Apt fails with errors and DNS resolution fails

,

:uk:/:us:

**system: yunohost 4.2.4 stable **
Server liquorstane.ynh.fr
Contents of /etc/apt/sources.list.d/
bareos.list mono-official.list troglobit.list
During updates of Debian I get these errors:
apt update
Hit:1 http://download.bareos.org/bareos/release/19.2/Debian_10 InRelease

  •    Hit:2 http://security.debian.org/debian-security buster/updates InRelease*
    
  •    Hit:3 http://forge.yunohost.org/debian buster InRelease                                                                         *
    
  •    Hit:4 https://deb.troglobit.com/debian stable InRelease                                                                         *
    
  •    Err:5 http://repo.r1soft.com/apt stable InRelease                                                                               *
    
  •      Temporary failure resolving 'repo.r1soft.com'*
    
  •    Err:6 http://ftp.debian.org/debian buster InRelease                                                        *
    
  •      Temporary failure resolving 'ftp.debian.org'*
    
  •    Err:7 http://download.mono-project.com/repo/debian buster InRelease        *
    
  •      Temporary failure resolving 'download.mono-project.com'*
    
  •    Err:8 http://ftp.debian.org/debian buster-updates InRelease                *
    
  •      Temporary failure resolving 'ftp.debian.org'*
    
  •    Reading package lists... Done    *
    
  •    Building dependency tree       *
    
  •    Reading state information... Done*
    
  •    32 packages can be upgraded. Run 'apt list --upgradable' to see them.*
    
  •    W: Failed to fetch http://ftp.debian.org/debian/dists/buster/InRelease  Temporary failure resolving 'ftp.debian.org'*
    
  •    W: Failed to fetch http://ftp.debian.org/debian/dists/buster-updates/InRelease  Temporary failure resolving 'ftp.debian.org'*
    
  •    W: Failed to fetch http://repo.r1soft.com/apt/dists/stable/InRelease  Temporary failure resolving 'repo.r1soft.com'*
    
  •    W: Failed to fetch http://download.mono-project.com/repo/debian/dists/buster/InRelease  Temporary failure resolving 'download.mono-project.com'*
    
  •    W: Some index files failed to download. They have been ignored, or old ones used instead.*
    

The contents of /etc/apt/sources.list.d is shown because a solution was to remove a file in there which does not exist on my server!!
Thanks for any help somebody can give me here.

This sounds like a DNS resolution issue and not an apt issue

Does ping -c3 google.com works ?

Hi, thanks for replying.
ping -c3 google.com

  • ping: google.com: Temporary failure in name resolution*
    you are right. I do not know how to solve this.
    The server has been OK until upgrade to 4.2.4. All changed and I started getting lots of failure emails from Diagnosis automatic run. Most errors were DNS zone errors which I fixed and then it started again.

Does the diagnosis complains about DNS stuff (/etc/resolv.conf) in the one or second category maybe ?

What does cat /etc/resolv.conf returns ?

It returns

  # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)*
  # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
     nameserver 127.0.0.1
    cat /etc/resolv*

     # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)*

    # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN*

nameserver 127.0.0.1

cat: /etc/resolvconf: Is a directory

nameserver 2a00:5884:8218::1

nameserver 2001:913::8

nameserver 2001:910:800::40

nameserver 2a01:3a0:53:53::

nameserver 84.200.70.40

nameserver 2001:910:800::12

nameserver 91.239.100.100

nameserver 2a0c:e300::100

nameserver 2001:1608:10:25::1c04:b12f

nameserver 2a00:5881:8100:1000::3

nameserver 80.67.188.188

nameserver 2a0c:e300::101

nameserver 89.233.43.71

nameserver 85.214.20.141

nameserver 80.67.169.40

nameserver 2001:67c:28a4::

nameserver 185.233.100.101

nameserver 84.200.69.80

nameserver 185.233.100.100

nameserver 194.150.168.168

nameserver 89.234.141.66

nameserver 80.67.190.200

nameserver 195.160.173.53

nameserver 2001:1608:10:25::9249:d69b

nameserver 80.67.169.12

Wokay it’s a bit confusing …

Is that * at the end really there ? Or is it just a bad copypasta ?

just bad copy paste… sorry
The command was cat /etc/resolv*
which returned the list of IPs without the *

I have removed the * in the original post. Sorry for that but it is hard to use the editor!! My fault

Here is screenshot of Diagnosis re DNS

Diagnosis takes a very long time to return results, ca. 5-7 minutes

Sorry if I upset you by my ignorance of the use of this forum! The problem is still there and now has added all the DNS Zone errors as if there was nothing set.
I think I will close my yunohost server and stop using it

Nah I’m just puzzled

Let’s try and see what the following commands return :

dig +short wikipedia.org
dig +short wikipedia.org @8.8.8.8
dig +short wikipedia.org @127.0.0.1

Also could it be that the service dnsmasq is down ? What if you run systemctl restart dnsmasq

these are responses to those three commands:

dig +short wikipedia.org

;; connection timed out; no servers could be reached

root@liquorstane:~# dig +short wikipedia.org @8.8.8.8

91.198.174.192

root@liquorstane:~# dig +short wikipedia.org @127.0.0.1

91.198.174.192

The dnsmasq service just restarts no error.
Thanks for helping. Do you need any logs?

New info:
after restarting dnsmasq the three dig commands gave the same IP 192.198.174.192
Maybe it was that?
I am trying the apt update command to see if it works now.

NEWS: itr failed again with the attached errors from webadmin.

The terminal came back with these errors now:
apt update
Ign:1 http://repo.r1soft.com/apt stable InRelease
Hit:2 http://repo.r1soft.com/apt stable Release
Ign:5 https://deb.troglobit.com/debian stable InRelease
Err:6 https://deb.troglobit.com/debian stable Release
Certificate verification failed: The certificate is NOT trusted. The name in the certificate does not match the expected. Could not handshake: Error in the certificate verification. [IP: 87.96.243.92 443]
Hit:7 http://ftp.debian.org/debian buster InRelease
Hit:8 http://ftp.debian.org/debian buster-updates InRelease
Hit:9 http://security.debian.org/debian-security buster/updates InRelease
Hit:4 https://download.mono-project.com/repo/debian buster InRelease
Err:10 http://download.bareos.org/bareos/release/19.2/Debian_10 InRelease
Temporary failure resolving ‘download.bareos.org
Err:11 http://forge.yunohost.org/debian buster InRelease
Temporary failure resolving ‘forge.yunohost.org
Reading package lists… Done
E: The repository ‘https://deb.troglobit.com/debian stable Release’ no longer has a Release file.
N: Updating from such a repository can’t be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

I am giving up… I think my server has been hijacked(??)

@Aleks
Here is the latest Diagnosis shared via

paste.yunohost

@Aleks
I have solved this issue as per https://superuser.com/questions/1427311/activation-via-systemd-failed-for-unit-dbus-org-freedesktop-resolve1-service

Basically I created this file
nano /etc/NetworkManager/conf.d/no-systemd-resolved.conf
with contents
[main]
systemd-resolved=false

and then checked,enabled,started and checked again the systemd-resolved service:
systemctl status systemd-resolved.service
systemctl enable systemd-resolved.service
systemctl start systemd-resolved.service
systemctl status systemd-resolved.service

Then i run
apt update

and it worked except for the
forge.yunohost.org

error as before.
Then it started showing errors resolving server during download of packages.
I assume that is a yunohost bug or error.
Thanks for your help with this. I shall leave it open for you to check and close…
i now got this error :slight_smile:
yunohost dyndns update --force
Error: Failed to resolve dyndns.yunohost.org

@Aleks
This is becoming tedious!
errors in
apt update
are plenty and not related to this DNS resolve issue anymore.A full upgrade worked but replied with
DNS resolution for dyndns.yunohost.org failed

Hit:1 https://deb.troglobit.com/debian stable InRelease Hit:2 http://security.debian.org/debian-security buster/updates InRelease Hit:3 http://download.mono-project.com/repo/debian buster InRelease Hit:4 http://ftp.debian.org/debian buster InRelease Hit:5 http://ftp.debian.org/debian buster-updates InRelease Ign:6 https://repo.r1soft.com/apt stable InRelease Err:7 https://repo.r1soft.com/apt stable Release Certificate verification failed: The certificate is NOT trusted. The name in the certificate does not match the expected. Could not handshake: Error in the certificate verification. [IP: 87.96.243.92 443] Err:8 http://forge.yunohost.org/debian buster InRelease Temporary failure resolving 'forge.yunohost.org' Err:9 http://download.bareos.org/bareos/release/19.2/Debian_10 InRelease Temporary failure resolving 'download.bareos.org' Reading package lists... Done E: The repository 'http://repo.r1soft.com/apt stable Release' no longer has a Release file.

Well I don’t know why you ended up doing this … this just sounds like not the right thing to do, systemd-resolved will likely conflict with dnsmasq, which Yunohost relies on … Also networkmanager is supposed to not be installed on Yunohost. If it is, then it’s a bug, which could explain why /etc/resolv.conf doesn’t always point to 127.0.0.1 …

Can you elaborate on how / why you ended up on that stackoverflow/superuser post

Most probably, no it didnt.

Hi @Aleks
yes of course: I googled the error message “…resolve1.service not found”
and found that it addressed my issue.
When I edited the /etc/NetworkManager/conf.d/no-systemd-resolved.conf file it did not exist and I created it. I think that network manager is installed.
When I did
apt install network-manager
it told me that it was installed!!
I think we found a bug then
I installed yunohost from the original ISO and then upgraded but without adding anything to Debian, so it is a bug from the original install of yunohost! Shall I uninstall network-manager then??

Has this problem got to do with fastlydns collapse?? Wrong cache?
I got this on my cli when updating apt:
0% [Connecting to debian.map.fastlydns.net]