fix a dns problem

Today I encountered a problem when installing python-setuptools with yum.

yum install python-setuptools

The above command runs for a long time then shows the following error:

yum install python-setuptools
Loaded plugins: fastestmirror
Determining fastest mirrors
Could not retrieve mirrorlist error was
14: PYCURL ERROR 6 – “Couldn’t resolve host ‘‘”
Error: Cannot find a valid baseurl for repo: base

It seems the DNS system does not work properly. The DNS servers are specified in /etc/resolv.conf

cat /etc/resolv.conf

PING ( 56(84) bytes of data.
64 bytes from icmp_seq=1 ttl=58 time=1.22 ms
64 bytes from icmp_seq=2 ttl=58 time=0.519 ms

The ping result verified the dns server was online. Then I restarted the network:

/etc/init.d/network restart
Shutting down interface venet0:                            [  OK  ]
Shutting down loopback interface:                          [  OK  ]
Bringing up loopback interface:                            [  OK  ]
Bringing up interface venet0:                              [  OK  ]

But the problem persisted. Note that the yum command can not be interrupted by ctrl-c. You should put the command to background by ctrl-z, then find the pid of yum.

ps -ef|grep yum
root      1896   949  1 04:51 pts/2    00:00:00 /usr/bin/python /usr/bin/yum

The second field is the pid. Kill yum using:

kill -9 1896

To find the reason why DNS did not work to resolve the names, I wanted to use the command nslookup to debug. However, it hinted the command does not exist in the system. I must install the command using yum first. I was stuck in a dilemma: I could not use yum but I needed yum to debug why I could not use yum. Then God saved me. I suddenly remembered I exerted a strict firewall policy. Maybe the firewall blocked the DNS lookup? Checking the iptables proved my guess, the firewall was blocking almost all input ports. According to the VPS tutorial, I added the following chain rule to the iptables.

iptables -A INPUT -m state –state RELATED,ESTABLISHED -j ACCEPT

Now everything is ok. I can install packages using yum without a problem.

Note that once yum works properly, yum does not use DNS to lookup so you can use yum even the firewall blocks DNS lookup. Only after you clear the yum cache using

yum clear all

the yum command will lookup the host again.

BTW, do you know how to install nslookup using yum? You must first know the package name that contains the nslookup command.

yum provides */nslookup

It will show the nslookup command is included in the package named bind-utils, then  you can install it by:

yum install bind-utils


Posted in tips of hosting