0

I am trying to understand how /etc/resolve.conf /etc/nsswitch.conf exactly works and what is significance of nameserver entry 127.0.1.1

I did strace ping google.com to get to know about the system calls involved , one part is :

stat64("/etc/resolv.conf", {st_mode=S_IFREG|0644, st_size=172, ...}) = 0
socket(PF_INET, SOCK_DGRAM|SOCK_NONBLOCK, IPPROTO_IP) = 4
connect(4, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("127.0.1.1")}, 16) = 0
gettimeofday({1413780874, 913366}, NULL) = 0
poll([{fd=4, events=POLLOUT}], 1, 0)    = 1 ([{fd=4, revents=POLLOUT}])
send(4, "\0040\1\0\0\1\0\0\0\0\0\0\6google\3com\0\0\1\0\1", 28, MSG_NOSIGNAL) = 28
poll([{fd=4, events=POLLIN}], 1, 5000)  = 1 ([{fd=4, revents=POLLIN}])
ioctl(4, FIONREAD, [204])               = 0
recvfrom(4, "\0040\201\200\0\1\0\v\0\0\0\0\6google\3com\0\0\1\0\1\300\f\0\1"..., 1024, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("127.0.1.1")}, [16]) = 204
close(4)                                = 0
socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 4
connect(4, {sa_family=AF_INET, sin_port=htons(1025), sin_addr=inet_addr("173.194.123.36")}, 16) = 0
getsockname(4, {sa_family=AF_INET, sin_port=htons(58830), sin_addr=inet_addr("192.168.1.13")}, [16]) = 0
close(4)

can any one please explain what is going on here ? specially connect on 127.0.1.1 as it is namsserver entry in my resolve.conf Why we need to make socket connection to 127.0.1.1 ? and how do we get response from it ?

Ameyj
  • 17
  • 5
  • Read also [nsswitch.conf(5)](http://man7.org/linux/man-pages/man5/nsswitch.conf.5.html) and [nss(5)](http://man7.org/linux/man-pages/man5/nss.5.html) and [resolv.conf(5)](http://man7.org/linux/man-pages/man5/resolv.conf.5.html). Your system is making [DNS](https://en.wikipedia.org/wiki/Domain_Name_System) requests to its nameserver. –  Oct 20 '14 at 05:20
  • /etc/hosts has entry to 127.0.1.1 as host , what if I want to use open public dns server – Ameyj Oct 20 '14 at 05:38
  • You have a misconfigured DHCP server, it might be the same server. Find that DHCP server and finish configuring it so it works correctly. – Chris S Oct 31 '14 at 14:15
  • This looks eerily similar to http://serverfault.com/questions/638220/understanding-resolv-conf-nameserver-through-system-calls – Håkan Lindqvist Oct 31 '14 at 14:55

1 Answers1

0

127.XXX.XXX.XXX is reserved for loopback. You can ping anything from 127.0.0.1 through 127.255.255.254 and you are sending a ping request to yourself. The /etc/resolv.conf is the configuration file for your computers DNS resolver (Telling your computer where to look for Name to IP resolutions.)

In your case, the DNS resolver is looking back to itself to look for name resolution. This is completely normal if you are running a DNS server such as BIND DNS however, keep in mind that the BIND DNS server will query addresses that are unknown to itself (any zone that is not configured on your own BIND DNS Server) by using root hints and will resolve the public IP address of any name that you query.

That being said, if you host an internal website of www.company.com on an internal IP address of 192.168.1.10 and you attempt to ping that website from that Linux server, you will resolve to the IP address listed on your external public DNS server. Unless:

  1. You have the DNS zone company.com configured on the BIND DNS Server with a record pointing to the internal IP address.

  2. You have a forwarder setup on your BIND DNS server to point to an internal DNS server which has the internal DNS entry for the address www.company.com. (i.e., Active Directory DNS Server).

  3. You configure your /etc/resolv.conf file to use the internal DNS Server instead of itself. (Some systems are different when editing this file. In Ubuntu, you should edit the /etc/resolvconf/resolv.conf.d/base file in order for the configuration to keep after reboots if you want to edit the resolv.conf file)

Kevin Hayashi
  • 166
  • 1
  • 3