got a RPi behind a firewall that should block all internet traffic except some whitelisted domains: ubuntu.com, launchpad.net, canonical.com ('include subdomains' option enabled).
There's a test tool on the firewall that let me check the connection (RPi - those domains). Tells me 'all fine' but Raspberry Pi won't update: failure when resolving ports.ubuntu.com and failure when resolving ppa.launchpad.net.
Our network has two dns server which I included in /etc/hosts.
Please note, that dns servers are referred to by their ip addresses and not by their domain names.
Next, your firewall has to be configured to allow dns traffic to your preferred dns server, namely: UDP protocol, port 53, ip address of the dns server.
This configuration definitely does not belong to 'Web filtering' section. I am unfamiliar with your firewall and its GUI, but 'Filtering options' and/or 'Network services' look much more appropriate candidates.
I can't explain why things just worked for you on Raspbian but not MATE, but if you do wish to try forcing use of your two specific local DNS servers, that should go into /etc/resolv.conf
resolv.conf says not to edit in it ('Do not edit').
So I changed the network setting but it's not kept. After reboot the 2 additional dns addresses are gone.
You're right! NAT was missing. Wasn't aware because I didn't change it and it used to work with raspbian. I still wonder..
Thank you all and sorry for bothering!
!
I updated (>100 packages) and now I have the same problem again. This time I can ping an ip address but I can't resolve hostnames. systemd-resolve --status show gives the same output. /etc/hosts hasn't changed.
This time it's not the firewall because another pc (opensuse) can ping ports.ubuntu.com (e.g.).