Apache startup resolve problem

Hi,

I'm testing a DNS setup that mainly is used in connection with a
virtualhost'ed Apache 1.3.33 server. As this is part of a bind learning
process for me, it might be that my problem is more suited for a bind
group... but anyway:

The problem is that the Apache server can't resolve any of my name
based virtualhosts during startup. The strange thing is that doing DNS
lookup manually with dig, nslookup or whatever is no problem at all.
Both normal and reverse lookup produces correct results.

The first nameserver statement in /etc/resolv.conf points to the test
nameserver. I assume Apache's resolve method uses this information.

Putting the virtualhost domains in the hosts file produces no errors,
so it's safe to assume that this is a network DNS issue.

My bind setup is using wildcard as follows:
@ IN A 192.168.1.1
* IN CNAME @

The zone is "testdomain.com" and the virtualhost domains are mostly
subdomain of "testdomain.com".

I know CNAME wildcards is somewhat dubious, but this isn't an issue
that would cause the Apache resolve problem. A setup without wildcard
produce the same error.
The DNS and Apache servers are on separate hosts at 192.168.1.0/24.

Does anyone have an idea about the cause of this Apache resolve
problem?

My system(s):
Debian 3.1 Sarge (Apache 1.3.33, Bind 9.2.4)

-
Svein Arild Bergset

"Bergset" <sabergset@gmail.com> writes:
>The problem is that the Apache server can't resolve any of my name
>based virtualhosts during startup. The strange thing is that doing DNS
>lookup manually with dig, nslookup or whatever is no problem at all.
>Both normal and reverse lookup produces correct results.

>The first nameserver statement in /etc/resolv.conf points to the test
>nameserver. I assume Apache's resolve method uses this information.

First have a look at the file /etc/nsswitch.conf, this tells you the
order of the resources used to resolve a hostname. My, and most,
nsswitch.conf contain:
hosts: files dns
This tells first any normal program (which uses a library to resolve
hostnames) will try to resolve using the contents of /etc/hosts, if
this fails, /etc/resolv.conf is used to locate dns nameservers.

The programs "host" and "dig" look only at /etc/resolv.conf.

It is best not to put things in /etc/hosts, unless you absolutely need
to (to overcome network outages).

I thing Apache will not warn if it can't resolve a hostname set in the
ServerName of a VirtualHost section. But it needs to resolve it at
startup time, otherwise the section will be ignored during runtime (without
you finding out why). For ServerAlias though, it will never try to resolve
the names (hehehe, I'm making use of that in my project which has a
nameserver inside of Apache, answering queries to ITself).

>Putting the virtualhost domains in the hosts file produces no errors,
>so it's safe to assume that this is a network DNS issue.

>My bind setup is using wildcard as follows:
>@ IN A 192.168.1.1
>* IN CNAME @

>The zone is "testdomain.com" and the virtualhost domains are mostly
>subdomain of "testdomain.com".

>I know CNAME wildcards is somewhat dubious, but this isn't an issue
>that would cause the Apache resolve problem. A setup without wildcard
>produce the same error.
>The DNS and Apache servers are on separate hosts at 192.168.1.0/24.

>Does anyone have an idea about the cause of this Apache resolve
>problem?

I don't understand your complete setup, you might want post a more
complete bind configuration file and the VirtualHost snippet of the
Apache server you have a problem with (or mail them to me).
If you do a "host name.testdomain.com" on the server running the Apache,
having cleared its /etc/hosts, does it resolve to an IP number?
If so Apache should run, and we need a little more info on the config
files.

\Berry
www.globule.org.

Halderen v AW wrote:

> I don't understand your complete setup, you might want post a more
> complete bind configuration file and the VirtualHost snippet of the
> Apache server you have a problem with (or mail them to me).
> If you do a "host name.testdomain.com" on the server running the Apache,
> having cleared its /etc/hosts, does it resolve to an IP number?
> If so Apache should run, and we need a little more info on the config
> files.

The bind setup on 192.168.1.3 (my DNS testing host):

"/etc/bind/named.conf" contains (in addition to general standard zones
and stuff):

zone "testdomain.com" in {
type master;
file "db.testdomain.com";
};
zone "1.168.192.in-addr.arpa" in {
type master;
file "db.1.168.192";
};

"db.testdomain.com" contains:

$TTL 3h
@ IN SOA dns.testdomain.com. my.email.com. (
2005100102 ; Serial
3h ; Refresh after 3 hours
1h ; Retry after 1 hour
1w ; Expire after 1 week
1h ) ; Negative caching TTL of 1 hour
; Nameservers
IN NS dns.testdomain.com.
; Host addresses
IN A 192.168.1.1
dns IN A 192.168.1.3
; Aliases
* IN CNAME @

"db.1.168.192" contains:

$TTL 3h
@ IN SOA dns.testdomain.com. my.email.com.(
2005100101 ; Serial
3h ; Refresh after 3 hours
1h ; Retry after 1 hour
1w ; Expire after 1 week
1h ) ; Negative caching TTL of 1 hour
; Name servers
IN NS dns.testdomain.com.
; Address PTR
1 IN PTR testdomain.com.
3 IN PTR dns.testdomain.com.

My Apache config at 192.168.1.1:

"/etc/apache/httpd.conf" contains:

NameVirtualHost 192.168.1.1
<VirtualHost test.testdomain.com>
ServerAdmin my@email.com
DocumentRoot /var/wwwdata/test.testdomain.com
ServerName test.testdomain.com
ErrorLog /var/log/apache/host.test.testdomain.com-error.log
TransferLog /var/log/apache/host.test.testdomain.com-access.log
</VirtualHost>
<VirtualHost anothertest.testdomain.com>
ServerAdmin my@email.com
DocumentRoot /var/wwwdata/anothertest.testdomain.com
ServerName anothertest.testdomain.com
ErrorLog /var/log/apache/host.anothertest.testdomain.com-error.log
TransferLog
/var/log/apache/host.anothertest.testdomain.com-access.log
</VirtualHost>
....

Other config files on 192.168.1.1:

"/etc/resolv.conf" contains:
search testdomain.com
nameserver 192.168.1.3
nameserver xxx.xxx.xxx.xxx (my ISP's DNS servers)
nameserver yyy.yyy.yyy.yyy

"/etc/nsswitch.conf" contains:
hosts: files dns

"/etc/hosts" contains (only non-IPv6 content):
127.0.0.1 testserver localhost

Doing "host test.testdomain.com" with this setup returns the correct IP
number (192.168.1.1). Doing "host 192.168.1.1" returns "testdomain.com"
which is what i expected.
Restarting Apache results in "Cannot resolve host name
test.testdomain.com -- Ignoring!" errors in my syslog for all my
VirtualHosts.

Is there other tools that use the exact same resolving as Apache that I
can use to get more debugging information?
Let me know if you see anything in my setup that may cause the errors.
I appreciate your help!

--
Svein Arild Bergset

"Bergset" <sabergset@gmail.com> wrote in news:1128431351.134889.74430
@g49g2000cwa.googlegroups.com:


> NameVirtualHost 192.168.1.1
> <VirtualHost test.testdomain.com>

This is your problem. It should be:

<VirtualHost 192.168.1.1>

Otherwise, it will fail if DNS is unavailable.

> ServerAdmin my@email.com
> DocumentRoot /var/wwwdata/test.testdomain.com
> ServerName test.testdomain.com

This tells apache the name of the host so it can tell which VirtualHost to
deliver according to the Host: header sent by the client. It has nothing to
do with DNS, and doesn't even need to be resolvable (of course, you will
want it to be in DNS so people can find it from the Internet).

> ErrorLog /var/log/apache/host.test.testdomain.com-error.log
> TransferLog /var/log/apache/host.test.testdomain.com-access.log
> </VirtualHost>
> <VirtualHost anothertest.testdomain.com>

Same here.

> ServerAdmin my@email.com
> DocumentRoot /var/wwwdata/anothertest.testdomain.com
> ServerName anothertest.testdomain.com
> ErrorLog /var/log/apache/host.anothertest.testdomain.com-error.log
> TransferLog
> /var/log/apache/host.anothertest.testdomain.com-access.log
> </VirtualHost>

Few people have reason to configure the VirtualHost directive with a
hostname instead of an IP address. Those that do put themselves at the
mercy of DNS. If you use an IP address, your site will be more robust in a
number of DNS failure scenarios, including the one you outlined.

Jorey Bump wrote:
> "Bergset" <sabergset@gmail.com> wrote in news:1128431351.134889.74430
> @g49g2000cwa.googlegroups.com:
>
>
> > NameVirtualHost 192.168.1.1
> > <VirtualHost test.testdomain.com>
>
> This is your problem. It should be:
>
> <VirtualHost 192.168.1.1>
>
> Otherwise, it will fail if DNS is unavailable.

I am aware of this, but the problem is that I have DNS that is
available and working for every service except Apache. This means that
there is still an error somewhere in my setup, either on my Apache host
or my bind host. I would like to find the problem and correct it before
I setup my production server.

Thanks for pointing this out though. I will change my configs to
<VirtualHost 192.168.1.1> or <VirtualHost *> (which suppose is much
easier to maintain) in my eventual production setup.

--
Svein Arild Bergset

"Bergset" <sabergset@gmail.com> writes:
>Thanks for pointing this out though. I will change my configs to
><VirtualHost 192.168.1.1> or <VirtualHost *> (which suppose is much
>easier to maintain) in my eventual production setup.

Note also that
<VirtualHost 192.168.1.1>
Is something quite different from
<VirtualHost *>

The latter is used in case of named virtual hosting (you need to add a
NameVirtualHost directive too otherwise again, silently ignored by Apache).
The first one is used to bind your service to a specific IP address.

It is documented in Apache how they differ.

\Berry

"Bergset" <sabergset@gmail.com> wrote in news:1128431351.134889.74430
@g49g2000cwa.googlegroups.com:


> Other config files on 192.168.1.1:
>
> "/etc/resolv.conf" contains:
> search testdomain.com
> nameserver 192.168.1.3
> nameserver xxx.xxx.xxx.xxx (my ISP's DNS servers)
> nameserver yyy.yyy.yyy.yyy
>
> "/etc/nsswitch.conf" contains:
> hosts: files dns
>
> "/etc/hosts" contains (only non-IPv6 content):
> 127.0.0.1 testserver localhost
>
> Doing "host test.testdomain.com" with this setup returns the correct IP
> number (192.168.1.1). Doing "host 192.168.1.1" returns "testdomain.com"
> which is what i expected.
> Restarting Apache results in "Cannot resolve host name
> test.testdomain.com -- Ignoring!" errors in my syslog for all my
> VirtualHosts.

Just a guess, but is it possible that you are running apache in a chroot
environment and it chokes when attempting to read /etc/hosts?

Jorey Bump wrote:
> "Bergset" <sabergset@gmail.com> wrote in news:1128431351.134889.74430
> @g49g2000cwa.googlegroups.com:
>
>
> > Other config files on 192.168.1.1:
> >
> > "/etc/resolv.conf" contains:
> > search testdomain.com
> > nameserver 192.168.1.3
> > nameserver xxx.xxx.xxx.xxx (my ISP's DNS servers)
> > nameserver yyy.yyy.yyy.yyy
> >
> > "/etc/nsswitch.conf" contains:
> > hosts: files dns
> >
> > "/etc/hosts" contains (only non-IPv6 content):
> > 127.0.0.1 testserver localhost
> >
> > Doing "host test.testdomain.com" with this setup returns the correct IP
> > number (192.168.1.1). Doing "host 192.168.1.1" returns "testdomain.com"
> > which is what i expected.
> > Restarting Apache results in "Cannot resolve host name
> > test.testdomain.com -- Ignoring!" errors in my syslog for all my
> > VirtualHosts.
>
> Just a guess, but is it possible that you are running apache in a chroot
> environment and it chokes when attempting to read /etc/hosts?

No, it is a vanilla Debian 3.1 installation. Apache resolves correct
when I put my virtualhosts in /etc/hosts so theres no problem there.

--
Svein Arild Bergset

"Bergset" <sabergset@gmail.com> wrote in
news:1128548286.820516.324280@g43g2000cwa.googlegr oups.com:

>> > Other config files on 192.168.1.1:
>> >
>> > "/etc/resolv.conf" contains:
>> > search testdomain.com
>> > nameserver 192.168.1.3
>> > nameserver xxx.xxx.xxx.xxx (my ISP's DNS servers)
>> > nameserver yyy.yyy.yyy.yyy

> No, it is a vanilla Debian 3.1 installation. Apache resolves correct
> when I put my virtualhosts in /etc/hosts so theres no problem there.

If you're relying on a test DNS server, it should be your only entry in
/etc/resolv.conf:

nameserver 192.168.1.3

Otherwise, you won't know when the system is falling back to your ISP's
nameserver when your test server fails. Just a thought.

On Wed, 05 Oct 2005 17:13:46 +0000, Jorey Bump sent:

> Just a guess, but is it possible that you are running apache in a chroot
> environment and it chokes when attempting to read /etc/hosts?

Apache doesn't read the hosts file, the TCP/IP stack does. Apache has the
system resolve addresses for it. There are some occasions when such
things ignore the hosts file and always use DNS look ups. If you're
running test servers, then it's really in your best interests to run a
local DNS server.

--
If you insist on e-mailing me, use the reply-to address (it's real but
temporary). But please reply to the group, like you're supposed to.

This message was sent without a virus, please destroy some files yourself.