DNS lookups on my Ubuntu 16.04 LTS workstation has recently gone crazy, and I don't know why. Every now and then it will start returning 10.0.0.1 for just about anything. For example, a few minutes ago, dig www.google.com said:
; <<>> DiG 9.10.3-P4-Ubuntu <<>> www.google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15032
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.google.com. IN A
;; ANSWER SECTION:
www.google.com. 0 IN A 10.0.0.1
;; Query time: 0 msec
;; SERVER: 127.0.1.1#53(127.0.1.1)
;; WHEN: Wed Jun 28 15:53:35 PDT 2017
;; MSG SIZE rcvd: 48
A few minutes later it started behaving normally again:
; <<>> DiG 9.10.3-P4-Ubuntu <<>> www.google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50042
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.google.com. IN A
;; ANSWER SECTION:
www.google.com. 122 IN A 216.58.195.228
;; Query time: 0 msec
;; SERVER: 127.0.1.1#53(127.0.1.1)
;; WHEN: Wed Jun 28 15:55:11 PDT 2017
;; MSG SIZE rcvd: 59
It's flip-flopped a few times in the last several hours. I can't think of any changes I made that could have triggered this behavior.
Note that there is no 10.0.0.1 on my LAN. (it's all 192.168.0.x.)
I have tried rebooting my Ubuntu box and all of my network equipment and also changing the Network Connections >> IPv4 Settings >> Method to "Automatic (DHCP) addresses only", and manually setting DNS to 8.8.8.8, but It still sporadically switches to returning 10.0.0.1.
How do I debug (and fix) this issue?
Other info:
$ ls -al /etc/resolv.conf
lrwxrwxrwx 1 root root 29 Oct 24 2016 /etc/resolv.conf -> ../run/resolvconf/resolv.conf
$ cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.1.1
Update:
I just discovered that when this happens, my router's admin page is complaining that "Your ISP's DHCP does not function properly". I found a forum posting that mentioned that some ISPs apparently refuse to respond to new DHCPs requests, resulting in this error. I'd had some power outages recently (and also had to unplug some equipment when a UPS died), so I'm guessing these were related to this issue. It also seems that any time my router reboots (which is happens after practically any config change) there's about a 50% chance I'll get this error.
I'm still not sure where the 10.0.0.1 address is coming from. It turns out that even if I tell dig which DNS server to use when my router is borked it'll return 10.0.0.1:
# dig @8.8.8.8 www.yahoo.com
; <<>> DiG 9.10.3-P4-Ubuntu <<>> @8.8.8.8 www.yahoo.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35485
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.yahoo.com. IN A
;; ANSWER SECTION:
www.yahoo.com. 0 IN A 10.0.0.1
;; Query time: 0 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Thu Jun 29 11:10:14 PDT 2017
;; MSG SIZE rcvd: 47
I suspect that either my router or my ISP is intercepting outgoing DNS queries requests and returning these bogus responses, but I don't know how to confirm this.
