HPE Community
Operating System - HP-UX
1836412 Members
2807 Online
110100 Solutions
New Discussion

telnet built-in resolver logic ?

 
SOLVED
Go to solution
HPUX fresh
Occasional Visitor

‎07-29-2009 04:39 AM

‎07-29-2009 04:39 AM

telnet built-in resolver logic ?

Hi,
i'm running an HPUX 11.23 and i'm experiencing a strange behaviour with telnet command.
It seems telnet have an "built-in" resolver logic that ignores completely what nsswitch.conf says.
I have this situation:
/etc/host:
10.30.229.243 some.host.com

/etc/nsswitch.conf
hosts: files dns

The default DNS (not the host itself) resolve some.host.com with a different ip address (10.30.27.13)
[i need this kind of resolution for other servers]

ping, nslookup works well, using nsswitch.conf directives:
ping some.host.com
PING some.host.com: 64 byte packets
64 bytes from 10.30.229.243: icmp_seq=0. time=0. ms
64 bytes from 10.30.229.243: icmp_seq=1. time=0. ms
----some.host.com PING Statistics----
2 packets transmitted, 2 packets received, 0% packet loss
round-trip (ms) min/avg/max = 0/0/0
------------------------------------

Well, if i try to telnet some.host.com, it try to contact some.host.com through the ip 10.30.27.13 and not using the correct 10.30.229.243.

Using tusc telnet some.host.com i've noticed that, despite nsswitch.conf says, telnet check first DNS, THEN /etc/hosts.
open("/etc/nsswitch.conf", O_RDONLY, 0666) ............... = 3
open("/etc/resolv.conf", O_RDONLY, 0666) ................. = 3
open("/etc/hosts", O_RDONLY, 0666) ....................... = 3

-----------------------------------------------

How can i change this behaviour ? How can i force telnet to read *FIRST* /etc/hosts ?

The permission on /etc/hosts /etc/resolv.conf /etc/nsswitch.conf is 644

Thanks and sorry for my bad english





0 Kudos
10 REPLIES 10
Steven E. Protter
Exalted Contributor

‎07-29-2009 04:54 AM

‎07-29-2009 04:54 AM

Re: telnet built-in resolver logic ?

Shalom,

nsswitch.conf needs a little logic that will tell it how long to wait for an answer in /etc/hosts.

http://docs.hp.com/en/5992-0715/ch06s02.html

Take a look at /etc/nsswitch.*

For a good example on your system.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Mel Burslan
Honored Contributor

‎07-29-2009 05:00 AM

‎07-29-2009 05:00 AM

Re: telnet built-in resolver logic ?

I am on the same boat as yourself, as I Need to reach some hosts' management interfaces instead of the public IP addresses oublished thru DNS and I use the /etc/hosts file and it is working perfectly fine for me with this line in the nsswitch.conf:

hosts: files [NOTFOUND=continue TRYAGAIN=continue UNAVAIL=continue] dns

your line having no control directives, might be skipping "files" option too quickly. I don't think this should happen but while you are looking for the answer, why don't you try my version and see if it helps.

Good luck
________________________________
UNIX because I majored in cryptology...
0 Kudos
Ganesan R
Honored Contributor

‎07-29-2009 05:12 AM

‎07-29-2009 05:12 AM

Re: telnet built-in resolver logic ?

Hi,

If ping/nslookup is following the order in nsswitch.conf, then telnet also should follow the same order. Because name resolution mechanism is same for both.

As Mell suggested, check the syntax error if any on /etc/nsswitch.conf or change the syntax and try.
Best wishes,

Ganesh.
0 Kudos
HPUX fresh
Occasional Visitor

‎07-29-2009 05:14 AM

‎07-29-2009 05:14 AM

Re: telnet built-in resolver logic ?

Thanks Mel and Steven for the quick answer.
I've tried the Mel solution:

hosts: files [NOTFOUND=continue TRYAGAIN=continue UNAVAIL=continue] dns

Sadly with no success.

I've tried also to remove the static route from the host to the target server, and see what "tusc-ing" the telnet give:

open("/etc/nsswitch.conf", O_RDONLY, 0666) ............... = 3
brk(0x40017000) .......................................... = 0
ioctl(3, TCGETA, 0x7fffef50) ............................. ERR#25 ENOTTY
read(3, "h o s t s : f i l e s [ N O ".., 8192) ...... = 72
brk(0x40018000) .......................................... = 0
read(3, 0x400147d8, 8192) ................................ = 0
close(3) ................................................. = 0
open("/etc/resolv.conf", O_RDONLY, 0666) ................. = 3

---END--
Obviously telnet sleeps at "Trying..." messages.

As you can see telnet *checks* nsswitch.conf but still want to check DNS resolution, which give a correct answer and telnet proceed to establishing the connection.

I've found something similar in this thread:
http://forums11.itrc.hp.com/service/forums/questionanswer.do?threadId=1311413
where Bob Vance says:
---------------------------------------------
****
1) /etc/nsswitch.conf
****
the new SSH, REMSH, and TELNET do not use the same resolver logic that nslookup and ping use.
Specifically, they ignore /etc/nsswitch.conf.

REGARDLESS of what nsswitch.conf contains,
their built-in resolver does:

. try DNS first
if /etc/resolv.conf does not exist or does not have nameserver entries,
it will try 127.0.0.1 -- 4 times !!

. then files


ping and nslookup *DO* honor nsswitch
---------------------------------------------

If i change the permission of resolv.conf to 640 and use telnet with a "non-root" user, telnet still check DNS (without success) and then read /etc/hosts.
This isn't a solution cause removing the read permission for everyone may cause troubles to other applications.
0 Kudos
Matti_Kurkela
Honored Contributor

‎07-29-2009 05:16 AM

‎07-29-2009 05:16 AM

Re: telnet built-in resolver logic ?

Please run "nsquery hosts some.host.com". What does it report?

Your tusc listing only indicates the order in which telnet _opens_ the files. If you run tusc with ping and nslookup, you'll probably find they open the files in exactly the same order... as most programs use the standard startup code from /usr/lib/libc.2, they effectively run the exact same code at that point.

You should be looking at the order of fscanf()/fgets() etc. system calls, not open()s. Even that is not necessarily conclusive: the library code may simply read the entire files into memory, and then use the versions in memory to perform lookups.

MK
MK
0 Kudos
Steven E. Protter
Exalted Contributor

‎07-29-2009 05:24 AM

‎07-29-2009 05:24 AM

Re: telnet built-in resolver logic ?

Shalom,

The way DNS is supposed to work is all requests of name to number translation goes though the nsswitch configuration.

Is it possible to compile an application like telnet to bypass this infrastructure? I suppose so but have no idea how I'd go about it.

Is telnet standard or the OS?

whence telnet
what telnet (with the path you get from whence).

Might want to look at /etc/inetd.conf for something unusual.

This is a bit of a mystery.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Matti_Kurkela
Honored Contributor

‎07-29-2009 05:26 AM

‎07-29-2009 05:26 AM

Solution

Re: telnet built-in resolver logic ?

Ahh, I think I see now (after reading Bob Vance's thread).

In 11.23, telnet is IPv6-capable... so it will use IPv6-aware versions of name resolution functions, which are configured using the "ipnodes" line in /etc/nsswitch.conf, not the traditional "hosts" line. This is true even for IPv4 addresses, as the IPv6-aware versions can transparently fall back to IPv4.

If the "ipnodes" line is not configured, the default policy for it is "dns [NOTFOUND=return] files"... DNS first!

So, add "ipnodes: files dns" in your /etc/nsswitch.conf and if it helps.

MK
MK
0 Kudos
HPUX fresh
Occasional Visitor

‎07-29-2009 05:46 AM

‎07-29-2009 05:46 AM

Re: telnet built-in resolver logic ?

10 point to Matti :)
Modifying nsswitch.conf accordnly with IPv6 specifications, telnet "magically" starts to work with the address specified in the /etc/hosts file !
Here my nsswitch.conf

hosts: files [NOTFOUND=continue TRYAGAIN=continue UNAVAIL=continue] dns
ipnodes: files [NOTFOUND=continue TRYAGAIN=continue UNAVAIL=continue] dns


Thanks very much to all, i've learned something new today !
0 Kudos
HPUX fresh
Occasional Visitor

‎07-29-2009 05:48 AM

‎07-29-2009 05:48 AM

Re: telnet built-in resolver logic ?

10 point to Matti :)
Modifying nsswitch.conf accordnly with IPv6 specifications, telnet "magically" starts to work with the address specified in the /etc/hosts file !
Here my nsswitch.conf

hosts: files [NOTFOUND=continue TRYAGAIN=continue UNAVAIL=continue] dns
ipnodes: files [NOTFOUND=continue TRYAGAIN=continue UNAVAIL=continue] dns


Thanks very much to all, i've learned something new today !
0 Kudos
Mel Burslan
Honored Contributor

‎07-29-2009 06:38 AM

‎07-29-2009 06:38 AM

Re: telnet built-in resolver logic ?

hats off to you Matti. Never knew this feature of telnet. IPv6 will be a steep learning curve when it stops being avoidable. Thank you for the information. Marking this thread to my forums favorites for future reference.
________________________________
UNIX because I majored in cryptology...
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.