Issues with DNS when connected to a TTLS PAP wifi [SOLVED]

niemand9009 · 2025-12-02 16:18:19

Hello,

I'm new to Arch and rather inexperienced. I'm trying to use my Uni's wifi. They use some TTLS version of eduroam and I was able to succesfully connect to it with the help of the iwd article in the Arch wiki. However I still had trouble because despite a stable connection I couldn't use the internet.

After some searching, I'm fairly certain that the issue is with the DNS, because I can ping 8.8.8.8 but not www.google.com because it throws the error "temporary error when resolving name" (Temporärer Fehler bei der Namensauflösung). However I don't know how I could fix this, since I don't know a lot about web services and I couldn't find anything helpfull when googling the issue.

The output of

 resolvectl status

is:

Global
           Protocols: +LLMNR +mDNS +DNSOverTLS DNSSEC=no/unsupported
    resolv.conf mode: foreign
  Current DNS Server: 9.9.9.9#dns.quad9.net
         DNS Servers: 9.9.9.9#dns.quad9.net 2620:fe::9#dns.quad9.net 1.1.1.1#cloudflare-dns.com
                      2606:4700:4700::1111#cloudflare-dns.com 8.8.8.8#dns.google 2001:4860:4860::8888#dns.google
Fallback DNS Servers: 9.9.9.9#dns.quad9.net 2620:fe::9#dns.quad9.net 1.1.1.1#cloudflare-dns.com
                      2606:4700:4700::1111#cloudflare-dns.com 8.8.8.8#dns.google 2001:4860:4860::8888#dns.google

Link 3 (wlan0)
    Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6 mDNS/IPv4 mDNS/IPv6
         Protocols: +DefaultRoute +LLMNR +mDNS +DNSOverTLS DNSSEC=no/unsupported
       DNS Servers: 132.180.17.1 132.180.17.129
     Default Route: yes

When I try to ping 132.180.17.1 or 132.180.17.129, I don't get any response.

Did I make some obvious mistake in my setup?

I would be thankfull for any idea, or link to where I could read more about this issue.

Last edited by niemand9009 (Yesterday 08:46:35)

seth · 2025-12-02 21:34:20

https://wiki.archlinux.org/title/System … d#Manually
Assuming you use https://wiki.archlinux.org/title/Iwd#En … figuration try to set https://wiki.archlinux.org/title/Iwd#Select_DNS_manager to "none" to leave the NIC-specific DNS config alone.
If you're using other tools to configure the network and/or in doubt please post the output of

find /etc/systemd -type l -exec test -f {} \; -print | awk -F'/' '{ printf ("%-40s | %s\n", $(NF-0), $(NF-1)) }' | sort -f

When I try to ping 132.180.17.1 or 132.180.17.129, I don't get any response.

DNS servers don't have to necessarily respond to ICMP requests.

nmap -Pn 132.180.17.1
dig @132.180.17.1 google.com

niemand9009 · 2025-12-02 21:49:57

Thanks for the tip. I had set

NameResolvingService=systemd

, but I also tried without one set with the same result. I'll try to explicitly set it to "none" next.

Right now (in my network at home) the output of

find /etc/systemd -type l -exec test -f {} \; -print | awk -F'/' '{ printf ("%-40s | %s\n", $(NF-0), $(NF-1)) }' | sort -f

is

dbus-org.freedesktop.network1.service    | system
dbus-org.freedesktop.resolve1.service    | system
dbus-org.freedesktop.timesync1.service   | system
display-manager.service                  | system
fstrim.timer                             | timers.target.wants
getty@tty1.service                       | getty.target.wants
iwd.service                              | multi-user.target.wants
p11-kit-server.socket                    | sockets.target.wants
pipewire-pulse.socket                    | sockets.target.wants
pipewire-session-manager.service         | user
pipewire.socket                          | sockets.target.wants
remote-fs.target                         | multi-user.target.wants
seatd.service                            | multi-user.target.wants
systemd-networkd.service                 | multi-user.target.wants
systemd-networkd.socket                  | sockets.target.wants
systemd-networkd-varlink.socket          | sockets.target.wants
systemd-networkd-wait-online.service     | network-online.target.wants
systemd-network-generator.service        | sysinit.target.wants
systemd-resolved-monitor.socket          | sockets.target.wants
systemd-resolved.service                 | sysinit.target.wants
systemd-resolved-varlink.socket          | sockets.target.wants
systemd-timesyncd.service                | sysinit.target.wants
systemd-userdbd.socket                   | sockets.target.wants
ufw.service                              | multi-user.target.wants
wireplumber.service                      | pipewire.service.wants

Sadly I can't test your idea until thursday, but thank you very much for the tip.

seth · 2025-12-02 21:56:50

You've systemd-networkd* enabled - disable those to prevent any kind of interference from there iff you're using https://wiki.archlinux.org/title/Iwd#En … figuration

but I also tried without one set with the same result

resolved is the default, so that would be expectable

niemand9009 · 2025-12-02 22:00:13

Will do. I'll report back on thursday, whether this fixed it. Thank you very much.

niemand9009 · 2025-12-04 08:15:03

Hello again. I disabled networkd-systemd with

 sysctl disable networkd-systemd

. I set

NameResolvingService=none

and restarted the system. This sadly didn't solve the problem. Aditionally disabling systemd-resolved the same way didn't change anything either.

I also tried setting

EnableNetworkConfiguration=false

which led to some wierd results, where I could connect to a wifi, but didn't get any internet connection at all, which is why I've reenabled it immediatly.

seth · 2025-12-04 08:57:32

Aditionally disabling systemd-resolved the same way

Will probably have lead to no DNS resolution at all?

which led to some weird expectable results

ftfy

stat /etc/resolv.conf
cat /etc/resolv.conf

https://wiki.archlinux.org/title/Systemd-resolved#DNS
Try to turn it into the stub resolver (pretty much the only reason why you'd want to bother w/ systemd-resolved anyway)
Then, in doubt, https://wiki.archlinux.org/title/System … d#Manually add a custom DNS server (not the example on in the wiki or the university one that doesn't respond but google, cloudflare or quad9 or any other open DNS server)

niemand9009 · 2025-12-05 11:20:59

I'm pretty sure, that's already set up that way.

stat /etc/resolv.conf

Datei: /etc/resolv.conf
 Größe: 920       	Blöcke: 8          EA Block: 4096   reguläre Datei
Gerät: 259/2	Inode: 262177      Verknüpfungen: 1
Zugriff: (0644/-rw-r--r--)  Uid: (    0/    root)   Gid: (    0/    root)
Zugriff: 2025-12-04 08:43:35.650734099 +0100
Modifiziert: 2025-11-17 17:45:16.004286502 +0100
Geändert: 2025-11-17 18:03:49.013126200 +0100
Geburt: 2025-11-17 18:03:22.829604600 +0100

Sorry for the german, it's my systems language.

cat /etc/resolv.conf

# This is /run/systemd/resolve/stub-resolv.conf managed by man:systemd-resolved(8).
# Do not edit.
#
# This file might be symlinked as /etc/resolv.conf. If you're looking at
# /etc/resolv.conf and seeing this text, you have followed the symlink.
#
# This is a dynamic resolv.conf file for connecting local clients to the
# internal DNS stub resolver of systemd-resolved. This file lists all
# configured search domains.
#
# Run "resolvectl status" to see details about the uplink DNS servers
# currently in use.
#
# Third party programs should typically not access this file directly, but only
# through the symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a
# different way, replace this symlink by a static file or a different symlink.
#
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.

nameserver 127.0.0.53
options edns0 trust-ad
search .

 cat /etc/systemd/resolved.conf

#  This file is part of systemd.
#
#  systemd is free software; you can redistribute it and/or modify it under the
#  terms of the GNU Lesser General Public License as published by the Free
#  Software Foundation; either version 2.1 of the License, or (at your option)
#  any later version.
#
# Entries in this file show the compile time defaults. Local configuration
# should be created by either modifying this file (or a copy of it placed in
# /etc/ if the original file is shipped in /usr/), or by creating "drop-ins" in
# the /etc/systemd/resolved.conf.d/ directory. The latter is generally
# recommended. Defaults can be restored by simply deleting the main
# configuration file and all drop-ins located in /etc/.
#
# Use 'systemd-analyze cat-config systemd/resolved.conf' to display the full config.
#
# See resolved.conf(5) for details.

[Resolve]
# Some examples of DNS servers which may be used for DNS= and FallbackDNS=:
# Cloudflare: 1.1.1.1#cloudflare-dns.com 1.0.0.1#cloudflare-dns.com 2606:4700:4700::1111#cloudflare-dns.com 2606:4700:4700::1001#cloudflare-dns.com
# Google:     8.8.8.8#dns.google 8.8.4.4#dns.google 2001:4860:4860::8888#dns.google 2001:4860:4860::8844#dns.google
# Quad9:      9.9.9.9#dns.quad9.net 149.112.112.112#dns.quad9.net 2620:fe::fe#dns.quad9.net 2620:fe::9#dns.quad9.net
#
# Using DNS= configures global DNS servers and does not suppress link-specific
# configuration. Parallel requests will be sent to per-link DNS servers
# configured automatically by systemd-networkd.service(8), NetworkManager(8), or
# similar management services, or configured manually via resolvectl(1). See
# resolved.conf(5) and systemd-resolved(8) for more details.
DNS=9.9.9.9#dns.quad9.net 2620:fe::9#dns.quad9.net 1.1.1.1#cloudflare-dns.com 2606:4700:4700::1111#cloudflare-dns.com 8.8.8.8#dns.google 2001:4860:4860::8888#dns.google

#FallbackDNS=9.9.9.9#dns.quad9.net 2620:fe::9#dns.quad9.net 1.1.1.1#cloudflare-dns.com 2606:4700:4700::1111#cloudflare-dns.com 8.8.8.8#dns.google 2001:4860:4860::8888#dns.google
#Domains=
#DNSSEC=no
DNSOverTLS=yes
#MulticastDNS=yes
#LLMNR=yes
Cache=yes
#CacheFromLocalhost=no
#DNSStubListener=yes
#DNSStubListenerExtra=
#ReadEtcHosts=yes
#ResolveUnicastSingleLabel=no
#StaleRetentionSec=0
#RefuseRecordTypes=

resolvectl status

Global
           Protocols: +LLMNR +mDNS +DNSOverTLS DNSSEC=no/unsupported
    resolv.conf mode: foreign
  Current DNS Server: 1.1.1.1#cloudflare-dns.com
         DNS Servers: 9.9.9.9#dns.quad9.net 2620:fe::9#dns.quad9.net
                      1.1.1.1#cloudflare-dns.com
                      2606:4700:4700::1111#cloudflare-dns.com 8.8.8.8#dns.google
                      2001:4860:4860::8888#dns.google
Fallback DNS Servers: 9.9.9.9#dns.quad9.net 2620:fe::9#dns.quad9.net
                      1.1.1.1#cloudflare-dns.com
                      2606:4700:4700::1111#cloudflare-dns.com 8.8.8.8#dns.google
                      2001:4860:4860::8888#dns.google

Link 3 (wlan0)
    Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6 mDNS/IPv4 mDNS/IPv6
         Protocols: +DefaultRoute +LLMNR +mDNS +DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 132.180.17.129
       DNS Servers: 132.180.17.1 132.180.17.129
        DNS Domain: uni-bayreuth.de
     Default Route: yes

I've now also tried the manual approach from the wiki without success.

cat /etc/systemd/resolved.conf.d/dns_servers.conf

[Resolve]
DNS=9.9.9.9
Domains=~.

Virus1x · 2025-12-05 12:38:05

Sounds like your Wi-Fi is having DNS problems. Since you can ping IPs, try changing your DNS server to a working one (like 1.1.1.1 or 8.8.8.8) in your iwd/resolv.conf file. That should get you back online. Good luck!

seth · 2025-12-05 14:33:07

/etc/resolv.conf is supposed to be a symlink to ../run/systemd/resolve/stub-resolv.conf which it currently isn't.
This isn't optional and copying the file won't do it - systemd-resolved actually determines its behavior based on the filetype of /etc/resolv.conf

niemand9009 · 2025-12-08 08:10:39

Sadly, neither of these worked.

Also, if these were the issue, shouldn't I have the same DNS issues in every network and not just for this singular special TTLS PAP network?

seth · 2025-12-08 09:16:05

Sadly, neither of these worked.

What does "resolvectl status" look like now?

shouldn't I have the same DNS issues in every network

Your primary issue is the bogus DNS server you get from the specific DHCP configuration.
The secondary problem is then to take some sort of control over your DNS configuration.

niemand9009 · 2025-12-08 10:56:32

The

 resolvectl status

now looks like

Global
           Protocols: +LLMNR +mDNS +DNSOverTLS DNSSEC=no/unsupported
    resolv.conf mode: stub
  Current DNS Server: 9.9.9.9#dns.quad9.net
         DNS Servers: 9.9.9.9#dns.quad9.net 2620:fe::9#dns.quad9.net 1.1.1.1#cloudflare-dns.com
                      2606:4700:4700::1111#cloudflare-dns.com 8.8.8.8#dns.google 2001:4860:4860::8888#dns.google
                      9.9.9.9
Fallback DNS Servers: 9.9.9.9#dns.quad9.net 2620:fe::9#dns.quad9.net 1.1.1.1#cloudflare-dns.com
                      2606:4700:4700::1111#cloudflare-dns.com 8.8.8.8#dns.google 2001:4860:4860::8888#dns.google
          DNS Domain: ~.

Link 3 (wlan0)
    Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6 mDNS/IPv4 mDNS/IPv6
         Protocols: +DefaultRoute +LLMNR +mDNS +DNSOverTLS DNSSEC=no/unsupported
       DNS Servers: 132.180.17.1 132.180.17.129
        DNS Domain: nac.uni-bayreuth.de
     Default Route: yes

Thank you very much for the explanation. In general I'm very thankful for all the help and nice pointers you've given me so far.

seth · 2025-12-08 16:48:49

Did you also

seth wrote:

Then, in doubt, https://wiki.archlinux.org/title/System … d#Manually add a custom DNS server (not the example on in the wiki or the university one that doesn't respond but google, cloudflare or quad9 or any other open DNS server)

niemand9009 · 2025-12-09 08:06:29

I tried both the file method, as well as the drop-in method described in the wiki, but neither worked.

seth · 2025-12-09 08:27:18

Do you currently have networkd disabled?

Otherwise (and maybe preferably actually use networkd) you'll have to configure the DNS in the networkd profile (also don't forget to restart the services after changing the config)
Spcifically

[NETWORK]
DNS=1.1.1.1

[DHCPV4]
UseDNS=false

You might actually get away w/o the

[NETWORK]
DNS=1.1.1.1

entry.

Ultimately, consider just using a less pesky network management daemon…

niemand9009 · Yesterday 08:44:12

I manged to solve the issue. Turns out I'm an even bigger idiot than I thought. I didn't install the systemd-resolvconf package so systemd-resolved naturally didn't work properly. After installing it and setting up the DNS properly, it now works.

Thank you all for your help and patience.

Arch Linux

#1 2025-12-02 16:18:19

Issues with DNS when connected to a TTLS PAP wifi [SOLVED]

#2 2025-12-02 21:34:20

Re: Issues with DNS when connected to a TTLS PAP wifi [SOLVED]

#3 2025-12-02 21:49:57

Re: Issues with DNS when connected to a TTLS PAP wifi [SOLVED]

#4 2025-12-02 21:56:50

Re: Issues with DNS when connected to a TTLS PAP wifi [SOLVED]

#5 2025-12-02 22:00:13

Re: Issues with DNS when connected to a TTLS PAP wifi [SOLVED]

#6 2025-12-04 08:15:03

Re: Issues with DNS when connected to a TTLS PAP wifi [SOLVED]

#7 2025-12-04 08:57:32

Re: Issues with DNS when connected to a TTLS PAP wifi [SOLVED]

#8 2025-12-05 11:20:59

Re: Issues with DNS when connected to a TTLS PAP wifi [SOLVED]

#9 2025-12-05 12:38:05

Re: Issues with DNS when connected to a TTLS PAP wifi [SOLVED]

#10 2025-12-05 14:33:07

Re: Issues with DNS when connected to a TTLS PAP wifi [SOLVED]

#11 2025-12-08 08:10:39

Re: Issues with DNS when connected to a TTLS PAP wifi [SOLVED]

#12 2025-12-08 09:16:05

Re: Issues with DNS when connected to a TTLS PAP wifi [SOLVED]

#13 2025-12-08 10:56:32

Re: Issues with DNS when connected to a TTLS PAP wifi [SOLVED]

#14 2025-12-08 16:48:49

Re: Issues with DNS when connected to a TTLS PAP wifi [SOLVED]

#15 2025-12-09 08:06:29

Re: Issues with DNS when connected to a TTLS PAP wifi [SOLVED]

#16 2025-12-09 08:27:18

Re: Issues with DNS when connected to a TTLS PAP wifi [SOLVED]

#17 Yesterday 08:44:12

Re: Issues with DNS when connected to a TTLS PAP wifi [SOLVED]

Board footer