Hostname resolution oddness

Hi,
I am having an odd problem with one of our Debian Woody systems.

It has quite a large hosts file (backup server) and seems to be ignoring
changes made to this file. In this case one of the host entries has been
commented out, and replaced further up in the file with a different entry.
Pinging the hostname yields the correct IP address, but host and telnet
manage to retieve the old commented out address!

The host name is resolvable via our internal DNS servers, but nsswitch is
set to files then network as is standard. We have seen this problem
before but it resolved itself (no pun intended) before we figured it out.
nscd is NOT running on the system.

Any ideas? This is driving me nuts.

Thanks

Graeme Hinchliffe

Graeme Hinchliffe <graeme.hinchliffe@zeninternet.co.uk> wrote:
> I am having an odd problem with one of our Debian Woody systems.

> It has quite a large hosts file (backup server) and seems to be ignoring
> changes made to this file.

> The host name is resolvable via our internal DNS servers [...]

If you've got internal DNS then should you really be using a large hosts
file as well? (You don't need to answer this, but do think about it.)


> In this case one of the host entries has been
> commented out, and replaced further up in the file with a different entry.

> Pinging the hostname yields the correct IP address, but host and telnet
> manage to retieve the old commented out address!

This feels like you may have duplication in your host file entries
(the hosts file is searched top to bottom stopping at the first match),
or mismatches between hosts and DNS.

Remember that "host" uses DNS exclusively, whereas ping and telnet use
the lookups specified via your nsswitch.conf. (For now, I'm skipping
your comment about ping and telnet returning different results.)


> The host name is resolvable via our internal DNS servers, but nsswitch is
> set to files then network as is standard.

On my woody box I've got "hosts: files dns wins". Might this be adding
to the confusion?


> nscd is NOT running on the system.

What about lwresd? (Not sure if that's relevant, though.)


> We have seen this problem before but it resolved itself (no pun
> intended) before we figured it out.

This sounds mightily like a DNS update issue. Have you changed DNS
entries for the affected hosts recently? Did you remember to increment
the SOA? Has the SOA retry time been reached since the change occurred?

Chris

On Tue, 23 Aug 2005 14:07:33 +0100, chris-usenet wrote:

>> The host name is resolvable via our internal DNS servers [...]
>
> If you've got internal DNS then should you really be using a large hosts
> file as well? (You don't need to answer this, but do think about it.)

Indeed, however this is a special system. There have been issues before
where a DNS server couldn't be reached and the backup server for some
reason classed the host it was backing up as being a different class of
host and as such having insufficient licenses to run the backup job.
Using a hosts file ensure the backup system can always see the hosts and
get the class right, plus it comes in useful when you are testing disaster
recovery scenarios without taking the live system offline.


>> In this case one of the host entries has been
>> commented out, and replaced further up in the file with a different entry.
>
>> Pinging the hostname yields the correct IP address, but host and telnet
>> manage to retieve the old commented out address!
>
> This feels like you may have duplication in your host file entries
> (the hosts file is searched top to bottom stopping at the first match),
> or mismatches between hosts and DNS.

As I said the new entry was places nearer the start of the file, so should
have been seen 1st. The original entry was commented out.

> Remember that "host" uses DNS exclusively, whereas ping and telnet use
> the lookups specified via your nsswitch.conf. (For now, I'm skipping
> your comment about ping and telnet returning different results.)

Thats the key point tho thats flummoxed me :/ They should be using a
standard resolver library and hence getting the same results.. well thats
what I thought anyway.

>> The host name is resolvable via our internal DNS servers, but nsswitch is
>> set to files then network as is standard.
>
> On my woody box I've got "hosts: files dns wins". Might this be adding
> to the confusion?

We don't use 'wins', but I fail to see what you mean? "Hosts: files dns"
is pretty standard from what I have seen/remember.

>> nscd is NOT running on the system.
>
> What about lwresd? (Not sure if that's relevant, though.)

No, that isn't running either. What is it BTW? not seen that before.

>> We have seen this problem before but it resolved itself (no pun
>> intended) before we figured it out.
>
> This sounds mightily like a DNS update issue. Have you changed DNS
> entries for the affected hosts recently? Did you remember to increment
> the SOA? Has the SOA retry time been reached since the change occurred?

The actual DNS entries have not been changed, purely the local hosts file.
This is why I am so confused. The DNS entries need to be left along, we
just need this one machine to think that host is living at a different
address for a short period.

Thanks

Graeme

Graeme Hinchliffe wrote:
> Hi,
> I am having an odd problem with one of our Debian Woody systems.
>
> It has quite a large hosts file (backup server) and seems to be ignoring
> changes made to this file. In this case one of the host entries has been
> commented out, and replaced further up in the file with a different entry.
> Pinging the hostname yields the correct IP address, but host and telnet
> manage to retieve the old commented out address!
>
> The host name is resolvable via our internal DNS servers, but nsswitch is
> set to files then network as is standard. We have seen this problem
> before but it resolved itself (no pun intended) before we figured it out.
> nscd is NOT running on the system.
>
> Any ideas? This is driving me nuts.
>
> Thanks
>
> Graeme Hinchliffe

Hi,

AFAIK there is a caching system for name resolution present. I remember
my brother who does have a similar problem with a debian installation.
Sorry that I cannot reach my brother at the moment.
But search for host name chaching.

BR
Hans-Juergen Lange

Graeme Hinchliffe wrote:
> Hi,
> I am having an odd problem with one of our Debian Woody systems.
>
> It has quite a large hosts file (backup server) and seems to be ignoring
> changes made to this file. In this case one of the host entries has been
> commented out, and replaced further up in the file with a different entry.
> Pinging the hostname yields the correct IP address, but host and telnet
> manage to retieve the old commented out address!
>
> The host name is resolvable via our internal DNS servers, but nsswitch is
> set to files then network as is standard. We have seen this problem
> before but it resolved itself (no pun intended) before we figured it out.
> nscd is NOT running on the system.
>
> Any ideas? This is driving me nuts.
>
> Thanks
>
> Graeme Hinchliffe

/etc/init.d/nscd stop

On Thu, 25 Aug 2005 23:16:42 +0200, Olivier wrote:

>> nscd is NOT running on the system.
>>
>> Graeme Hinchliffe
>
> /etc/init.d/nscd stop

Thanks for that...

Perhaps I could suggest a course of 'how to read a post and take in it's
content' BEFORE posting a smug and useless post ? :)

Do you have anything else, perhaps of more use to contribute? it would be
appreciated.

Graeme

Graeme Hinchliffe wrote:
> On Thu, 25 Aug 2005 23:16:42 +0200, Olivier wrote:
>
>
>>>nscd is NOT running on the system.
>>>
>>>Graeme Hinchliffe
>>
>>/etc/init.d/nscd stop
>
>
> Thanks for that...
>
> Perhaps I could suggest a course of 'how to read a post and take in it's
> content' BEFORE posting a smug and useless post ? :)
>
> Do you have anything else, perhaps of more use to contribute? it would be
> appreciated.

Yeah, maybe you should learn humility.
Most likely you are missing some very obvious misconfig. Basically nscd
is running even when you *swear* you never installed it. I suppose that
if some linux distro - even Debian - was not able to parse correctly a
hosts file, we would have heard of it.

You even do not give an example of what makes you believe resolution is
not working like you think it should. You're full of yourself, certain
the problem comes from "outside".

In my experience admins with fat fingers and a bloated ego are far more
common than bugs in libc, even on a Debian distro.

>
> Graeme
>
>

On Mon, 29 Aug 2005 21:51:56 +0200, Olivier wrote:

> Graeme Hinchliffe wrote:
>> On Thu, 25 Aug 2005 23:16:42 +0200, Olivier wrote:
>>
>>
>>>>nscd is NOT running on the system.
>>>>
>>>>Graeme Hinchliffe
>>>
>>>/etc/init.d/nscd stop
>>
>>
>> Thanks for that...
>>
>> Perhaps I could suggest a course of 'how to read a post and take in it's
>> content' BEFORE posting a smug and useless post ? :)
>>
>> Do you have anything else, perhaps of more use to contribute? it would be
>> appreciated.
>
> Yeah, maybe you should learn humility.

already have, thanks

> Most likely you are missing some very obvious misconfig. Basically nscd
> is running even when you *swear* you never installed it. I suppose that
> if some linux distro - even Debian - was not able to parse correctly a
> hosts file, we would have heard of it.

ps -ef | grep nscd

nothing

maybe it changed it's name ?

> You even do not give an example of what makes you believe resolution is
> not working like you think it should. You're full of yourself, certain
> the problem comes from "outside".

"It has quite a large hosts file (backup server) and seems to be ignoring
changes made to this file. In this case one of the host entries has been
commented out, and replaced further up in the file with a different entry.
Pinging the hostname yields the correct IP address, but host and telnet
manage to retieve the old commented out address!"

I do expect there to be a miss config, I fully expect that hence the post.
I have checked nsswitch, checked for nscd, nothing I can see should make
this happen, hence my post. Why this makes me full of myself I don't
know? if I truely thought I knew all the answers I wouldn't be posting
here would I. From what I have seen and had experence of over the last
years, changing the hosts file *SHOULD* resolve to that address, in this
case the machine seems to be ignoring it.

> In my experience admins with fat fingers and a bloated ego are far more
> common than bugs in libc, even on a Debian distro.
>

Good job thats not me then isn't it.

I would more liken a bloated overconfident ego to someone who gives wrong
ill thought out single command answers to that of someone with an over
inflated ego.

but just for you:

/etc/init.d/nscd stop
bash: /etc/init.d/nscd: No such file or directory

Maybe now it will work eh?

Perhaps you can point to this *Obvious* misconfig that I cannot see?
perhaps it's So obvious you can see it from where you are?

Graeme

On Tue, 30 Aug 2005 11:02:30 +0100,
Graeme Hinchliffe <graeme.hinchliffe@zeninternet.co.uk> wrote:


>
> "It has quite a large hosts file (backup server) and seems to be ignoring
> changes made to this file. In this case one of the host entries has been
> commented out, and replaced further up in the file with a different entry.
> Pinging the hostname yields the correct IP address, but host and telnet
> manage to retieve the old commented out address!"
>

The host command is a bit special as it always does DNS lookup regardless
of /etc/nsswitch.conf. I would expect that telnet would use simple
gethostbyaddr(), it would be rather stuppid otherwise. Thus telnet
should go to /etc/hosts. If it were my system I would run telnet with
strace to see how exactly this program looks up the host name. Running
ping with strace might be usefull for comparison.

Villy

I wrote:
>> (For now, I'm skipping
>> your comment about ping and telnet returning different results.)

Graeme Hinchliffe <graeme.hinchliffe@zeninternet.co.uk> wrote:
> Thats the key point tho thats flummoxed me :/ They should be using a
> standard resolver library and hence getting the same results.. well thats
> what I thought anyway.

Me too.


> The host name is resolvable via our internal DNS servers, but nsswitch is
> set to files then network as is standard.

That's fine.


>> What about lwresd? (Not sure if that's relevant, though.)
> No, that isn't running either. What is it BTW? not seen that before.

Lightweight resolver daemon. Think it's part of the bind9 server, which
might be why I've got it installed but you haven't.


> The actual DNS entries have not been changed, purely the local hosts file.
> This is why I am so confused.

Sorry, I'm out of ideas.
Chris