DNS Lookup Problems

After installing kernel 6.1, dns lookup failures start to occur. After booting up there is only a ::1 nameserver in resolv.conf. Even after manually changing the name server, the problems remain. Switching back to kernel 4.19 did not solve anything either.
After searching online I changed DNSSEC to “no” in /etc/systemd/resolved.conf. Unfortunately with no results.
I did reboots and/or restarts of NetworkManager and the resolve.deamon.
As I am a rookie in networking, I have not a single clue what to do further.
Here is an inxi report of my system.

inxi -v7azy
System:
  Kernel: 4.19.288-1-MANJARO arch: x86_64 bits: 64 compiler: gcc v: 13.1.1
    parameters: BOOT_IMAGE=/boot/vmlinuz-4.19-x86_64
    root=UUID=221ea440-61ae-4d5b-91cc-837cc2a19e58 rw quiet
  Desktop: Xfce v: 4.18.1 tk: Gtk v: 3.24.36 info: xfce4-panel wm: xfwm
    v: 4.18.0 vt: 7 dm: LightDM v: 1.32.0 Distro: Manjaro Linux base: Arch Linux
Machine:
  Type: Laptop System: HP product: HP Laptop 14-bs0xx v: Type1ProductConfigId
    serial: <superuser required> Chassis: type: 10 serial: <superuser required>
  Mobo: HP model: 831F v: 17.41 serial: <superuser required> UEFI: Insyde
    v: F.30 date: 11/07/2017
Battery:
  ID-1: BAT0 charge: 33.6 Wh (100.0%) condition: 33.6/33.6 Wh (100.0%)
    volts: 15.2 min: 14.6 model: HP Primary type: Li-ion serial: N/A status: full
Memory:
  System RAM: total: 16 GiB available: 15.55 GiB used: 1.59 GiB (10.3%)
  RAM Report: permissions: Unable to run dmidecode. Root privileges required.
CPU:
  Info: model: Intel Core i5-7200U bits: 64 type: MT MCP arch: Amber/Kaby Lake
    note: check gen: core 7 level: v3 note: check built: 2017 process: Intel 14nm
    family: 6 model-id: 0x8E (142) stepping: 9 microcode: 0xF2
  Topology: cpus: 1x cores: 2 tpc: 2 threads: 4 smt: enabled cache:
    L1: 128 KiB desc: d-2x32 KiB; i-2x32 KiB L2: 512 KiB desc: 2x256 KiB
    L3: 3 MiB desc: 1x3 MiB
  Speed (MHz): avg: 1596 high: 1600 min/max: 400/3100 scaling:
    driver: intel_pstate governor: powersave cores: 1: 1600 2: 1600 3: 1600
    4: 1584 bogomips: 21696
  Flags: 3dnowprefetch abm acpi adx aes aperfmperf apic arat
    arch_capabilities arch_perfmon art avx avx2 bmi1 bmi2 bts clflush
    clflushopt cmov constant_tsc cpuid cpuid_fault cx16 cx8 de ds_cpl dtes64
    dtherm dts epb ept ept_ad erms est f16c flexpriority flush_l1d fma fpu
    fsgsbase fxsr ht hwp hwp_act_window hwp_epp hwp_notify ibpb ibrs ida
    intel_pt invpcid invpcid_single lahf_lm lm mca mce md_clear mmx monitor
    movbe mpx msr mtrr nonstop_tsc nopl nx pae pat pbe pcid pclmulqdq pdcm
    pdpe1gb pebs pge pln pni popcnt pse pse36 pti pts rdrand rdseed rdtscp
    rep_good sdbg sep smap smep ss ssbd sse sse2 sse4_1 sse4_2 ssse3 stibp
    syscall tm tm2 tpr_shadow tsc tsc_adjust tsc_deadline_timer tsc_known_freq
    vme vmx vnmi vpid x2apic xgetbv1 xsave xsavec xsaveopt xsaves xtopology
    xtpr
  Vulnerabilities:
  Type: itlb_multihit status: KVM: Split huge pages
  Type: l1tf mitigation: PTE Inversion; VMX: conditional cache flushes, SMT
    vulnerable
  Type: mds mitigation: Clear CPU buffers; SMT vulnerable
  Type: meltdown mitigation: PTI
  Type: mmio_stale_data mitigation: Clear CPU buffers; SMT vulnerable
  Type: retbleed mitigation: IBRS
  Type: spec_store_bypass mitigation: Speculative Store Bypass disabled via
    prctl and seccomp
  Type: spectre_v1 mitigation: usercopy/swapgs barriers and __user pointer
    sanitization
  Type: spectre_v2 mitigation: IBRS, IBPB: conditional, STIBP: conditional,
    RSB filling, PBRSB-eIBRS: Not affected
  Type: srbds mitigation: Microcode
  Type: tsx_async_abort status: Not affected
Graphics:
  Device-1: Intel HD Graphics 620 vendor: Hewlett-Packard driver: i915
    v: kernel arch: Gen-9.5 process: Intel 14nm built: 2016-20 ports:
    active: eDP-1 empty: DP-1,HDMI-A-1,HDMI-A-2 bus-ID: 00:02.0
    chip-ID: 8086:5916 class-ID: 0300
  Device-2: AMD Sun XT [Radeon HD 8670A/8670M/8690M / R5 M330 M430 Radeon
    520 Mobile] vendor: Hewlett-Packard driver: radeon v: kernel
    alternate: amdgpu arch: GCN-1 code: Southern Islands process: TSMC 28nm
    built: 2011-20 pcie: gen: 3 speed: 8 GT/s lanes: 4 link-max: lanes: 8
    bus-ID: 01:00.0 chip-ID: 1002:6660 class-ID: 0380 temp: 46.0 C
  Device-3: Realtek USB Boot driver: N/A type: USB rev: 2.0 speed: 480 Mb/s
    lanes: 1 mode: 2.0 bus-ID: 1-3:2 chip-ID: 0bda:5846 class-ID: 0e02
    serial: <filter>
  Display: x11 server: X.Org v: 21.1.8 compositor: xfwm v: 4.18.0 driver: X:
    loaded: modesetting,radeon alternate: fbdev,vesa dri: iris gpu: i915
    display-ID: :0.0 screens: 1
  Screen-1: 0 s-res: 1600x900 s-dpi: 96 s-size: 423x238mm (16.65x9.37")
    s-diag: 485mm (19.11")
  Monitor-1: eDP-1 model: AU Optronics 0x203d built: 2015 res: 1600x900
    hz: 60 dpi: 132 gamma: 1.2 size: 309x173mm (12.17x6.81") diag: 354mm (13.9")
    ratio: 16:9 modes: 1920x1080
  API: OpenGL v: 4.6 Mesa 23.0.4 renderer: Mesa Intel HD Graphics 620 (KBL
    GT2) direct-render: Yes
Audio:
  Device-1: Intel Sunrise Point-LP HD Audio vendor: Hewlett-Packard
    driver: snd_hda_intel v: kernel alternate: snd_soc_skl bus-ID: 00:1f.3
    chip-ID: 8086:9d71 class-ID: 0403
  API: ALSA v: k4.19.288-1-MANJARO status: kernel-api with: aoss
    type: oss-emulator tools: alsactl,alsamixer,amixer
  Server-1: sndiod v: N/A status: off tools: aucat,midicat,sndioctl
  Server-2: PipeWire v: 0.3.74 status: active with: 1: pipewire-pulse
    status: active 2: wireplumber status: active 3: pipewire-alsa type: plugin
    4: pw-jack type: plugin tools: pactl,pw-cat,pw-cli,wpctl
Network:
  Device-1: Realtek RTL8111/8168/8411 PCI Express Gigabit Ethernet
    vendor: Hewlett-Packard driver: r8168 v: 8.050.03-NAPI modules: r8169 pcie:
    gen: 1 speed: 2.5 GT/s lanes: 1 port: 3000 bus-ID: 02:00.0
    chip-ID: 10ec:8168 class-ID: 0200
  IF: eno1 state: down mac: <filter>
  Device-2: Intel Dual Band Wireless-AC 3168NGW [Stone Peak] driver: iwlwifi
    v: kernel pcie: gen: 1 speed: 2.5 GT/s lanes: 1 bus-ID: 03:00.0
    chip-ID: 8086:24fb class-ID: 0280
  IF: wlo1 state: up mac: <filter>
  IP v4: <filter> type: dynamic noprefixroute scope: global
    broadcast: <filter>
  IP v6: <filter> type: dynamic noprefixroute scope: global
  IP v6: <filter> type: noprefixroute scope: link
  IF-ID-1: ipv6leakintrf0 state: unknown speed: N/A duplex: N/A mac: <filter>
  IP v6: <filter> type: noprefixroute scope: global
  IP v6: <filter> type: noprefixroute scope: link
  WAN IP: No WAN IP found. Connected to web? SSL issues? Try enabling dig
Bluetooth:
  Device-1: Intel Wireless-AC 3168 Bluetooth driver: btusb v: 0.8 type: USB
    rev: 2.0 speed: 12 Mb/s lanes: 1 mode: 1.1 bus-ID: 1-7:6 chip-ID: 8087:0aa7
    class-ID: e001
  Report: rfkill ID: hci0 rfk-id: 1 state: up address: see --recommends
Logical:
  Message: No logical block device data found.
RAID:
  Message: No RAID data found.
Drives:
  Local Storage: total: 932.47 GiB used: 618.65 GiB (66.3%)
  SMART Message: Unable to run smartctl. Root privileges required.
  ID-1: /dev/sda maj-min: 8:0 vendor: Western Digital model: WD10JPVX-60JC3T1
    size: 931.51 GiB block-size: physical: 4096 B logical: 512 B speed: 6.0 Gb/s
    tech: HDD rpm: 5400 serial: <filter> fw-rev: 1A02 scheme: GPT
  ID-2: /dev/sdb maj-min: 8:16 vendor: Generic model: SD MMC MS PRO
    size: 974.5 MiB block-size: physical: 512 B logical: 512 B type: USB rev: 2.0
    spd: 480 Mb/s lanes: 1 mode: 2.0 tech: SSD serial: <filter> fw-rev: 1.00
    scheme: MBR
  SMART Message: Unknown USB bridge. Flash drive/Unsupported enclosure?
  Optical-1: /dev/sr0 vendor: hp model: DVDRW GUE1N rev: UE00
    dev-links: cdrom
  Features: speed: 24 multisession: yes audio: yes dvd: yes
    rw: cd-r,cd-rw,dvd-r,dvd-ram state: running
Partition:
  ID-1: / raw-size: 715.95 GiB size: 703.64 GiB (98.28%)
    used: 557.5 GiB (79.2%) fs: ext4 dev: /dev/sda6 maj-min: 8:6 label: N/A
    uuid: 221ea440-61ae-4d5b-91cc-837cc2a19e58
  ID-2: /boot/efi raw-size: 260 MiB size: 256 MiB (98.46%)
    used: 70 MiB (27.3%) fs: vfat dev: /dev/sda1 maj-min: 8:1 label: N/A
    uuid: 1207-6A4E
  ID-3: /run/media/Win10 raw-size: 198.8 GiB size: 198.8 GiB (100.00%)
    used: 61.08 GiB (30.7%) fs: ntfs dev: /dev/sda3 maj-min: 8:3 label: Windows
    uuid: 3C8E76078E75BA4A
Swap:
  Alert: No swap data was found.
Unmounted:
  ID-1: /dev/sda2 maj-min: 8:2 size: 16 MiB fs: <superuser required> label: N/A
    uuid: N/A
  ID-2: /dev/sda4 maj-min: 8:4 size: 980 MiB fs: ntfs label: Windows RE tools
    uuid: 0AACF03AACF021BD
  ID-3: /dev/sda5 maj-min: 8:5 size: 15.53 GiB fs: ntfs label: RECOVERY
    uuid: C49A87309A871E54
  ID-4: /dev/sdb1 maj-min: 8:17 size: 974.4 MiB fs: <superuser required>
    label: N/A uuid: N/A
USB:
  Hub-1: 1-0:1 info: hi-speed hub with single TT ports: 12 rev: 2.0
    speed: 480 Mb/s (57.2 MiB/s) lanes: 1 mode: 2.0 chip-ID: 1d6b:0002
    class-ID: 0900
  Device-1: 1-3:2 info: Realtek USB Boot type: video driver: N/A
    interfaces: 2 rev: 2.0 speed: 480 Mb/s (57.2 MiB/s) lanes: 1 mode: 2.0
    power: 500mA chip-ID: 0bda:5846 class-ID: 0e02 serial: <filter>
  Hub-2: 1-4:3 info: Huasheng USB2.0 HUB ports: 4 rev: 2.0
    speed: 480 Mb/s (57.2 MiB/s) lanes: 1 mode: 2.0 power: 100mA
    chip-ID: 214b:7250 class-ID: 0900
  Device-1: 1-4.1:5 info: USB OPTICAL MOUSE type: mouse
    driver: hid-generic,usbhid interfaces: 1 rev: 1.1 speed: 1.5 Mb/s (183 KiB/s)
    lanes: 1 mode: 1.0 power: 100mA chip-ID: 275d:0ba6 class-ID: 0301
  Device-2: 1-4.3:7 info: China Resource Semico USB Keyboard
    type: keyboard,mouse driver: hid-generic,usbhid interfaces: 2 rev: 1.1
    speed: 1.5 Mb/s (183 KiB/s) lanes: 1 mode: 1.0 power: 500mA
    chip-ID: 1a2c:4c5e class-ID: 0301
  Device-3: 1-6:4 info: Realtek USB2.0-CRW type: mass storage
    driver: ums-realtek interfaces: 1 rev: 2.0 speed: 480 Mb/s (57.2 MiB/s)
    lanes: 1 mode: 2.0 power: 500mA chip-ID: 0bda:0177 class-ID: 0806
    serial: <filter>
  Device-4: 1-7:6 info: Intel Wireless-AC 3168 Bluetooth type: bluetooth
    driver: btusb interfaces: 2 rev: 2.0 speed: 12 Mb/s (1.4 MiB/s) lanes: 1
    mode: 1.1 power: 100mA chip-ID: 8087:0aa7 class-ID: e001
  Hub-3: 2-0:1 info: super-speed hub ports: 6 rev: 3.0
    speed: 5 Gb/s (596.0 MiB/s) lanes: 1 mode: 3.2 gen-1x1 chip-ID: 1d6b:0003
    class-ID: 0900
Sensors:
  System Temperatures: cpu: 50.0 C pch: 47.5 C mobo: N/A gpu: radeon
    temp: 46.0 C
  Fan Speeds (RPM): N/A
Info:
  Processes: 200 Uptime: 8m wakeups: 1 Init: systemd v: 253 default: graphical
  tool: systemctl Compilers: gcc: 13.1.1 clang: 15.0.7 Packages: 2027
  pm: pacman pkgs: 2022 libs: 519 tools: octopi,pamac,yay pm: flatpak pkgs: 5
  Shell: Bash v: 5.1.16 running-in: xfce4-terminal inxi: 3.3.28

is IPv6 for localhost … like 127.0.0.1

You can of course go back to an earlier kernel. Such as 5.15.

I recently posted my DNS settings for another user … its not exactly the answer you are looking for … but for various reasons it is the configuration I use and it seems to properly implement my settings.

pacman -Qs resolv
local/geoip 1.6.12-2
    Non-DNS IP-to-country resolver C library & utils
local/libmicrodns 0.2.0-1
    Minimal mDNS resolver library
local/openresolv 3.13.2-1
    resolv.conf management framework (resolvconf)
local/python-geoip 1.3.2-14
    Python bindings for the GeoIP IP-to-country resolver library
local/python-resolvelib 1.0.1-1
    Resolve abstract dependencies into concrete ones

Ouput of: (change to network interface you are using, I used eth0 as example, double tap tab after “show” to list interfaces)

cat /etc/resolv.conf
nmcli device show eth0 | grep DNS

Following could also be useful, releases the current lease. (-v = verbose)

sudo dhclient -v -r

After that you might be able to reconnect to your wired or wifi via the gui and get a new lease.

@theolangsnoer
Just to rule out problems with missing drivers for your kernel, can you post the output of the below command after being booted with your 6.x kernel?

inxi -anS

• You can redirect the output to a file, so you can post it here after being booted back in a state where you do have internet connection…

I have decided to completely reformat and setup my laptop from scratch with the latest kernel and this time with separate partitions for the OS and the home-directory. Specially the separation of partitions was a long time wish so all of this feels like the right moment to do this. Never let a crisis go to waste
Thanks everyone for the suggestions.

@theolangsnoer
Please do NOT mark a reply that is NOT THE SOLUTION to the topic title…
It will give wrong search results for people trying to find ansers in future…

So please UNMARK your last reply as solution thanks…

Agreed, I was also on the hunt for a solution. PING OK but apparently no DNS. A reinstall is not a “solution” most people want!

Well - switch to systemd-resolved and tell us how it goes

For the OP I presume? My issue was a bit different … trying to get a connection via chroot to install a new kernel. Done now. (Just wanted to add my 2p worth to TriMoon’s comment as I see too many “reinstall” suggestions around).

I sincerely apologize for marking my latest reply as solution.
After the reinstall, everything worked fine,… until today, when I switched my laptop on again. I had the same problem, no DNS lookup. After searching online again I came across the cli command nmcli c show. I saw the VPN connection (ProtonVPN) that I used the day before. Connecting to this connection solved my DNS lookup issues.

No worries, sorry if I seemed a bit terse. It’s just that I consider “reinstalling” as being in the same ball-park as “the last resort” … or “giving up” … or, “rebuilding the house to fix a squeaky door” as I’ve been known to put it (not on here, though!), which is probably a bit unfair as not everyone has (Manjaro) installs half a decade old!

Your first post combined with the above quote, makes no sense with respect to the title…

1. Either your DNS-Lookups work with or without a VPN or not.
2. You are only able to connect to certain sites while using a VPN.

Which one is it?
Let me guess it is nr 2…

Well, It is absolutely possible that some things make no sense in this situation but one thing I know for sure. If I switch off my laptop while there is an active vpn connection, then the next time I switch it on, the DNS lookup is screwed. A ping to 8.8.8.8 comes with normal replies while a ping to google.com gives the message “Temporary failure in name resolution”. Then, when I disconnect from the vpn, all works fine again.

When you start a vpn it makes changes to your network settings. If you don’t shut it down properly it doesn’t undo those changes. Hence the behaviour you describe.

PLEASE use linebreaks after each sentence to turn your wall-of-text into a readable text.
(See how i changed that in my quote of yours?)

Your current problem is obviously a problem with the VPN software you are using.
When you turn off your Laptop, then either:

1. While properly powering off your Laptop:
   The DNS-lookup config for the server used is not reset to the pre-VPN settings, that’s why after booting up again the old settings are used but the VPN is not automatically started up again.
2. When you turn off your Laptop by closing it’s lid:
   It goes into sleep mode, which physically cuts-off the connection to the VPN, the VPN-Software is unaware of the lost connection.
   So next time when you turn on your laptop again to wake it up from sleep mode, the connection to the VPN is not restored and thus lost, which makes DNS lookups fail because there is no working connection to the VPN.

The fix for both scenarios is to look at your VPN-service setup and how it is started and stopped:

1. With boot-up/power-off;
   Your VPN-service should automatically startup/shutdown accordingly in a proper way.
   While doing so it should make/undo changes to the system DNS-lookup config as needed.
   That way your system will not be left in a state without working DNS lookups that do not require the VPN.
2. With sleep/resume;
   Your VPN-service should act same as in above scenario to make sure it re-establishes the VPN connection when resuming from sleep.
   Eg. stop the service when going to sleep, and start the service again when resuming from sleep.

(Most software involved with DNS forget to implement the sleep/resume scenario)

Hope this helps…

This points to the file /etc/resolv.conf not being reset.

This can be fixed by removing openresolv and switch the system to systemd-resolved.

From another topic [root tip] [How To] NordVPN on Manjaro

Remove openresolv or resolvconf - whichever is installed

sudo pacman -R openresolv

Enable systemd-resolved

sudo systemctl enable --now systemd-resolved

Backup the existing resolv.conf

sudo mv /etc/resolv.conf /etc/resolv.conf.bak

Create a symlink to stub-resolv.conf

sudo ln -s /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf

If preferred it is possible with a simple custom PKGBUILD https://aur.archlinux.org/packages/resolvconf-symlink-systemd-stub