connect: Permission denied
15:30:04 >>traceroute -I api.tidal.com
traceroute to api.tidal.com (18.244.140.54), 30 hops max, 60 byte packets
1 RT-AX86U_Pro-78B0 (192.168.101.1) 0.240 ms 0.184 ms 0.241 ms
2 10.53.38.121 (10.53.38.121) 8.160 ms 8.150 ms 8.140 ms
3 80.255.193.54 (80.255.193.54) 15.385 ms 15.375 ms 15.365 ms
4 * * *
5 telw-ic-5-ae0-0.network.virginmedia.net (80.255.204.61) 15.319 ms 15.309 ms 15.297 ms
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *
12 15.230.165.25 (15.230.165.25) 9.260 ms 9.250 ms 10.349 ms
13 server-18-244-140-54.lhr50.r.cloudfront.net (18.244.140.54) 9.282 ms * 12.411 ms
What I’ve Tried:
retried several times. Other services in this server are also reporting intermittent network related issues. I was running traceroute in order to debug the network issues. My services (docker on host) are sometimes returning bad file descriptor or connection time outs.
I have tried different cables and different network ports to eliminate the cable network issues.
Which variant of traceroute are you using ? There are two, the one from the GNU inetutils and a newer, Linux-specific one by Dmitry Butskoy. Using the latter with ICMP-packets (‘-I’) and not running as root I have no problem reaching api.tidal.com (which from where I am resolves to changing IP-addresses (54.239.195.XXX)) …
the latest update:
I have changed the dns nameserver on my ubuntu server to local pi-hole (it was router address before) and rebooted my router and I had no any issues so far. My local services are also fine.
The issue is unfortunately still present. 1 out of 3-5 internet requests fails because the domain name cannot be resolved. I am not that familiar with DNS settings in ubuntu. I have set the dns in dhcpcd.conf file and I can confirm that it looks OK in resolvectl status
All other machines (mac, windows, debian) in the same LAN are using the same DNS settings without any issues.
The DNS is my pi-hole. When request fail in ubuntu, I don’t have an log entry in pi-hole, which suggests that request are not reaching it.
I have only one dhcp server as far as I know - the one in my router. The pi-hole is only used for dns queries and not as dhcp server. Is there a command that I can run to check if multiple dhcp servers are in use ?
I tried to do tcpdump of udp and port 53 packets. Each time the traceroute call is successful I have several entries in the dump file. Each time the call fails, I have no entries in the tcpdump file.
It’s like the requests are not reaching network at all.
I can now simulate the error with a dig command:
dig google.com@8.8.8.8
If I run this command in quick succession it fails in 1 in 3 times:
14:31:32 >>dig google.com @8.8.8.8
; <<>> DiG 9.18.39-0ubuntu0.24.04.2-Ubuntu <<>> google.com @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27832
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;google.com. IN A
;; ANSWER SECTION:
google.com. 232 IN A 142.250.140.100
google.com. 232 IN A 142.250.140.101
google.com. 232 IN A 142.250.140.102
google.com. 232 IN A 142.250.140.113
google.com. 232 IN A 142.250.140.138
google.com. 232 IN A 142.250.140.139
;; Query time: 16 msec
;; SERVER: 8.8.8.8#53(8.8.8.8) (UDP)
;; WHEN: Wed Feb 18 14:31:35 GMT 2026
;; MSG SIZE rcvd: 135
14:31:35 >>dig google.com @8.8.8.8
;; UDP setup with 8.8.8.8#53(8.8.8.8) for google.com failed: permission denied.
;; no servers could be reached
;; UDP setup with 8.8.8.8#53(8.8.8.8) for google.com failed: permission denied.
;; no servers could be reached
;; UDP setup with 8.8.8.8#53(8.8.8.8) for google.com failed: permission denied.
;; no servers could be reached
Docker pulls in a dhcp server to the machine it gets installed on and then configures it to serve the containers you run so they can have networking, if that dhcp server would be mis-configured for whatever reason it might affect your host machines behavior…
ogra@styx:~$ apt show docker.io 2>/dev/null|grep Recommends
Recommends: ca-certificates, git, pigz, ubuntu-fan, xz-utils, apparmor
ogra@styx:~$ apt show ubuntu-fan 2>/dev/null|grep Depends
Depends: bridge-utils, iproute2 (>> 3.16.0-2ubuntu2~), dnsmasq-base
ogra@styx:~$ LC_ALL=C apt show dnsmasq-base 2>/dev/null|grep -A5 Description
Description: Small caching DNS proxy and DHCP/TFTP server - executable
This package contains the dnsmasq executable and documentation, but
not the infrastructure required to run it as a system daemon. For
that, install the dnsmasq package.
ogra@styx:~$
The commands were only to show the trail of dependencies pulled in by docker and to point you into a direction for looking for potential issues, not sure how you would proceed here (I don’t touch docker with a ten foot pole, I usually use lxd when I need containers)…
