0

I have moved my LDAP server (ldap.intranet.local) from a VM on one machine (192.168.0.5) to a docker container on a new server (192.168.0.7). I have updated the DNS records. When I turn off the LDAP service on the VM, I can no longer log in and the error reported is that the LDAP server cannot be contacted. Using ldapsearch shows the same problem.

I have flushed the DNS cache using sudo systemd-resolve --flush-caches. I have restarted nscd, nslcd, and libnss-ldap (repeatedly).

One guide I found online suggested doing systemctl restart dnsmasq. This results in Failed to restart dnsmasq.service: Unit dnsmasq.service not found. being reported back.

Another guide suggested /etc/init.d/dns-clean start. This file does not exist on my system.

If I do nslookup I get the correct IP address.

If I do ping ldap I get the correct IP address.

If I do ping ldap.intranet.local I get the old IP address.

LDAP is configured to use ldap.intranet.local and ldapsearch on that hostname still adamantly refuses to work.

I cannot reboot the machine as it has an encrypted hard drive and I am working remotely.

I have heard that different programs use different name resolution mechanisms.

How can I completely flush all cached name resolutions?

Will the problem simply go away after a while? If I leave the old VM running for a while and turn it off later, will that solve the problem? How long can I expect to have to wait?

--- Update ---

Apart from adding LDAP to /etc/nsswitch.conf (and fiddling about to get it to work) these files are all default from installation.

/etc/hosts:

127.0.0.1 localhost
127.0.1.1 my_server

# The following lines are desirable for IPv6 capable hosts
::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

/etc/resolv.conf:

# This file is managed by man:systemd-resolved(8). Do not edit.
#
# This is a dynamic resolv.conf file for connecting local clients to the
# internal DNS stub resolver of systemd-resolved. This file lists all
# configured search domains.
#
# Run "resolvectl status" to see details about the uplink DNS servers
# currently in use.
#
# Third party programs must not access this file directly, but only through the
# symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way,
# replace this symlink by a static file or a different symlink.
#
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.

nameserver 127.0.0.53
options edns0 trust-ad
search intranet.local

/etc/nsswitch.conf:

# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.

#passwd:         files ldap systemd
#group:          files ldap systemd
#shadow:         files ldap
passwd:         compat systemd ldap
group:          compat systemd ldap
shadow:         compat

gshadow:        files

hosts:          files dns
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis
AlastairG
  • 348
  • 3
  • 15
  • Can you post the contents of /etc/hosts and /etc/resolv.conf and /etc/nsswitch.conf if present? – Mark R. Jan 20 '21 at 09:01
  • whats the output from `sudo system-resolve - -statistics` directly after you do `sudo systemd-resolve - -flush-caches`? – Shouma Jan 20 '21 at 09:35
  • It reports 0 cached DNS entries. I already checked all the obvious things. – AlastairG Jan 20 '21 at 15:17
  • It is working now, almost 24 hours later. Another machine still has the problem, although I didn't do anything to flush the DNS cache on that one. – AlastairG Jan 21 '21 at 08:41

0 Answers0