- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: Slow host name resolution - nsswitch and DNS
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-28-2010 05:25 AM
тАО05-28-2010 05:25 AM
Name-service switch is set to use FILES first, then DNS.
As a test, a simple IPF rule that blocks outgoing port 53 simulates DNS failure.
When DNS is available (firewall is off), nslookup is quick and checks FILES first as expected.
When DNS is blocked (firewall is on), nslookup waits for a DNS timeout before checking FILES.
My aim for putting FILES first is to avoid DNS timeouts but it doesn't seem to be working as expected.
Any advice on how to make it behave?
thanks,
Chris
-----
Following is the relevant info...
$ cat /etc/hosts
127.0.0.1 localhost loopback qqqq
10.44.88.93 hpuxt02
10.44.90.1 dns01
$ cat /etc/resolv.conf
nameserver 10.44.90.1
$ cat /etc/nsswitch.conf
hosts: files dns
ipnodes: files dns
$ cat /etc/opt/ipf/ipf.conf
block out from any to any port = 53
$ time nslookup qqqq ### Firewall is off.
Using /etc/hosts on: hpuxt02
looking up FILES
Name: localhost
Address: 127.0.0.1
Aliases: loopback, qqqq
real 0m0.031s
user 0m0.020s
sys 0m0.020s
$ time nslookup qqqq #### Firewall is on.
*** Can't find server name for address 10.44.90.1: Timed out
*** Default servers are not available
Using /etc/hosts on: hpuxt02
looking up FILES
Name: localhost
Address: 127.0.0.1
Aliases: loopback, qqqq
real 1m15.016s
user 0m0.010s
sys 0m0.010s
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-28-2010 05:31 AM
тАО05-28-2010 05:31 AM
Re: Slow host name resolution - nsswitch and DNS
hosts: files[NOTFOUND=continue UNAVAIL=continue] dns [NOTFOUND=continue UNAVAIL=continue TRYAGAIN=return] nis
I'm not sure it would make any difference for you but it won't hurt to try it.
Pete
Pete
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-28-2010 07:10 AM
тАО05-28-2010 07:10 AM
Re: Slow host name resolution - nsswitch and DNS
[SUCCESS=return NOTFOUND=continue UNAVAIL=continue TRYAGAIN=continue]
I tried adding them to nsswitch but as suspected it hasn't made any difference.
It's frustrating that 'nslookup' insists on waiting for a DNS timeout before checking the FILES entry which it should have done first off.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-28-2010 07:37 AM
тАО05-28-2010 07:37 AM
Re: Slow host name resolution - nsswitch and DNS
Grasping at straws because I have no clue:
1) I have no hosts entry for my dns server (dns01)
2) It appears that you have no "domain" declaration in your resolv.conf
3) The nslookup that takes so long is looking for the dns server's alias - have you tried looking for another server that exists in the hosts file?
Pete
Pete
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-28-2010 11:16 AM
тАО05-28-2010 11:16 AM
Re: Slow host name resolution - nsswitch and DNS
>> *** Can't find server name for address 10.44.90.1: Timed out
Fix this first. The resolver is trying to validate that the DNS server is correct. It's not much of a validation but it is there.
>> 1m15.016s
This approximately 2*30 seconds where 30 seconds is the timeout waiting for a dead DNS server. Do you have 2 DNS lines in /etc/resolv.conf?
Try using nsquery rather than nslookup. It tends to provide better details than nslookup:
# nsquery hosts hp.com
Using "files [NOTFOUND=continue UNAVAIL=continue] dns" for the hosts policy.
Searching /etc/hosts for hp.com
hp.com was NOTFOUND
Switch configuration: Allows fallback
Searching dns for hp.com
Hostname: hp.com
Aliases:
Address: 15.192.45.21 15.192.45.22 15.192.45.138 15.192.45.139 15.200.2.21 15.200.30.21 15.200.30.22 15.200.30.23 15.200.30.24 15.216.110.21 15.216.110.22 15.216.110.139 15.216.110.140
Switch configuration: Terminates Search
You can also test each DNS server individually with nslookup:
nslookup qqqqq 10.44.90.1
Bill Hassell, sysadmin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-28-2010 04:48 PM
тАО05-28-2010 04:48 PM
Re: Slow host name resolution - nsswitch and DNS
The suggestions to use another tool are goodness.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-29-2010 02:59 AM
тАО05-29-2010 02:59 AM
Re: Slow host name resolution - nsswitch and DNS
try:
1-#time ping qqqq###Firewall is off
2-#time ping qqqq###Firewall is on
and if you have the same time then the problem is with the behavior of the "nslookup" tool .
also try to clear or remove the "resolv.conf" file.
in order to simulate the stub resolver there is a tool that i have been using with linux ,that is "gethostip" -not sure if available for hp-ux!- also thereis the gethostip tool.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-29-2010 03:38 PM
тАО05-29-2010 03:38 PM
SolutionPlease try one of the following:
a) Set environment variables RES_RETRY and
RES_RETRANS. Type the following export
commands at the HP-UX prompt:
# export RES_RETRY=1
# export RES_RETRANS=250
This sets the retransmission value to 1 and
the time between each retransmission to 250
milliseconds.
Do not specify a value less than 200
milliseconds for the RES_RETRANS environment
variable.
You can set the timeout values with the
environment variables RES_RETRY and
RES_RETRANS for individual clients only.
b) Specify the retransmission time and the
time between each retransmission by using
the options retrans and retry in the
/etc/resolv.conf configuration file.
retry 1
retrans 400
This sets the retransmission value to 1 and
the time between each retransmission to 400
milliseconds.
Cheers,
VK2COT
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-14-2010 02:21 AM
тАО06-14-2010 02:21 AM
Re: Slow host name resolution - nsswitch and DNS
I also see delays when logging in (SSH), probably due to reverse lookups of the client.
Thankfully, 'nsquery' and Oracle programs behave themselves and follow nsswitch.conf properly.
I'll use FILES for those programs that do the right thing and use 'retry' & 'retrans' to limit the delay for things that still insist on checking DNS.
Thanks all.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-14-2010 02:30 AM
тАО06-14-2010 02:30 AM