unable to resolve things...

unable to resolve things...

[James]

I've just set this Linux machine up to connect to an Alcatel ADSL router
using dhcpcd (the router is configured for DHCP spoofing). eth0 has now
been given a working IP address, and I can ping IP addresses of places
like google.

However, I can't ping "www.google.com" or any other names. They won't
resolve.

BUT if I type 'nslookup' I can talk to a DNS and resolve them manually,
however nothing else seems to be able to look addresses up except
nslookup.

This machine is routing data for a LAN, and runs named. Other machines
that have this Linux box set as their DNS server can resolve things
though and they can browse the web.

My resolv.conf contains:

---
search rda.lan
nameserver 10.0.0.5
---

(10.0.0.5 is this machine's internal IP)

and nsswitch.conf contains:

---
hosts:  dns files
networks:       files dns
---

and I've restarted inetd for fun.

This machine is configured to route traffic using ipfwadm.

ifconfig contains:

---
eth0      Link encap:Ethernet  HWaddr 00:50:DA:50:01:FB
          inet addr:xxx.xxx.xxx.xxx  Bcast:xx.255.255.255  Mask:255.0.0.0
          UP BROADCAST NOTRAILERS RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:57415 errors:0 dropped:0 overruns:1 frame:0
          TX packets:73421 errors:0 dropped:0 overruns:0 carrier:0
          collisions:4286 txqueuelen:100
          Interrupt:9 Base address:0xfc00

eth0:1    Link encap:Ethernet  HWaddr 00:50:DA:50:01:FB
          inet addr:10.0.0.5  Bcast:10.255.255.255  Mask:255.0.0.0
          UP BROADCAST NOTRAILERS RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:9 Base address:0xfc00

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:3924  Metric:1
          RX packets:88 errors:0 dropped:0 overruns:0 frame:0
          TX packets:88 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
---

it's only got one network card in it, so I am using aliased IPs to make it
talk to the local lan too.

What obvious thing have I not done?

R: unable to resolve things...

[David Galligani]

Can you send us
 the files of named  (/etc/named.conf  and  /var/named/* )?

ciao

david
----- Original Message -----
From: James <james@piku.org.uk>
To: <linux-admin@vger.kernel.org>
Sent: Monday, May 13, 2002 3:41 PM
Subject: unable to resolve things...


> I've just set this Linux machine up to connect to an Alcatel ADSL router
> using dhcpcd (the router is configured for DHCP spoofing). eth0 has now
> been given a working IP address, and I can ping IP addresses of places
> like google.
>
> However, I can't ping "www.google.com" or any other names. They won't
> resolve.
>
> BUT if I type 'nslookup' I can talk to a DNS and resolve them manually,
> however nothing else seems to be able to look addresses up except
> nslookup.
>
> This machine is routing data for a LAN, and runs named. Other machines
> that have this Linux box set as their DNS server can resolve things
> though and they can browse the web.
>
> My resolv.conf contains:
>
> ---
> search rda.lan
> nameserver 10.0.0.5
> ---
>
> (10.0.0.5 is this machine's internal IP)
>
> and nsswitch.conf contains:
>
> ---
> hosts:  dns files
> networks:       files dns
> ---
>
> and I've restarted inetd for fun.
>
> This machine is configured to route traffic using ipfwadm.
>
> ifconfig contains:
>
> ---
> eth0      Link encap:Ethernet  HWaddr 00:50:DA:50:01:FB
>           inet addr:xxx.xxx.xxx.xxx  Bcast:xx.255.255.255  Mask:255.0.0.0
>           UP BROADCAST NOTRAILERS RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:57415 errors:0 dropped:0 overruns:1 frame:0
>           TX packets:73421 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:4286 txqueuelen:100
>           Interrupt:9 Base address:0xfc00
>
> eth0:1    Link encap:Ethernet  HWaddr 00:50:DA:50:01:FB
>           inet addr:10.0.0.5  Bcast:10.255.255.255  Mask:255.0.0.0
>           UP BROADCAST NOTRAILERS RUNNING MULTICAST  MTU:1500  Metric:1
>           Interrupt:9 Base address:0xfc00
>
> lo        Link encap:Local Loopback
>           inet addr:127.0.0.1  Mask:255.0.0.0
>           UP LOOPBACK RUNNING  MTU:3924  Metric:1
>           RX packets:88 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:88 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:0
> ---
>
> it's only got one network card in it, so I am using aliased IPs to make it
> talk to the local lan too.
>
> What obvious thing have I not done?
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-admin" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: R: unable to resolve things...

[James]

On Mon, May 13, 2002 at 03:47:36PM +0200, David Galligani wrote:
| And if you try
| nameserver 127.0.0.1 ?

it says:

server:~ # ping www.google.com
ping: unknown host: www.google.com

but

server:~ # nslookup www.google.com
Server:  mail.rda.lan
Address:  10.0.0.5

Non-authoritative answer:
Name:    www.google.com
Address:  216.239.39.100

works OK. nslookup can find things, but nothing else on that machine
can.

-- 
Nerve gas is not a toy  
 
6AD6 865A BF6E 76BB 1FC2 | www.piku.org.uk/public-key.asc
E4C4 DEEA 7D08 D511 E149 | www.piku.org.uk wnzrf@cvxh.bet.hx (rot13'd)

Re: R: unable to resolve things...

[Glynn Clements]

James wrote:

> | And if you try
> | nameserver 127.0.0.1 ?
> 
> it says:
> 
> server:~ # ping www.google.com
> ping: unknown host: www.google.com
> 
> but
> 
> server:~ # nslookup www.google.com
> Server:  mail.rda.lan
> Address:  10.0.0.5
> 
> Non-authoritative answer:
> Name:    www.google.com
> Address:  216.239.39.100
> 
> works OK. nslookup can find things, but nothing else on that machine
> can.

Then the problem appears to be somewhere in the upper layers. 
nslookup/dig talk directly to a DNS server; everything else goes
through the resolver functions, usually via gethostbyname().

Try "strace"ing a simple client ("ping" may be a bad choice due to it
being setuid).

BTW, are you using nscd? That won't have any impact upon nslookup/dig,
but it will affect anything which uses gethostbyname().

-- 
Glynn Clements <glynn.clements@virgin.net>

Re: R: unable to resolve things...

[James]

On Mon, May 13, 2002 at 04:09:50PM +0100, Glynn Clements wrote:
| 
| James wrote:
| 
| > | And if you try
| > | nameserver 127.0.0.1 ?
| > 
| > it says:
| > 
| > server:~ # ping www.google.com
| > ping: unknown host: www.google.com
| > 
| > but
| > 
| > server:~ # nslookup www.google.com
| > Server:  mail.rda.lan
| > Address:  10.0.0.5
| > 
| > Non-authoritative answer:
| > Name:    www.google.com
| > Address:  216.239.39.100
| > 
| > works OK. nslookup can find things, but nothing else on that machine
| > can.
| 
| BTW, are you using nscd? That won't have any impact upon nslookup/dig,
| but it will affect anything which uses gethostbyname().

Thankyou! I killed off nscd and it all works now.

God, I thought I was going mad... :)

-- 
There's nothing remarkable about it.  All one has to do is hit the right
 keys at the right time and the instrument plays itself.  -- J.S. Bach  
6AD6 865A BF6E 76BB 1FC2 | www.piku.org.uk/public-key.asc
E4C4 DEEA 7D08 D511 E149 | www.piku.org.uk wnzrf@cvxh.bet.hx (rot13'd)

Re: unable to resolve things...

[rich+ml]

> My resolv.conf contains:
> 
> ---
> search rda.lan
> nameserver 10.0.0.5
> ---
> 
> (10.0.0.5 is this machine's internal IP)

Checked your firewall rules? I seem to recall that nslookup uses tcp to
talk to dns, gethostbyname uses udp.

Anyway, you might get better performance with 'nameserver 127.0.0.1'.

== Rich

Re: unable to resolve things...

[Glynn Clements]

rich+ml@lclogic.com wrote:

> Checked your firewall rules? I seem to recall that nslookup uses tcp to
> talk to dns, gethostbyname uses udp.

First; nslookup (and dig) are specifically DNS diagnostic tools. 
There's a fair amount of code between gethostbyname() and actually
sending DNS queries. /etc/host.conf, /etc/nsswitch.conf (and all of
the various NSS modules), and possibly nscd may all get involved
before the query gets as far as the resolver (res_query() etc, which
is the level at which nslookup/dig operate).

Second; although it's not actually relevant here, I'd just like to
clarify one particular issue.

DNS queries may use both UDP and TCP. Normal behaviour is to use UDP
initially; if the response packet has the TC (truncated) flag set
(indicating that the response is too large to fit into a single
packet), the query is re-issued using TCP.

If a firewall configuration allows UDP to port 53 (whether globally or
on specific IP addresses), but disallows TCP, it is *broken*. You
*cannot* guarantee that a DNS query will only use UDP.

OTOH, it's quite common to disallow all UDP traffic to/from "normal"
hosts (i.e. not DNS servers), but to allow all outbound TCP
connections. In this situation, if you want to use nslookup/dig, you
have to force the use of a TCP connection with the "vc" option.

> Anyway, you might get better performance with 'nameserver 127.0.0.1'.

Unlikely. Any packets sent to any local IP address should normally go
via the loopback interface, not just those addressed to 127.0.0.1.

-- 
Glynn Clements <glynn.clements@virgin.net>