HPE Community
Operating System - Linux
1828344 Members
3071 Online
109976 Solutions
New Discussion

Problem with DNS lookup

 
SOLVED
Go to solution
Andrew Kaplan
Super Advisor

‎03-31-2008 06:03 AM

‎03-31-2008 06:03 AM

Problem with DNS lookup


Hi there --

I have one of our servers set up to reference two nameservers and two search domains via the /etc/resolv.conf file. Here is a filtered version of the file:


nameserver
nameserver
search
# generated by NetworkManager, do not edit!


I am trying to do lookups, via the nslookup and host commands, of remote servers, but I am getting errors which indicate that when the search is done, the above search domains are concatenated to hostname being searched. Here is an example:


host database.clamav.net
Host database.clamav.net. not found: 3(NXDOMAIN)


If I remove either of the domains from the search line, the output has the other domain attached to the output. If I remove the entire search line, I get a REFUSED error message.

The server in question is outside our company's firewall, and it is using iptables as its security. There is an exception that allows DNS to go outbound from the server. Here is the syntax:


$IPTABLES -A OUTPUT -p tcp --dport 53 -m state --state NEW -j ACCEPT
$IPTABLES -A OUTPUT -p udp --dport 53 -m state --state NEW -j ACCEPT


What is causing this to occur, and how can I correct it? Thanks.
A Journey In The Quest Of Knowledge
0 Kudos
Reply
5 REPLIES 5
Ivan Ferreira
Honored Contributor

‎03-31-2008 06:32 AM

‎03-31-2008 06:32 AM

Solution

Re: Problem with DNS lookup

Please use dig instead of nslookup and post the command used and the output.

For example:

dig hostname.domain.com

You can force the use of a DNS server with:

dig @ip_of_dns_server hostname.domain.com

Example:

dig @192.168.0.1 test.domain.com
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
Reply
Andrew Kaplan
Super Advisor

‎03-31-2008 07:34 AM

‎03-31-2008 07:34 AM

Re: Problem with DNS lookup

Hi there --

Thanks for your reply. Per your request here are the results of the dig command:

# dig database.clamav.net

; <<>> DiG 9.4.0 <<>> database.clamav.net
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 10651
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;database.clamav.net. IN A

;; Query time: 2 msec
;; SERVER: #53(DNS server)
;; WHEN: Mon Mar 31 11:13:14 2008
;; MSG SIZE rcvd: 37
A Journey In The Quest Of Knowledge
0 Kudos
Reply
Ivan Ferreira
Honored Contributor

‎03-31-2008 08:18 AM

‎03-31-2008 08:18 AM

Re: Problem with DNS lookup

There is a configuration problem with your DNS server, as you can see:

;; WARNING: recursion requested but not available

Your DNS server does not allows recursion. Check your DNS configuration file /etc/named.conf for the:

recursion
allow-recursion

Configuration parameters.
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
Reply
Andrew Kaplan
Super Advisor

‎03-31-2008 08:57 AM

‎03-31-2008 08:57 AM

Re: Problem with DNS lookup

Hi there --

I contacted our Infomation Security group, and it turns out the DNS servers I was connecting to were the wrong ones to use for this situation. I reconfigured the resolv.conf file with the correct addresses, and that appears to have solved the problem. Thanks for the help.
A Journey In The Quest Of Knowledge
0 Kudos
Reply
rick jones
Honored Contributor

‎03-31-2008 05:58 PM

‎03-31-2008 05:58 PM

Re: Problem with DNS lookup

Minor nit for the future - if you are already providing an FQDN (fully qualified domain name) such as (I'm guessing) database.clamav.net you can avoid the overhead of the searches by putting a period/dot at the end as in:

database.clamav.net.

which will tell the resolver library to not bother with the search terms and so perhaps save a couple of queries and round trip times in the resolution.
there is no rest for the wicked yet the virtuous have no pillows
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.