2

My resolver is not querying the nameserver.

This command is running the background

tcpdump -n -s 0 port 53 &

Resolver points to files then dns

 # grep hosts /etc/nsswitch.conf
 hosts:  files dns

Getent never queries the nameserver (text written is by background tcpdump)

     # getent hosts this_wont_exist
     # dig this_wont_exist +short
11:16:56.964399 IP6 2001:9999:999:9999:999:999:0:f.41860 > 2001:9999:999:9999:99:999:9:999.53: 26738+ [1au] A? this_wont_exist. (44)
11:16:57.095274 IP6 2001:9999:999:9999:99:999:0:247.53 > 2001:9999:999:9999:999:999:0:f.41860: 26738 NXDomain 0/1/1 (119)

Any ideas? I have other systems with an identical config and it works fine. Heck, I think this worked for a while (can't reboot production to see if a reboot fixes it). Stopping NSCD doesn't help.

System is running SUSE Linux 11 SP4

rmeden
  • 192
  • 2
  • 8
  • Is it the same with `tcpdump -pnni eth0 port 53`. The `-s 0` can drop more packets. – kubanczyk Mar 27 '18 at 16:53
  • Try querying `getent hosts www.google.com` and compare the result. – Michael Hampton Mar 27 '18 at 16:54
  • Other tcpdump queries also don't show a query. Same results with google. there is no apparent attempt to query a DNS server. – rmeden Mar 27 '18 at 18:14
  • Just noticed a big clue.. if I run tcpdump on localhost I see the query going out the IPV4 localhost port. (there is no local DNS server). Using strace, I also see the connect call. No connection is attempted to the servers in /etc/resolv.conf – rmeden Mar 27 '18 at 18:39

1 Answers1

1

Figured it out!

/etc/resolv.conf had this

nameserver ip-addres # hostname

I thought that file was replicated to all hosts, but it wasn't! It doesn't work if you put a comment in the line at all. I suspect any line with a "#" is ignored, not just the text after the "#"

So much for documentation. :)

rmeden
  • 192
  • 2
  • 8