Why are DNS lookups not respecting /etc/nsswitch.conf & /etc/host.conf?

Question

I have an issue where hostnames are being looked up from DNS even though they are present in /etc/hosts.

I have the following configured:

/etc/host.conf:

order hosts,bind

/etc/nsswitch.conf:

hosts:      files dns

/etc/resolv.conf:

nameserver <nameserver one>
nameserver <nameserver two>

The application running on the host makes some internal and external API requests.

From tcpdump, I'm seeing DNS queries to some of the internal service hostnames that are listed in /etc/hosts. The tcpdump command I'm using is:

tcpdump -tqAlU -s0 port 53 and host <nameserver one>

In the dump I'm seeing requests like the following:

IP 10.0.80.11.domain > app004-private.51308: UDP, length 102
E...I2..>...
.P.
.........I.1E...:...Q.. localhost............   ..@.a.root-servers.net..nstld.verisign-grs.com.w..
IP app004-private.33828 > 10.0.80.11.domain: UDP, length 39
E..Ca.@.@.B.
.2.
.P..$.5./..3e.......... localhost.site.com.....
IP 10.0.80.11.domain > app004-private.33828: UDP, length 96
E..|....>.T;
.P.
.2..5.$.hU.3e.......... localhost.site.com................-.ns10.dnshost.com...dns.8w.............u.....

Notice that localhost is being sent to DNS as well as localhost.site.com. The /etc/hosts entry for localhost is:

127.0.0.1 localhost.localdomain localhost

And

IP 10.0.80.11.domain > app004-private.51664: UDP, length 93
E..yx...>.m.
.P.
.2..5...e.<N2...........api.site.com................-.ns10.dnshost...dns.5w.............u.....
IP app004-private.51664 > 10.0.80.11.domain: UDP, length 48
E..L`.@.@.C.
.2.
.P....5.8..n............api.site.com.site.com.....
IP 10.0.80.11.domain > app004-private.48878: UDP, length 76
E..h&e..>..w
.P.
.2..5...TQ..............11.80.0.10.in-addr.arpa.............Q............p.... .        :...Q.
IP 10.0.80.11.domain > app004-private.51664: UDP, length 105
E...VX..>..g
.P.
.2..5...qJ.n............api.site.com.site.com................-.ns10.dnshost.'.dns.Aw.............u.....

Where api.site.com is in /etc/hosts. Running getent to query api.site.com returns:

$ getent hosts api.site.com
10.36.176.114   api001-private api001-private.site.com api001 api.site.com api

I'm stumped. Everything appears to be configured correctly (as far as I'm aware) to use /etc/hosts first then DNS. Any insight as to why /etc/nsswitch.conf and /etc/host.conf are not being respected?

The main application running on the system is http (apache 2.2.15 and PHP 5.3.8 with curl 7.30.0). The OS is Centos 5.6 running with kernel 2.6.18-238.9.1.el5 and glibc 2.5-58.el5_6.3.

Thanks in advance!

drsnyder's coworker here: we stumbled on a weird workaround: setting CURLOPT_IPRESOLVE to CURL_IPRESOLVE_V4 avoids the DNS lookup, as demonstrated here: https://gist.github.com/frankfarmer/360e4bb12ec494ae2d3a — Frank Farmer, Jun 20 '13 at 00:43

score 3 · Accepted Answer · answered Jun 20 '13 at 17:41

3

We were able to resolve this by disabling ipv6. We disabled ipv6 by adding the following to /etc/modprobe.conf and rebooting.

alias net-pf-10 off
alias ipv6 off
options ipv6 disable=1

After reboot, we no longer see DNS lookups for hosts listed in /etc/hosts.

It's not clear to me exactly why this resolves the issue.

answered Jun 20 '13 at 17:41

Damon Snyder

191
1
2
6

That's interesting.. I'd consider filing that as a bug upstream. – Jun 20 '13 at 22:11
And that one system that behaved correctly already had IPv6 disabled? – Nils Jun 21 '13 at 11:55
Yes, the one system that behaved correctly had IPv6 disabled. – Damon Snyder Jun 21 '13 at 15:52
One more reason to disable IPv6 - which I do on every installation. – Nils Jun 21 '13 at 21:06
Interesting. Is an IPV6 record defined for the hosts that were going to DNS instead of the hosts file? Just trying to narrow down how this quirk behaves. – Andrew B Jun 22 '13 at 15:46
There were no IPV6 records defined in the hosts file. – Damon Snyder Jun 22 '13 at 21:22
Then, defining `::1 localhost` or similar (that is, a ipv6 address for each name) should avoid the DNS resolutions needed to find IPv6 addresses. – Feb 11 '19 at 00:48

score 2 · Answer 2 · answered Jun 20 '13 at 12:03

2

There are many applications out there that do not use the OS-api to query names. Instead they do an explicit DNS-query.

If that happens - they will not go via the resolver library.

On Linux you can do the same on the command line:

host YOURHOST will try to resolve DNS - no matter what.
gethostip YOURHOST will use the defined resolver settings in the configured order.

answered Jun 20 '13 at 12:03

Nils

7,695
3
34
73

One wrinkle that we have observed is that we have one system (out of about 10) that is behaving as expected with our application. This suggests that it's not the application, but something about the OS. As best we can tell, the two systems are configured exactly the same and have the same apache, php, curl, kernel, libc, and centos version. – Damon Snyder Jun 20 '13 at 16:17
@drsnyder there are config-items in apache/httpd and propably also in php for name-resolving. Did you compare all direct and included configurations? – Nils Jun 20 '13 at 20:15
all of the php and apache configs are uniform across all of the servers. They are distributed via puppet. – Damon Snyder Jun 21 '13 at 05:14

score 0 · Answer 3 · edited May 23 '17 at 12:41

0

It looks like your application uses the curl library, which has its own name resolving facility intricacies, see e.g.:

https://stackoverflow.com/questions/29570033/how-can-i-get-libcurl-to-return-me-dnsresolver-used-for-connect-call

edited May 23 '17 at 12:41

Community

1

answered Nov 01 '16 at 15:32

Josip Rodin

1,695
13
18

Why are DNS lookups not respecting /etc/nsswitch.conf & /etc/host.conf?

3 Answers3