System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

stange situation, when configure as DNS Client (11.31)

SOLVED
Go to solution
Muhammad Ahmad
Frequent Advisor

stange situation, when configure as DNS Client (11.31)

hi,

i am facing a strange situation, please check given below facts about the current machine state:

O/S: 11.31 HPUX Itanium DCOE

1. password-less ssh was working fine.
2. passsword-less rlogin was working fine.
3. update the /etc/resolve.conf & /etc/nsswitch.conf files (output given below).
4. nslookup is working fine on this DNS client.

but

ssh and rlogin got almost hanged state.
WHY?

if i rename the /etc/resolve.conf as /etc/resolve.conf.org and the /etc/nsswitch.conf as /etc/nsswitch.conf.org.

ssh and rlogin starts working fine.

what is really happening?
what else to do for issue resolution?

resolve.conf
--------------
search xyz.net
nameserver xx.xx.xx.xx
nameserver xx.xx.xx.xx

nsswitch.conf
--------------
hosts: files [NOTFOUND=continue] dns

please note the nslookup is working fine with above both files but ssh and rlogin got hanged.

Thanking you in anticipation.
An response will be highly oblidged.

Regards,
7 REPLIES
Kevin Wright
Honored Contributor

Re: stange situation, when configure as DNS Client (11.31)

Check reverse dns.
Steven Schweda
Honored Contributor
Solution

Re: stange situation, when configure as DNS Client (11.31)

As usual, showing actual commands with their
actual output can be more helpful than vague
descriptions and interpretations.

> ssh and rlogin [...]

Coming into this system or going out?

> [...] almost hanged [...]

Almost? Does this mean slow (like, say, a
30-second delay)?

> what is really happening?

You can see that better than I.

> please note the nslookup is working fine
> [...]

Working fine, doing what? Try this on the
SSH server system:

nslookup client_IP_address

A Forum search for keywords like, say,
ssh slow
should find many old threads which describe
the usual DNS problem (namely, the server
system tries to get the name of the client,
and the (reverse) look-up of the client's
IP address fails).


> nameserver xx.xx.xx.xx
> nameserver xx.xx.xx.xx

Which name servers were you using before you
changed to "xx.xx.xx.xx" and "xx.xx.xx.xx"?

> nsswitch.conf

And what was in that before?
Muhammad Ahmad
Frequent Advisor

Re: stange situation, when configure as DNS Client (11.31)

when there's no /etc/resolve.conf and /etc/nsswitch.conf files exist; means name resolution is doing through /etc/hosts.

then :
command: ssh
result: login quickly (with in 1 second)

command: rlogin
result: login quickly (with in 1 second)

ok; very fine, at this point there's no issue.

Now we require a domain name to be resolved through DNS not by /etc/hosts.

to do this, we configure /etc/resolve.conf and /etc/nsswitch.conf; name resolution through DNS worked fine for us but previously running ssh and rlogin got hanged and did'nt prompt for a password.

it's a 4 nodes cluser; and we are using ssh or rlogin from one of the cluster nodes to remote access the other cluster nodes.

Regards,
Steven Schweda
Honored Contributor

Re: stange situation, when configure as DNS Client (11.31)

> [...] name resolution through DNS worked
> fine for us [...]

I'll try again. Worked fine, doing what?
Try this on the SSH server system:

nslookup client_IP_address

The usual problem is not "name resolution",
it's _address_ resolution.


> As usual, showing actual commands with their
> actual output can be more helpful than vague
> descriptions and interpretations.

Still true.
Bill Hassell
Honored Contributor

Re: stange situation, when configure as DNS Client (11.31)

Use nsquery to show the detailed steps for name resolution:

nsquery hosts hostname
nsquery hosts 12.34.56.78

For delays as you describe, start by using IP addresses rather than names. If that is OK, then the issue indeed in name resolution. Always lookup the hostname and the IP address (reverse lookup). On the servers that are slow, login and use nsquery to lookup the incoming host (such as your PC).

Note also that the filename for the DNS server list is resolv.conf, not resolve.conf. nsquery will tell you like this:

Searching dns for hp.com
This Name Service is currently unavailable


Bill Hassell, sysadmin
Steven Schweda
Honored Contributor

Re: stange situation, when configure as DNS Client (11.31)

> [...] start by using IP addresses rather
> than names. [...]

Specifying the server's IP address at the
client end may not help much if the problem
is at the server end. (Especially if the
problem at the server end involves looking up
the client's address.)
Aneesh Mohan
Honored Contributor

Re: stange situation, when configure as DNS Client (11.31)

Hi Ahmad,

>>>if i rename the /etc/resolve.conf as /etc/resolve.conf.org.

The correct file name should be /etc/resolv.conf.


Regards,
AM