When working with Vagrant and VirtualBox, you might encounter a peculiar situation where your VM can resolve some domains perfectly while failing on others. Here's what's happening under the hood:
$ dig security.ubuntu.com +short
91.189.92.181 # Works fine
$ dig us.archive.ubuntu.com
;; connection timed out # Fails
VirtualBox uses a special NAT resolver (10.0.2.3) that sometimes struggles with certain DNS configurations. The key observations from our case:
- Works: security.ubuntu.com, google.com, www.apple.com
- Fails: us.archive.ubuntu.com, apple.com (without www)
The +trace output reveals the DNS resolution works when bypassing the local resolver, indicating the problem lies with VirtualBox's DNS proxy:
$ dig us.archive.ubuntu.com +trace
; Full trace shows successful resolution
; while standard query times out
Solution 1: Bypass VirtualBox DNS Proxy
Edit /etc/resolv.conf to use public DNS servers instead of 10.0.2.3:
nameserver 8.8.8.8
nameserver 8.8.4.4
options timeout:1 attempts:1
Solution 2: Modify Vagrantfile
Add this configuration to force proper DNS handling:
Vagrant.configure("2") do |config|
config.vm.provider "virtualbox" do |vb|
vb.customize ["modifyvm", :id, "--natdnshostresolver1", "on"]
vb.customize ["modifyvm", :id, "--natdnsproxy1", "off"]
end
end
To identify specific DNS issues:
# Check DNS response times
$ time dig @10.0.2.3 us.archive.ubuntu.com
$ time dig @8.8.8.8 us.archive.ubuntu.com
# Test different record types
$ dig us.archive.ubuntu.com A
$ dig us.archive.ubuntu.com AAAA
$ dig us.archive.ubuntu.com MX
For Ubuntu VMs, prevent resolv.conf from being overwritten:
$ sudo apt-get install resolvconf
$ sudo nano /etc/resolvconf/resolv.conf.d/head
# Add your preferred nameservers
$ sudo service resolvconf restart
Remember to test after each change:
$ ping -c 3 us.archive.ubuntu.com
$ curl -I http://us.archive.ubuntu.com
When working with Vagrant and VirtualBox, you might encounter a peculiar DNS resolution issue where some domains (like us.archive.ubuntu.com) fail to resolve while others (like security.ubuntu.com) work perfectly. The host machine resolves all domains correctly, but the VM struggles with specific ones.
The symptoms typically appear as:
Err http://us.archive.ubuntu.com/ubuntu/ lucid/main make 3.81-7ubuntu1
Could not resolve 'us.archive.ubuntu.com'Interestingly, dig with +trace works while normal queries fail:
vagrant@lucid64:~$ dig us.archive.ubuntu.com +trace
; <<>> DiG 9.7.0-P1 <<>> us.archive.ubuntu.com +trace
;; global options: +cmd
. 199183 IN NS d.root-servers.net.
[...]
us.archive.ubuntu.com. 600 IN A 91.189.92.192The issue stems from VirtualBox's NAT networking and DNS proxy behavior. The default /etc/resolv.conf shows:
nameserver 10.0.2.3
domain mydomain.com
search mydomain.comVirtualBox's DNS proxy (10.0.2.3) sometimes struggles with certain DNS queries, particularly when:
- The domain uses DNSSEC
- There are specific TTL or record configurations
- The response exceeds UDP packet size and needs TCP fallback
1. Bypass VirtualBox's DNS Proxy
Edit /etc/resolv.conf to use public DNS servers:
sudo bash -c 'cat > /etc/resolv.conf <2. Configure Network Manager (For Ubuntu VMs)
sudo nano /etc/NetworkManager/NetworkManager.confAdd or modify:
[main]
dns=defaultThen restart NetworkManager:
sudo service network-manager restart3. Vagrant-Specific Fix
Add this to your Vagrantfile:
config.vm.provision "shell", inline: <<-SHELL
sudo resolvconf -u
sudo systemctl restart systemd-resolved
SHELL4. Testing DNS Resolution
Verify your changes with:
dig us.archive.ubuntu.com +short
dig @8.8.8.8 us.archive.ubuntu.com
ping -c 4 us.archive.ubuntu.comIf issues persist, check DNS query behavior:
tcpdump -i eth0 -n port 53
dig +dnssec us.archive.ubuntu.com
dig +tcp us.archive.ubuntu.comFor VirtualBox-specific debugging:
VBoxManage list hostonlyifs
VBoxManage modifyvm "VM name" --natdnshostresolver1 onConsider these best practices:
- Use bridged networking instead of NAT when possible
- Keep VirtualBox Guest Additions updated
- Regularly update your VM's DNS cache (
sudo systemd-resolve --flush-caches)