HPE Community
Operating System - Linux
1827866 Members
1371 Online
109969 Solutions
New Discussion

Strange resolv.conf behaviour

 
SOLVED
Go to solution
Mark McDonald_2
Trusted Contributor

‎08-11-2008 05:43 AM

‎08-11-2008 05:43 AM

Strange resolv.conf behaviour

Hi

I have/had a machine where ssh and traceroute were taking about 30 seconds to respond on the shortname, but responding immediately on the fully qualified name. telnet and ftp worked straight off. nslookup worked fine on all hostnames (long and short) and on ip addresses.

I have tracked this down to an old nameserver entry in the resolv.conf. Now I thought that it would pick the top name server and lookup on that first, then move to the next etc.

My resolv.conf had:
domain domain.com
search domain.com other.com etc.com
nameserver new_IP
nameserver old_IP

I have removed the last (old_IP) entry and ssh responds immediately. I guess the lookup was timing out looking for the old nameserver which has been decomissioned. Should it even look for it? I dont understand why it even looked at the 2nd nameserver?

All other protocols must have only used the 1st nameserver. Is this some sort of security built in to ssh?

Anyone care to comment?

Thanks
Mark
0 Kudos
6 REPLIES 6
Torsten.
Acclaimed Contributor

‎08-11-2008 05:46 AM

‎08-11-2008 05:46 AM

Re: Strange resolv.conf behaviour

What is your nsswitch.conf telling you?

DNS first, then hosts?

Hope this helps!
Regards
Torsten.

__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.
__________________________________________________
No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!   
0 Kudos
Mark McDonald_2
Trusted Contributor

‎08-11-2008 05:49 AM

‎08-11-2008 05:49 AM

Re: Strange resolv.conf behaviour

There is no nsswitch.conf

I did create one at one point and add some entries to /etc/hosts, and all started working fine, so this led me to think it was a DNS issue so I removed it again to continue my investigation.

Like I said it is all working fine now the dead nameserver entry has been removed. I was just wondering why the 2nd entry was causing this to happen.
0 Kudos
TTr
Honored Contributor

‎08-14-2008 01:19 PM

‎08-14-2008 01:19 PM

Re: Strange resolv.conf behaviour

I came across this text from patch PHNE_35730

The netstat command seems to hang while resolving the network or host addresses to names, if the nameserver directive in the /etc/resolv.conf file points to an invalid DNS server

This certainly fits your problem but the patch is for 11.00 and don't know if it matches your case. Patch PHNE_27063 is the equivalent patch for 11.11 with the same text in it.
0 Kudos
Bill Hassell
Honored Contributor

‎08-14-2008 03:54 PM

‎08-14-2008 03:54 PM

Solution

Re: Strange resolv.conf behaviour

> no nsswitch.conf

Not a good idea at all. What this means is your entire machine's network activity is dependent on another system (DNS). And as you have seen, a dead or unreachable DNS server will cause a 30 second delay to try the next one. Because of this, I always create the nsswitch.conf file and specify files, then DNS, like this:

passwd: files
group: files
hosts: files [NOTFOUND=continue UNAVAIL=continue] dns
ipnodes: files [NOTFOUND=return] dns
networks: files
protocols: files
rpc: files
publickey: files
netgroup: files
automount: files
aliases: files
services: files

Then you put production system hostnames into /etc/hosts where name resolution in infinitely faster. This will also improve performance in commercial backup products. There is no protocol involved here, it is all part of the resolver library (see: man 4 resolver) and how each network service translates hostnames into IP addresses.

A useful tool (in addition to nslookup) is nsquery (man nsquery)


Bill Hassell, sysadmin
0 Kudos
Mark McDonald_2
Trusted Contributor

‎08-19-2008 02:29 AM

‎08-19-2008 02:29 AM

Re: Strange resolv.conf behaviour

Thanks Bill, I am a contractor and have been handed the box in this state so I will be adding an nsswitch.conf

0 Kudos
Bob_Vance
Esteemed Contributor

‎02-05-2009 01:56 PM

‎02-05-2009 01:56 PM

Re: Strange resolv.conf behaviour

I had a very similar issue after moving to HPUX 11.23 - 30 seconds delay on shortnames.
This ocurred with both version 4.7 and the latest version 5.10 of SSH.

I did network tracing and concluded that SSH and REMSH do not even use nsswitch. They appear to have a built-in resolver that is hard-coded to use this order:
. dns
. files


Please see my post and fix for SSH at:

http://forums11.itrc.hp.com/service/forums/questionanswer.do?admit=109447626+1233870592210+28353475&threadId=1311413

tks
bv
"The lyf so short, the craft so long to lerne." - Chaucer
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.