The domain name cannot be resolved within the Linux ECS instance

Disclaimer: This topic may be contributed by the community or involve information about third-party products. We recommend that you visit the official website of the community or third-party products for help and support. The third-party products are not supported by Alibaba Cloud after-sales service. This article is for reference only. Alibaba Cloud does not make any implied or other forms of commitment.

Issue

In the Linux ECS instance, the domain name cannot be resolved normally.

Cause

• The DNS server is not configured correctly.
• The firewall sets the rules related to port 53.
• The NSCD cache service with DNS enabled.

Solution

Take note of the following items:

• Before you perform high-risk operations such as modifying the specifications or data of an Alibaba Cloud instance, we recommend that you check the disaster recovery and fault tolerance capabilities of the instance to ensure data security.
• Before you modify the specifications or data of an Alibaba Cloud instance, such as an Elastic Compute Service (ECS) instance or an ApsaraDB RDS instance, we recommend that you create snapshots or enable backups for the instance. For example, you can enable log backups for an ApsaraDB RDS instance.
• If you have granted specific users the permissions on sensitive information, such as usernames and passwords, or submitted sensitive information in the Alibaba Cloud Management Console, we recommend that you modify the sensitive information at the earliest opportunity.

Use the following methods to troubleshoot and locate the problem, and then select the corresponding processing method according to the actual situation on site:

1. Run the following command to check whether the DNS server is correctly configured:
   cat /etc/resolv.conf

   If the DNS server is not configured correctly, you need to modify the DNS server address. We recommend that you use the following DNS server address provided by Alibaba Cloud. After the DNS configuration is complete, you need to lock the /etc/resolv.conf file to avoid restarting the system configuration. For more information, see How to customize DNS configuration in a Linux instance.
   • public endpoint DNS server
     nameserver 223.5.5.5
     nameserver 223.6.6.6
     

   • DNS server for internal network address
     nameserver 100.100.2.136
     nameserver 100.100.2.138
     

2. Run the following command to check whether the rules related to port 53 are added to the firewall:
   iptables -L

   If the firewall has rules related to port 53, disable the firewall or delete the rules. For more information, see How to use iptables in CentOS7.
3. Run the following command to check whether the DNS NSCD cache service is started:
   systemctl status nscd

   If the NSCD cache service is started, run the systemctl stop nscd command to disable the NSCD cache service.

Applicable scope

• Elastic Compute Service