Problem with DNS on a VM

[Rotunie]

I installed proxmox on my server, after initial configuration, I made a debian VM for a docker. After trying to create a container I found out that there's problem with a dns. PVE Host is able to resolve the ping google.com, but VM is not able. After trying nslookup google.com on a VM I got this;

nslookup google.com
;; communications error to 192.168.0.1#53: connection refused
;; communications error to 192.168.0.1#53: connection refused
;; communications error to 192.168.0.1#53: connection refused
;; no servers could be reached

after checking logs on my router there's no info about this query (from the rest of the devices on my network there are logs)
I assume proxmox is blocking dns but I had no luck with trying to fix it

Here's proxmox /etc/network/interfaces ;

source /etc/network/interfaces.d/*


auto lo
iface lo inet loopback


auto enp1s0
iface enp1s0 inet manual


iface enp2s0 inet manual


auto vmbr0
iface vmbr0 inet static
        address 192.168.0.20/24
        gateway 192.168.0.1
        bridge-ports enp1s0
        bridge-stp off
        bridge-fd 0

/etc/resolv.conf ;

nameserver 192.168.0.1

Here's my VM /etc/network/interfaces ;

source /etc/network/interfaces.d/*


# The loopback network interface
auto lo
iface lo inet loopback


# The primary network interface
allow-hotplug ens18
iface ens18 inet dhcp

/etc/resolv.conf ;

domain lan
search lan
nameserver 192.168.0.1

Thank you for any suggestions.

 

[sw-omit]

One thing you could try, would be to go to the Datacenter (not the server/node) section on the left of the web-GUI, go to options, and there turn the firewall option off.
If it is Proxmox's default firewall, then turning that off should allow traffic through. If it is already off or if turning off doesn't help, then it might not be Proxmox's default software (or Proxmox at all) that is blocking things.

Can you ping your router and 8.8.8.8? And if you try to nslookup google.com 8.8.8.8, does that work?

If (temporarily) turning off the firewall (and it being on before) does work, what do you currently have set up as your firewall-rules?

 

[Rotunie]

One thing you could try, would be to go to the Datacenter (not the server/node) section on the left of the web-GUI, go to options, and there turn the firewall option off.
If it is Proxmox's default firewall, then turning that off should allow traffic through. If it is already off or if turning off doesn't help, then it might not be Proxmox's default software (or Proxmox at all) that is blocking things.

Can you ping your router and 8.8.8.8? And if you try to nslookup google.com 8.8.8.8, does that work?

If (temporarily) turning off the firewall (and it being on before) does work, what do you currently have set up as your firewall-rules?

I already tried turning firewall off (on datacenter level and server level), it didn't help. I can ping my router and 8.8.8.8, and nslookup google.com 8.8.8.8 work.

 

[sw-omit]

Ok, so if nslookup to 8.8.8.8 works, then it isn't proxmox blocking DNS in general, nor is it blocking traffic to your router, but something is blocking specifically traffic from your VM to the router-DNS. That at least means that setting your VM (or the DHCP-Options of your router) to provide something like 8.8.8.8 or 1.1.1.1 as (secondary) DNS-IP's might work-around the issue.

Does your router have an option to show you the arp-table? And does the IP-address there for your VM match the one you have assigned in proxmox for it, and neither another or having multiple?

Oh, and what kind of router is it btw?

 

[Rotunie]

So the router is raspberry-pi 4 with OpenWrt, It is also a fresh install so the only stuf that I touched was the DHCP and DNS configuration, but with no luck. Additional info, my pi is working more as an extender of my home WiFi since I cant get a cable to my switch (not managable) so that's why you will see 2 diffrent networks in the arp-table.

Here's arp-table from the pi ;

arp -a
IP address       HW type     Flags       HW address            Mask     Device
192.168.68.1     0x1         0x2         50:91:e3:7e:28:bc     *        phy0-sta0
192.168.0.10     0x1         0x2         d8:5e:d3:f9:34:41     *        eth0
192.168.0.21     0x1         0x0         bc:24:11:bc:65:03     *        eth0
192.168.0.20     0x1         0x2         0c:c4:7a:32:99:54     *        eth0
192.168.68.102   0x1         0x2         86:8d:44:ff:1f:ed     *        phy0-sta0
192.168.68.101   0x1         0x2         e4:be:ed:09:ab:34     *        phy0-sta0
192.168.68.110   0x1         0x0         00:00:00:00:00:00     *        phy0-sta0

And does the IP-address there for your VM match the one you have assigned in proxmox for it, and neither another or having multiple?

Proxmox has an IP 192.168.0.20 and VM has an IP 192.168.0.21
I made reservation on my pi and it is correct with what I assigned on proxmox

EDIT:
I forgot, I already installed docker on this VM, if I am correct while installing I am supposed to add docker website to sources file. So it seems if I add link in there VM is able to resolve the website name to ip

 

[sw-omit]

If you set the IP of your VM static to .22 (to also switch IP), does that work? (Trying to see if it is maybe some DHCP-weirdness, giving that one of the differences between server and vm is static vs dhcp)

 

[Rotunie]

I change the IP on VM it didn't help unfortunately. While looking at a VM setting the only think that caught my eye was network settings with a value firewall=1 I don't know if this might help.

 

[sw-omit]

Since the firewall is off on the datacenter/cluster level, that option does nothing (neither does the option in server, only when the datacenter-option is on, any of the other options do something)

At the moment I can't really help to troubleshoot further, but most likely if you manually set the resolv.conf to use 8.8.8.8 as its nameserver, it will at least be able to reach the internet (given the tests we have done before) and you can "continue" at least and perhaps circle back to it sometime later.

 

[Rotunie]

Since the firewall is off on the datacenter/cluster level, that option does nothing (neither does the option in server, only when the datacenter-option is on, any of the other options do something)

At the moment I can't really help to troubleshoot further, but most likely if you manually set the resolv.conf to use 8.8.8.8 as its nameserver, it will at least be able to reach the internet (given the tests we have done before) and you can "continue" at least and perhaps circle back to it sometime later.

Well I will do that, but thank you for your help and your time