.debian.org/debian/dists/bookworm-updates/InRelease Temporary failure resolving 'ftp.debian.org'
W: Failed to fetch http://download.proxmox.com/debian/pve/dists/bookworm/InRelease Temporary failure resolving 'download.proxmox.com'
W: Failed to fetch http://security.debian.org/debian-security/dists/bookworm-security/InRelease Temporary failure resolving 'security.debian.org'
W: Some index files failed to download. They have been ignored, or old ones used instead.


Workaround:

1. modify

/etc/hosts
127.0.0.1 localhost plex
10.0.1.2 pve.internal pve
103.76.41.50 download.proxmox.com
151.101.2.132 deb.debian.org
151.101.2.132 security.debian.org

2. modify
/etc/apt/sources.list
# Specific AU IP-based workaround testing
deb [URL]http://103.84.224.37/debian[/URL] bookworm main contrib
deb [URL]http://103.84.224.37/debian[/URL] bookworm-updates main contrib
deb [URL]http://security.debian.org/debian-security[/URL] bookworm-security main contrib
deb [URL]http://download.proxmox.com/debian/pve[/URL] bookworm pve-no-subscription

Result:

apt update
Hit:1 [URL]http://103.84.224.37/debian[/URL] bookworm InRelease
Hit:2 [URL]http://103.84.224.37/debian[/URL] bookworm-updates InRelease
Hit:3 [URL]http://security.debian.org/debian-security[/URL] bookworm-security InRelease
Hit:4 [URL]http://download.proxmox.com/debian/pve[/URL] bookworm InRelease
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
All packages are up to date.


Original Issue:

Code: 
Linux pve 6.8.12-7-pve #1 SMP PREEMPT_DYNAMIC PMX 6.8.12-7 (2025-01-17T08:18Z) x86_64

Last login: Tue Mar 25 11:46:57 AEDT 2025 on pts/1
root@pve:~# sudo apt update
Ign:1 http://ftp.debian.org/debian bookworm InRelease
Ign:2 http://ftp.debian.org/debian bookworm-updates InRelease
Ign:3 http://download.proxmox.com/debian/pve bookworm InRelease
Ign:4 http://security.debian.org/debian-security bookworm-security InRelease
Ign:1 http://ftp.debian.org/debian bookworm InRelease
Ign:3 http://download.proxmox.com/debian/pve bookworm InRelease
Ign:2 http://ftp.debian.org/debian bookworm-updates InRelease
Ign:4 http://security.debian.org/debian-security bookworm-security InRelease
Ign:1 http://ftp.debian.org/debian bookworm InRelease
Ign:2 http://ftp.debian.org/debian bookworm-updates InRelease
Ign:3 http://download.proxmox.com/debian/pve bookworm InRelease
Ign:4 http://security.debian.org/debian-security bookworm-security InRelease
Ign:1 http://ftp.debian.org/debian bookworm InRelease
Ign:2 http://ftp.debian.org/debian bookworm-updates InRelease
Ign:3 http://download.proxmox.com/debian/pve bookworm InRelease
Ign:4 http://security.debian.org/debian-security bookworm-security InRelease
Ign:1 http://ftp.debian.org/debian bookworm InRelease
Ign:3 http://download.proxmox.com/debian/pve bookworm InRelease
Ign:2 http://ftp.debian.org/debian bookworm-updates InRelease
Ign:4 http://security.debian.org/debian-security bookworm-security InRelease
Err:3 http://download.proxmox.com/debian/pve bookworm InRelease
  Temporary failure resolving 'download.proxmox.com'
Err:1 http://ftp.debian.org/debian bookworm InRelease
  Temporary failure resolving 'ftp.debian.org'
Err:2 http://ftp.debian.org/debian bookworm-updates InRelease
  Temporary failure resolving 'ftp.debian.org'
Err:4 http://security.debian.org/debian-security bookworm-security InRelease
  Temporary failure resolving 'security.debian.org'
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
All packages are up to date.
W: Failed to fetch http://ftp.debian.org/debian/dists/bookworm/InRelease  Temporary failure resolving 'ftp.debian.org'
W: Failed to fetch http://ftp.debian.org/debian/dists/bookworm-updates/InRelease  Temporary failure resolving 'ftp.debian.org'
W: Failed to fetch http://download.proxmox.com/debian/pve/dists/bookworm/InRelease  Temporary failure resolving 'download.proxmox.com'
W: Failed to fetch http://security.debian.org/debian-security/dists/bookworm-security/InRelease  Temporary failure resolving 'security.debian.org'
W: Some index files failed to download. They have been ignored, or old ones used instead.

DNS tests to rule out general DNS/local network problems:

  1. nslookup Tests:
    • Ran nslookup download.proxmox.com 8.8.8.8, resolved to 103.76.41.50.
    • Ran nslookup deb.debian.org 8.8.8.8 and nslookup security.debian.org 8.8.8.8, resolved to IPs like 151.101.2.132.
    • Confirmed system DNS servers (8.8.8.8, 1.1.1.1 from /etc/resolv.conf) work for these domains.
  2. Ping Tests:
    • Ran ping download.proxmox.com, succeeded with responses, showing network reachability.
    • Similar results for deb.debian.org and security.debian.org, ruling out connectivity issues.
  3. Curl Tests:
  4. Checked DNS Configuration:
    • Ran cat /etc/resolv.conf, showed nameserver 8.8.8.8 and nameserver 1.1.1.1, verifying correct DNS settings.
  5. Network Path Verification:
    • Ran traceroute to domains, showed hops through pfSense (10.0.1.1) with no local blockages.
    • Ran ping 8.8.8.8, confirmed low latency and no packet loss to DNS servers.
  6. Apt-Specific Debugging:
    • Ran strace -f -e trace=network apt update 2>&1 | grep -E "(8.8.8.8|1.1.1.1|resolv)", showed DNS queries failing with "Temporary failure resolving", despite system-wide success.
  7. IP Workaround:
    • Used http://103.84.224.37/debian in /etc/apt/sources.list for ftp.au.debian.org, worked for that repo, but CDN-based ones like security.debian.org failed without /etc/hosts.
Resolution results:

ftp.au.debian.org
  • Resolution Status (Apt, Without /etc/hosts): Fails to resolve
  • Resolution Status (Apt, With /etc/hosts): Resolves with IP in sources.list
  • Resolution Status (Other Tools): Resolves successfully
  • Notes: Worked when using IP (103.84.224.37) directly in /etc/apt/sources.list.
deb.debian.org
  • Resolution Status (Apt, Without /etc/hosts): Fails to resolve
  • Resolution Status (Apt, With /etc/hosts): Resolves with /etc/hosts
  • Resolution Status (Other Tools): Resolves successfully
  • Notes: CDN-based with dynamic IPs, resolution fails without /etc/hosts entry (e.g., 151.101.2.132).
security.debian.org
  • Resolution Status (Apt, Without /etc/hosts): Fails to resolve
  • Resolution Status (Apt, With /etc/hosts): Resolves with /etc/hosts
  • Resolution Status (Other Tools): Resolves successfully
  • Notes: CDN-based, similar DNS issue to deb.debian.org, requires hostname or /etc/hosts entry (e.g., 151.101.2.132).
download.proxmox.com
  • Resolution Status (Apt, Without /etc/hosts): Fails to resolve
  • Resolution Status (Apt, With /etc/hosts): Resolves with /etc/hosts
  • Resolution Status (Other Tools): Resolves successfully
  • Notes: Static IP (103.76.41.50), works with hostname when resolved via /etc/hosts.
 
Last edited:
bbgeek17 said:
Hi @triks, before you hard-coded the IP addresses in /etc/hosts and elsewhere, have you examined /etc/resolv.conf and /etc/network/interfaces for correctness?

Cheers

Blockbridge : Ultra low latency all-NVME shared storage for Proxmox - https://www.blockbridge.com/proxmox
Click to expand...
Hi @bbgeek17, yeah I checked both /etc/resolv.conf and /etc/network/interfaces before resorting to hard-coding IPs in /etc/hosts. I've also added my DNS test results in my original post now.

nameserver 8.8.8.8
nameserver 1.1.1.1

auto lo
iface lo inet loopback

auto vmbr0
iface vmbr0 inet static
address 10.0.1.2/24
gateway 10.0.1.1
bridge-ports eno1
bridge-stp off
bridge-fd 0

auto vmbr1
iface vmbr1 inet manual
bridge-ports eno2
bridge-stp off
bridge-fd 0
 
Have you modified proxy settings for various apps?
https://www.howtoforge.com/how-to-setup-apt-proxy-on-ubuntu/

Ping and nslookup wouldn't be affected, but curl should have been. Have you installed any VPN clients or other third-party agents?

If everything you reported is accurate, this isn't typical behavior for a Debian system or PVE. Something was changed or affected, and troubleshooting remotely, without access to the system, will mostly be educated guessing.


Blockbridge : Ultra low latency all-NVME shared storage for Proxmox - https://www.blockbridge.com/proxmox
 
thanks for your help - appreciate it.

I don't use any proxy settings... the strange part is apt update fails with "Temporary failure resolving" for deb.debian.org, security.debian.org, and download.proxmox.com unless I use 151.101.2.132 and 103.76.41.50 in /etc/hosts. Other tools don’t care, and strace showed apt bombing on DNS queries. It’s gotta be an apt thing, not my setup?

Everything’s standard—no proxies or weird tweaks. Any ideas what’s making apt act up?

I run pfSense DNS Resolver (Unbound) is set to forward to 8.8.8.8 and 1.1.1.1, and nslookup from the Proxmox box works, so pfSense isn’t dropping DNS packets. I even tried disabling pfBlockerNG temporarily—no dice, apt still fails.

Ran cat /etc/resolv.conf and it’s just:
nameserver 8.8.8.8
nameserver 1.1.1.1

Checked /etc/apt/apt.conf.d/ with ls -l and cat:
-r--r--r-- 1 root root 541 Mar 25 12:28 76pveconf

root@pve:~# env | grep -i proxy
root@pve:~# cat /etc/environment
root@pve:~# curl -I http://deb.debian.org/debian/
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 6123
Server: Apache
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
Referrer-Policy: no-referrer
X-Xss-Protection: 1
Permissions-Policy: interest-cohort=()
X-Clacks-Overhead: GNU Terry Pratchett
Content-Type: text/html;charset=UTF-8
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Age: 0
Date: Tue, 25 Mar 2025 02:14:26 GMT
X-Served-By: cache-ams21082-AMS, cache-mel11265-MEL
X-Cache: HIT, MISS
X-Cache-Hits: 3, 0
X-Timer: S1742868866.200893,VS0,VE257
Vary: Accept-Encoding

root@pve:~# curl -I http://download.proxmox.com/debian/pve/
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 25 Mar 2025 02:14:37 GMT
Content-Type: text/html
Connection: keep-alive

Haven’t installed any VPNs or random network agents. It’s a clean Proxmox VE 8.3.5 on bare metal—vmbr0 (10.0.1.2/24, gateway 10.0.1.1 to pfSense) and vmbr1 (WAN, manual, no IP). Just stock Proxmox networking.
 
triks said:
thanks for your help - appreciate it.
Click to expand...
Keep in mind that this is not PVE specific. You are dealing with some sort of Debian Linux OS misconfiguration, and so generic troubleshooting steps apply.
I.e.:
https://unix.stackexchange.com/questions/39071/debian-problem-with-dns
https://superuser.com/questions/142...or-unit-dbus-org-freedesktop-resolve1-service
https://www.reddit.com/r/linuxquest...tget_update_failing_to_resolve_hosts_but_dns/


Blockbridge : Ultra low latency all-NVME shared storage for Proxmox - https://www.blockbridge.com/proxmox
 
You must log in or register to reply here.
Top Bottom