How to solve RCODE=ServerFailure in a fresh install on Kubuntu 20.04 Virtual Machine?

[MirtoBusico]

Hi all, In a fresh install of Kubuntu 20.04 on a KVM virtual machine I installed the DnsServer.

Whatever site I lookup returns a "RCODE=ServerFailure".

For debian.org I see:

[2022-08-02 16:57:57 UTC] DNS Server failed to resolve the request with QNAME: debian.org; QTYPE: A; QCLASS: IN;

DnsServerCore.Dns.DnsServerException: DNS Server received a response with RCODE=ServerFailure from: e.root-servers.net (192.203.230.10)
   at DnsServerCore.Dns.DnsServer.RecursiveResolveAsync(DnsQuestionRecord question, IReadOnlyList`1 conditionalForwarders, Boolean dnssecValidation, Boolean cachePrefetchOperation, Boolean cacheRefreshOperation, TaskCompletionSource`1 taskCompletionSource) in Z:\Technitium\Projects\DnsServer\DnsServerCore\Dns\DnsServer.cs:line 2273

Looking at the logs seems that the DnsServer starts correctly but receives RCODE=ServerFailure from any root server

[2022-08-02 16:51:43 UTC] Logging started.
[2022-08-02 16:51:43 UTC] [192.168.151.1:60438] [admin] All log files were deleted.
[2022-08-02 16:52:01 UTC] DHCP Server successfully unloaded scope: Default
[2022-08-02 16:52:01 UTC] DNS Server (v8.1.4.0) was stopped successfully.
[2022-08-02 16:52:01 UTC] Logging stopped.
[2022-08-02 16:52:24 UTC] Logging started.
[2022-08-02 16:52:24 UTC] DNS Server config file was loaded: /etc/dns/config/dns.config
[2022-08-02 16:52:24 UTC] DNS Server successfully loaded zone file: /etc/dns/config/zones/ntp.org.zone
[2022-08-02 16:52:24 UTC] DNS Server is loading allowed zone file: /etc/dns/config/allowed.config
[2022-08-02 16:52:24 UTC] DNS Server is loading blocked zone file: /etc/dns/config/blocked.config
[2022-08-02 16:52:24 UTC] [0.0.0.0:53] [UDP] DNS Server was bound successfully.
[2022-08-02 16:52:24 UTC] [0.0.0.0:53] [TCP] DNS Server was bound successfully.
[2022-08-02 16:52:24 UTC] [[::]:53] [UDP] DNS Server was bound successfully.
[2022-08-02 16:52:24 UTC] [[::]:53] [TCP] DNS Server was bound successfully.
[2022-08-02 16:52:24 UTC] DHCP Server successfully loaded scope: Default
[2022-08-02 16:52:24 UTC] DHCP Server successfully loaded scope file: /etc/dns/config/scopes/Default.scope
[2022-08-02 16:52:24 UTC] [0.0.0.0:5380] HTTP Web Service was started successfully.
[2022-08-02 16:52:24 UTC] DNS Server (v8.1.4.0) was started successfully.
[2022-08-02 16:52:27 UTC] DNS Server failed to resolve the request with QNAME: api.snapcraft.io; QTYPE: AAAA; QCLASS: IN;

DnsServerCore.Dns.DnsServerException: DNS Server received a response with RCODE=ServerFailure from: d.root-servers.net (199.7.91.13)
   at DnsServerCore.Dns.DnsServer.RecursiveResolveAsync(DnsQuestionRecord question, IReadOnlyList`1 conditionalForwarders, Boolean dnssecValidation, Boolean cachePrefetchOperation, Boolean cacheRefreshOperation, TaskCompletionSource`1 taskCompletionSource) in Z:\Technitium\Projects\DnsServer\DnsServerCore\Dns\DnsServer.cs:line 2273

After this line there are all RCODE=ServerFailure lines.

What I'm doing wrong?

Framework: First I followed all the instructions in "Common Issue With Ubuntu" at https://blog.technitium.com/2017/11/running-dns-server-on-ubuntu-linux.html but nothing changed

The virtual machine have 3 network cards with these addresses:

• 192.168.152.30 on a dmz network that is MASQUERATED and have the default gateway
• 192.168.150.30 on an external network and the address is NATted
• 192.168.151.30 on an internal network

The VM is reachable on all addresses

From the VM I can ping any address on Internet

[ShreyasZare]

Thanks for the post. There is no issue with the DNS server or your installation. The issue is with your network connection which is getting hijacked by your ISP. This is a common issue in many places where ISPs hijack all outbound DNS requests. This causes issues with recursive resolution that the DNS server does by default.

You can test if you ISP is hijacking requests by trying command like nslookup google.com 1.2.3.4 which sends a request to a non existent DNS server at 1.2.3.4. If you get a reply to this request then it confirms DNS hijack by your ISP.

The fix in such situation is to use encrypted DNS protocols like DoT or DoH by configuring a forwarder in the settings. You can choose to use any public DNS provider that supports these protocols.

[MirtoBusico]

Thanks a lot! You are right. The ISP is hijacking dns requests:

mirto@bianco500:~$ ping -c 2 1.2.3.4
PING 1.2.3.4 (1.2.3.4) 56(84) bytes of data.

--- 1.2.3.4 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1025ms

mirto@bianco500:~$ nslookup google.com 1.2.3.4
Server:         1.2.3.4
Address:        1.2.3.4#53

Non-authoritative answer:
Name:   google.com
Address: 142.251.209.14
Name:   google.com
Address: 2a00:1450:4002:410::200e

mirto@bianco500:~$ 

From the settings --> Proxy and Forwarders page I select the "Cloudflare (DNS over TLS)" quick select and now everything works

mirto@bianco500:~$ dig debian.org @192.168.152.30

; <<>> DiG 9.18.1-1ubuntu1.1-Ubuntu <<>> debian.org @192.168.152.30
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50898
;; flags: qr rd ra ad cd; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; PAD: (143 bytes)
;; QUESTION SECTION:
;debian.org.                    IN      A

;; ANSWER SECTION:
debian.org.             300     IN      A       128.31.0.62
debian.org.             300     IN      A       130.89.148.77
debian.org.             300     IN      A       149.20.4.15

;; Query time: 71 msec
;; SERVER: 192.168.152.30#53(192.168.152.30) (UDP)
;; WHEN: Wed Aug 03 19:30:14 CEST 2022
;; MSG SIZE  rcvd: 234

mirto@bianco500:~$ 

Thanks again.

[ShreyasZare]

Thanks for the update. Good to know it worked out with DoT forwarder.