The host command resolves names put ping does not

Latest response

In what universe does this makes any sense? The DNS server at 10.10.10.11 is good. I'm resolving names with it right now to post this question. I can do host and it resolves to what I expect. But ping always returns unknown host.

[root@www network-scripts]# date
Mon Feb 23 15:19:06 CST 2015
[root@www network-scripts]# host infradc2012.infrasupport.local
infradc2012.infrasupport.local has address 10.10.10.11
[root@www network-scripts]# ping infradc2012.infrasupport.local
ping: unknown host infradc2012.infrasupport.local
[root@www network-scripts]# date
Mon Feb 23 15:19:16 CST 2015
[root@www network-scripts]#
[root@www network-scripts]# more /etc/resolv.conf

Generated by NetworkManager

search bullseyebreach.com
nameserver 10.10.10.11
[root@www network-scripts]#
[root@www network-scripts]#
[root@www network-scripts]# more ifcfg-eth0
TYPE="Ethernet"
BOOTPROTO="static"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
NAME="eth0"
UUID="8df61ac9-355d-4d3c-8741-ca5c76d69b25"
ONBOOT="yes"
HWADDR="00:1A:4A:92:C6:01"
PEERDNS="yes"
PEERROUTES="yes"
IPV6_PEERDNS="yes"
IPV6_PEERROUTES="yes"
BROADCAST="10.10.10.255"
IPADDR="10.10.10.7"
NETMASK="255.255.255.0"
NETWORK="10.10.10.0"
GATEWAY="10.10.10.1"
DNS1="10.10.10.11"
[root@www network-scripts]#

OK, the above didn't come from RHEL. It came from a Fedora 21 RHEV 3.5 virtual machine in a RHEV 3.5 environment I cloned. After cloning, I updated ifcfg-eth0 with its new MAC address and a new IP Address. What I don't get is why does ping resolve addresses differently than the host command?

thanks

  • Greg Scott
GS
Log in to join the conversation

Responses

PS Guru 6494 points
23 February 2015 11:16 PM
  1. Does ifconfig show the eth0 device correctly up/configured?
  2. Is nscd enabled? (possible local caching)
  3. Can you use nslookup/dig directly to the DNS server from this host and resolve names? (possible local caching)
  4. What does nsswitch have configured for hosts?
thomas.jones2@dodiis.mil's picture Guru 6435 points
24 February 2015 1:18 AM

9 times out of 10, when nslookup/dig/hosts works but ping-by-name fails, it's because /etc/nsswitch.conf isn't set up properly. Usually, you'll want its hosts line to look like:

hosts:      files dns
GS Expert Active Contributor 1269 points
24 February 2015 2:59 AM

Looks like something going on with nsswitch.conf. Here is what hosts: line looks like out of the box in F21:
hosts: files mdns4_minimal [NOTFOUND=return] dns myhostname

On RHEL 7, it looks like this:
hosts: files dns myhostname

Changing nsswitch.conf on that F21 VM to look like the RHEL 7 system - yup, now ping-by-name resolves.

I wonder what the Fedora folks are thinking?

- Greg

thomas.jones2@dodiis.mil's picture Guru 6435 points
24 February 2015 3:57 AM

What they're probably thinking is that the "mdns4_minimal" will return valid hostnames. You could also try altering the line to look like

hosts: files mdns4_minimal [NOTFOUND=continue] dns myhostname

That way, it will still attempt to use MDNS to lookup hosts, but, if it doesn't find them via MDNS, it will continue on to look via DNS

GS Expert Active Contributor 1269 points
24 February 2015 4:40 AM

Thanks Tom. As long as we're into this - I tried your hosts: line as suggested above. Pinging by name did resolve, but it took 2-3 seconds for anything not cached, which suggests mdns4_minimal had to timeout first before trying real DNS. I don't even know what mdns4_minimal is and why nsswitch.conf would refer to it when it's not installed. Searching on Google - looks like other distros have messed around with this too.

  • Greg
thomas.jones2@dodiis.mil's picture Guru 6435 points
24 February 2015 4:49 AM

That would be expected. It's trying the MDNS service and waiting for it to time out. You'd get similar behavior if you had multiple DNS servers defined:

search your.domain.com
nameserver 192.168.28.53
nameserver 192.168.38.53
nameserver 192.168.58.53

If 192.168.28.53 was down, your resolution would have a 30s delay. If 192.168.28.53 and 192.168.38.53 were both down, you'd have a 60s delay.

If you know you'll never have MDNS set up on your network, better to simply nuke it and save yourself the couple seconds per lookup. If you want to some play around with MDNS, you'll either want to leave it there or remember to add it back so you're not stuck having to ask "why isn't ping finding thing via MDNS". ;)

GS Expert Active Contributor 1269 points
24 February 2015 11:06 AM

Yes, I get the timeout. My beef with Fedora is, it seems like a goofy default setting. And it's new with F21. I just checked and F20 was set the same as RHEL 7. What were the Fedora folks thinking when they set up nsswitch.conf this way by default, even when MDNS is not installed? MDNS - is that the service with a caching DNS and a primitive DHCP server builtin? It's more curiosity now that we've worked around the problem.

- Greg

thomas.jones2@dodiis.mil's picture Guru 6435 points
24 February 2015 6:36 PM

My initial response is "running Fedora's kind of like running OpenSolaris used to be: yeah, you get advanced access to features with the downside that not all the bugs may have been worked out when you're running 'upstream' code".

My guess would be, given the overall direction of Red Hat with respect to systemd and automatic system-configuration, the Fedora project is probably hoping to fully supplant manual system configuration. Such a path would also include networking (and name resolution) with auto-config tools. mDNS is one such component of 'zeroconf' system configuration utilities.

GS Expert Active Contributor 1269 points
25 February 2015 3:27 AM

One more folliow-up on this. All the discussion above was about a Fedora VM running in my RHEV environment with Wordpress and all the pieces Wordpress needs. That VM had the ugly line in /etc/nsswitch.conf. I'm delivering a firewall tomorrow so I needed to build up a physical box on bare metal. That one has F21 and a bunch of networking and VPN packages. It looks like at least a few RPM installations get in the act and mess around with that file. After a fresh install and a yum update, the date on that file corresponded with my yum update. And the contents of that host line changed. Right now it looks like:

hosts: db files nisplus nis dns

hosts: files dns myhostname

So unless there's some intelligence someplace that figures out it's a virtual machine and configures the NICS differently, it's not an out of the box Fedora installation that puts in that ugly stuff.

- Greg

thomas.jones2@dodiis.mil's picture Guru 6435 points
25 February 2015 4:18 PM

Just to be clear, after installation of your VPN packages and updates, your /etc/nsswitch.conf file has two 'hosts:' lines?

In general, RPMs don't include logic to determine whether the OS is running on physical or virtual iron.

In general, RPMs that alter system configuration files should be better behaved than what your RPMs seem to be (assuming I'm reading your prior post, correctly). By "better behaved" I mean that they either don't crap up your config files (and causing nsswitch.conf to have more than one hosts: line counts as "crapping up"). Assuming the RPM-packagers did The Right Thing(TM), you might want to see if there's an /etc/nsswitch.conf.rpmsave (or similar) file sitting around. That file should contain the pre-update state of your /etc/nsswitch.conf file.

At any rate, you can typically sort out which, if any, yum actions resulted in a file's change. First thing to do is get the change time of your file. Once you have that, you can use usually use yum history to see which yum invocation most-closely corresponded to that timestamp. The output of yum history will include an ID number. You can then do yum history info <ID> to see which RPMs were installed as part of that yum action. Once you have your list of RPMs, you can see if any of them altered the file - either by directly replacing the file (use something like rpm -ql <RPMNAME> | grep filename) or executing a "preinstall", "postinstall" or similar script (rpm -q --scripts <RPMNAME>) .

GS Expert Active Contributor 1269 points
26 February 2015 3:01 AM

That's what I get for doing posts when I haven't had enough sleep. I like and agree with your comment that RPMs should be better behaved when they mess around with config files. At least leave some kind of easy to follow audit trail when they change .conf files. RPM installs did mess around with nsswitch.conf but not that badly - there was only one hosts line. I'll bet what I did above was paste in before and after hosts: lines. And then the phone probably rang or the dog or grandsons had a crisis or who knows what and I ended up posting it without any text saying those were before and after lines. Sorry for the confusion.

That firewall I built is on a truck right now somewhere between St. Paul, MN. and Bismarck, North Dakota so I don't have a way to look at it again until they deploy it in a couple days. What happens is, after some yum installations, there's an nsswitch.conf.bak file and a new nsswitch.conf. And then the next yum install gets rid of the old .bak, makes a new .bak and then modifies nsswitch.conf. So you only see one generation old. I probably dug out the hosts line from the .bak file and from the new .conf file.

There's apparently an RPM in the bunch that Wordpress needs that puts in that ugly hosts line. Which is bizarre. I'll see if I can dig out which RPM did it after I solve some other Wordpress theme problems.

- Greg

GS Expert Active Contributor 1269 points
26 February 2015 5:02 AM

Ohhhhh - hang on a second.... There's some ugly HTML posting stuff going on here. When you post in these little boxes, it looks like it's interpreting the pound sign character. So those two host lines above -the first one was commented with a pound sign. Or hashtag. But this website interpreted that pound sign as a tag to make the font huge. That's why it displayed in a huge font - the posting stuff here is interpreting that pound sign.

- Greg

james.radtke@siriusxm.com's picture Guru 6863 points
26 February 2015 2:17 PM

You have to enclose your pre-formatted text in 3 x tilde's
~~~
#!/bin/bash
echo "code here"
~~~

Terry Bowling's picture Red Hat Guru 1310 points
26 February 2015 2:35 PM

Yes, this site uses the Markdown syntax. The ## signs are interpreted as various levels of Header formatting. At the bottom right of your text box you are typing in you will see a formatting help link to show you how to tweak it.

Like James says, use the ~~~ so surround your text as a code block.

GS Expert Active Contributor 1269 points
26 February 2015 2:41 PM

Thanks guys.

Live and learn.

or

#Live and learn

- Greg

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.