Traceroute fails, ping fails, nslookup works

big surmacosNetwork

I am trying to debug a connectivity problem on macOS Big Sur.

Symptoms

After a few hours, the domain apple.com is unreachable from the device. All other domains are fine.

  • ping www.apple.com fails to return anything (nothing printed on screen)

  • nslookup www.apple.com returns an IP. When pinging this IP, it actually works

What I tried

  • Given that pinging the IP but not the domain works, I tried resetting the DNS cache via : sudo dscacheutil -flushcache ; sudo killall -HUP mDNSResponder. This did not help.

  • I ran tcpdump on both the device and the router. Nothing showed up.

  • I ran traceroute on the device, it does not even show the first hop to the router.

Any pointer to solve this?

EDIT:

I've spent a lot of time on this, still without success. Rebooting the router does not sort out the issue. dig works fine, nslookup works fine. dscacheutil fails. For some reason, it does not show the IPv4 address :

$ dscacheutil -q host -a name www.apple.com
name: e6858.dscx.akamaiedge.net
alias: www.apple.com www.apple.com.edgekey.net www.apple.com.edgekey.net.globalredir.akadns.net 
ipv6_address: 2a02:26f0:7400:1ac::1aca
ipv6_address: 2a02:26f0:7400:1ad::1aca

When I add the line 127.0.0.1 apple.com to /etc/hosts, then it works and I see this :

$ dscacheutil -q host -a name www.apple.com
name: e6858.dscx.akamaiedge.net
alias: www.apple.com www.apple.com.edgekey.net www.apple.com.edgekey.net.globalredir.akadns.net 
ipv6_address: 2a02:26f0:7400:1ad::1aca
ipv6_address: 2a02:26f0:7400:1ac::1aca

name: e6858.dscx.akamaiedge.net
alias: www.apple.com www.apple.com.edgekey.net www.apple.com.edgekey.net.globalredir.akadns.net 
ip_address: 2.21.169.157

I have no idea why pointing to the loopback address suddenly solves the problem.

EDIT2 :

While dscacheutil contains only the IPv6 addresses for www.apple.com, it contains ipv4 addresses for apple.com :

$ dscacheutil -q host -a name apple.com
name: apple.com
ip_address: 17.253.144.10

So I can indeed access apple.com but not www.apple.com. Does that make sense to anyone?

Best Answer

nslookup bypasses the "normal" DNS resolution done by macOS and instead seems to implement its own lookup (dig does as well, as I painfully learned during some debugging). Both nslookup and dig are actually third-party tools by ISC (which also make BIND).

To use an "Apple-native" command for DNS lookups, try dscacheutil:

dscacheutil -q host -a name www.apple.com

You can see the DNS settings macOS is using with:

scutil --dns

The problem you describe sounds like the DNS config is either incorrect and/or the configured DNS server are not responding (or responding with "not found" answers). The ISC tools might still work in this case as they rely on /etc/resolv.conf instead.

Related Question