Dns_get_record(): A temporary server error occurred

Pablo1732 · April 24, 2024, 7:15pm

Hello,
I upgraded to NC28 a few days ago.
Now I have a lot of “dns_get_record(): A temporary server error occurred.” errors in the log.
I am not using docker, the server definitely has access to the internet, I can download apps from the NC AppStore. When I check the NC via the settings, it either says errors in the log or that the server settings could not be checked. It takes forever for the check to “complete”, 3-5 minutes. This was not the case before.
Also, when I press the user icon in the menu, I often can’t access the settings or the apps page or anything else from the menu, it takes forever to load. I have to completely reload the NC page in the browser and then it works 1-2 times, then I have to reload again.

Hopefully someone can help me.

tflidd · April 30, 2024, 7:01am

Do you get any errors in the logs? You didn’t block the dns_get_record() function via php.ini?

You can also check a small example script if the function itself and the name resolution is working:
https://www.php.net/manual/en/function.dns-get-record.php

Pablo1732 · May 1, 2024, 11:53am

Thanks for the Answer.
I ran this Script from the WebSite you send.

<?php
$result = dns_get_record("php.net");
print_r($result);
?>

I’ve got the “same” error:

PHP Warning:  dns_get_record(): A temporary server error occurred. in /root/test.php on line 2

But as I said, I can download apps from the AppStore, so DNS must work somehow.

At least I have not consciously switched off the function in php.ini. I also don’t know where to switch it on/off.

What can I do?

tflidd · May 1, 2024, 5:37pm

I just checked on a default Debian system without anything very specific and it works out of the box. What kind of system do you have?

There were reports on a FreeBSD system: Bug in DnsPinMiddleware.php, "DNS Query failed" · Issue #28105 · nextcloud/server · GitHub
I have run in on FreeBSD as well, but don’t see such issue. Perhaps in a jail, or if you put restrictions to it that it might not be able to do certain things (firewalls etc).

What is strange, when you updated Nextcloud, this part of the code wasn’t changed recently, did you also change something in your system?

Pablo1732 · May 1, 2024, 8:20pm

Oh,
I’ve just checked that too.
My Nextcloud runs in a Proxmox container/LXC (Ubuntu 22.04 container).
I have tested the PHP function in other LXC’s and it doesn’t work there either. If I try it in a VM on Proxmox (LinuxMint 21) it works without any problems.

I honestly don’t know since when the problem exists, probably always. I had never checked the Nextcloud log before.
I just had some problems since I upgraded from Nextcloud 27 to 28. And after the upgrade to 29 the problems were not fixed, so I checked the log.
The system check of Nextcloud takes many minutes since the update to NC28 (not even a minute before). When I check the log afterwards, I can see many of the DNS errors. So I think the system check takes so long because it tries to make a lot of DNS requests and waits for the answers from the DNS server, but that doesn’t work. That’s why I wonder why the check was always so fast before NC28, either NC27 didn’t make any/hardly any DNS queries during the system check, or the problem has really only existed since then. But the problem has probably “always” existed, as I have always had NC running in the container.
So I don’t know what the problem is.

Do you have NC 28/29 running, do you also have some problems with it?

tflidd · May 2, 2024, 8:42am

The DNS queries however work within the machine?
host -t SOA nextcloud.com

Ubuntu has apparmor, you can use it to secure applications and control their acceess to resources (e.g. https://blog.frehi.be/2024/01/06/securing-php-fpm-with-apparmor/ or AppArmor | HackTricks | HackTricks). Ideally, it should create logfiles (/var/log/audit/audit.log in case it blocks something. Perhaps there is something enabled by default.

Pablo1732 · May 2, 2024, 12:48pm

/var/log/audit/audit.log does not exist in LXC or on the Proxmox host.
I noticed that host -t SOA nextcloud.com works in the VM’s, but not on the host or in the LXC’s.
LXC’s work very “host close”, the reason why it doesn’t work in the LXC’s is probably because it doesn’t work on the host either.
Proxmox 8 is based on Debian 12.
ping and nslookup work everywhere.

#### LXC

root@Nextcloud-Proxmox:~# host -t SOA nextcloud.com
;; communications error to 192.168.22.1#53: timed out
;; communications error to 192.168.22.1#53: timed out
;; communications error to 9.9.9.9#53: timed out
;; communications error to 1.1.1.1#53: timed out
;; no servers could be reached


root@Nextcloud-Proxmox:~# ping nextcloud.com 
PING nextcloud.com (85.10.195.17) 56(84) bytes of data.
64 bytes from static.85-10-195-17.clients.your-server.de (85.10.195.17): icmp_seq=1 ttl=58 time=11.9 ms
64 bytes from static.85-10-195-17.clients.your-server.de (85.10.195.17): icmp_seq=2 ttl=58 time=11.7 ms
64 bytes from static.85-10-195-17.clients.your-server.de (85.10.195.17): icmp_seq=3 ttl=58 time=11.5 ms
^C
--- nextcloud.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 11.484/11.709/11.949/0.190 ms



#### VM

pablo@LinuxMint-Proxmox:~$ host -t SOA nextcloud.com
nextcloud.com has SOA record ns.inwx.de. hostmaster.inwx.de. 2024040901 10800 3600 604800 3600


pablo@LinuxMint-Proxmox:~$ ping nextcloud.com
PING nextcloud.com (85.10.195.17) 56(84) bytes of data.
64 bytes from static.85-10-195-17.clients.your-server.de (85.10.195.17): icmp_seq=1 ttl=58 time=11.8 ms
64 bytes from static.85-10-195-17.clients.your-server.de (85.10.195.17): icmp_seq=2 ttl=58 time=11.7 ms
64 bytes from static.85-10-195-17.clients.your-server.de (85.10.195.17): icmp_seq=3 ttl=58 time=11.8 ms
^C
--- nextcloud.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 11.671/11.779/11.843/0.077 ms




#### Proxmox Host

root@hp-pve:~# host -t SOA nextcloud.com
;; communications error to 192.168.22.1#53: timed out
;; communications error to 192.168.22.1#53: timed out
;; communications error to 9.9.9.9#53: timed out
;; communications error to 1.1.1.1#53: timed out
;; no servers could be reached


root@hp-pve:~# ping nextcloud.com
PING nextcloud.com (85.10.195.17) 56(84) bytes of data.
64 bytes from static.85-10-195-17.clients.your-server.de (85.10.195.17): icmp_seq=1 ttl=58 time=12.0 ms
64 bytes from static.85-10-195-17.clients.your-server.de (85.10.195.17): icmp_seq=2 ttl=58 time=12.0 ms
64 bytes from static.85-10-195-17.clients.your-server.de (85.10.195.17): icmp_seq=3 ttl=58 time=11.5 ms
^C
--- nextcloud.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 11.476/11.815/12.021/0.241 ms