Disclaimer: This topic may be contributed by the community or involve information about third-party products. We recommend that you visit the official website of the community or third-party products for help and support. The third-party products are not supported by Alibaba Cloud after-sales service. This article is for reference only. Alibaba Cloud does not make any implied or other forms of commitment.
Issue
In the Linux ECS instance, the domain name cannot be resolved normally.
Cause
- The DNS server is not configured correctly.
- The firewall sets the rules related to port 53.
- The NSCD cache service with DNS enabled.
Solution
Take note of the following items:
- Before you perform high-risk operations such as modifying the specifications or data of an Alibaba Cloud instance, we recommend that you check the disaster recovery and fault tolerance capabilities of the instance to ensure data security.
- Before you modify the specifications or data of an Alibaba Cloud instance, such as an Elastic Compute Service (ECS) instance or an ApsaraDB RDS instance, we recommend that you create snapshots or enable backups for the instance. For example, you can enable log backups for an ApsaraDB RDS instance.
- If you have granted specific users the permissions on sensitive information, such as usernames and passwords, or submitted sensitive information in the Alibaba Cloud Management Console, we recommend that you modify the sensitive information at the earliest opportunity.
Use the following methods to troubleshoot and locate the problem, and then select the corresponding processing method according to the actual situation on site:
- Run the following command to check whether the DNS server is correctly configured:
cat /etc/resolv.conf
If the DNS server is not configured correctly, you need to modify the DNS server address. We recommend that you use the following DNS server address provided by Alibaba Cloud. After the DNS configuration is complete, you need to lock the/etc/resolv.conf
file to avoid restarting the system configuration. For more information, see How to customize DNS configuration in a Linux instance.- public endpoint DNS server
nameserver 223.5.5.5
nameserver 223.6.6.6 - DNS server for internal network address
nameserver 100.100.2.136
nameserver 100.100.2.138
- public endpoint DNS server
- Run the following command to check whether the rules related to port 53 are added to the firewall:
iptables -L
If the firewall has rules related to port 53, disable the firewall or delete the rules. For more information, see How to use iptables in CentOS7. - Run the following command to check whether the DNS NSCD cache service is started:
systemctl status nscd
If the NSCD cache service is started, run thesystemctl stop nscd
command to disable the NSCD cache service.
Applicable scope
- Elastic Compute Service