HPE Community
Operating System - HP-UX
1828967 Members
2140 Online
109986 Solutions
New Discussion

Possible to log all name lookups?

 
Trever Furnish
Regular Advisor

‎12-11-2002 11:53 AM

‎12-11-2002 11:53 AM

Possible to log all name lookups?

Other than running a local DNS server with /etc/hosts imported and logging all name resolutions on the server, is there a way to log all of the name resolutions on a system?

Specificly, I have a system with around 300 names in /etc/hosts that I suspect aren't needed at all, and I'd like to log name->address lookups for a week to be sure.

I am certain I can do this by loading the /etc/hosts entries into a bind cache running only on that particular server and logging all of the name lookups (after removing the entries from /etc/hosts), but is there a simpler way?

We're finally getting around to switching the last of our hosts from using only /etc/hosts over to using DNS and one of the systems has a lot of entries in /etc/hosts that aren't reflected in DNS, probably because they're obsolete.
Hockey PUX?
0 Kudos
Reply
4 REPLIES 4
Shannon Petry
Honored Contributor

‎12-11-2002 12:05 PM

‎12-11-2002 12:05 PM

Re: Possible to log all name lookups?

Nope, cant be done. You could wrapper nslookup, but not the library for the system calls.

Suggestion would be to copy /etc/hosts to /etc/hosts.last and remove all your entries. When users say that they cant access something, put the entry into DNS or back into hosts.
Microsoft. When do you want a virus today?
0 Kudos
Reply
harry d brown jr
Honored Contributor

‎12-11-2002 12:07 PM

‎12-11-2002 12:07 PM

Re: Possible to log all name lookups?

Just verify that what's in your hosts file is in DNS and setup /etc/nsswitch.conf and /etc/resolv.conf and remove the entries other than the localhost (127.0.0.1) and the host itself!

live free or die
harru
Live Free or Die
0 Kudos
Reply
Trever Furnish
Regular Advisor

‎12-11-2002 12:20 PM

‎12-11-2002 12:20 PM

Re: Possible to log all name lookups?

Well, I suppose having a couple of people absolutely certain it can't be done is better than wondering. :-) Thanks for the responses.

I'm fairly certain you're wrong - anything's possible given time and resources and motivation, but all of those are lacking in me today. :-)

Solely for discussion purposes though I'll mention that it would be nice functionality to have. Also I'd think that you could do this with something like truss/tusc/trace by logging all the system calls you were interested in.
Hockey PUX?
0 Kudos
Reply
Shannon Petry
Honored Contributor

‎12-11-2002 12:32 PM

‎12-11-2002 12:32 PM

Re: Possible to log all name lookups?

In many cases your correct, and quite honestly, this is one of the few things I would ever tell someone they can not do something.

Most routines require a single binary, thus at a minimum you can make wrappers for the binaries and do many nice things.

In the case name resolution, there are many different libraries containing several calls each to handle name translation. This is in addition to the external applications such as dig and nslookup.

I seriously doubt that HP would give you their code, but you could try to get it. Then you would have to hack their code and add your own logging functions. This would have to be repeated for every library with routines for name resolving.

If you can do the above, then Harry and I are wrong. Feel free to try, and let me know the outcome. Im sure Harry and I would both like to know.
Microsoft. When do you want a virus today?
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.