Site Navigation

Date:      Fri, 25 May 2001 11:34:36 +0200
From:      Jens Schweikhardt <schweikh@schweikhardt.net>
To:        freebsd-current@freebsd.org
Subject:   Strange DNS behavior; I'm stumped
Message-ID:  <20010525113435.A955@schweikhardt.net>

---

next in thread | raw e-mail | index | archive | help

---

hello, world\n

so I thought I knew everything about DNS. Here's something that beats me.
I'm running -current as of a week or so ago, which means the resolver is
configured with /etc/nsswitch.conf (instead of /etc/host.conf which no
longer exists). I want the resolver to look in /etc/hosts and if nothing
is found ask a remote nameserver. So I have

$ hostname
hal9000.schweikhardt.net
$ cat /etc/nsswitch.conf
hosts: files dns
$ cat /etc/resolv.conf
nameserver 193.174.247.193
nameserver 129.143.1.1
nameserver 120.69.18.28
$ grep -v '^#' /etc/hosts
194.95.228.253  hal9000 hal9000.schweikhardt.net hal9000.schweikhardt.net. s253.shuttle.de hal9000.s.shuttle.de
127.0.0.1		localhost localhost.schweikhardt.net localhost.schweikhardt.net.


Here's the rub: when I start X, my window manager ctwm tries to
determine the hostname (to assign to HOSTNAME and then m4-process the
.ctwmrc) This causes my machine to dial out. I've used tcpdump on port
53 (dns) by putting this in /etc/start_if.isp1:
/usr/sbin/tcpdump -nli isp1 -c 16 port 53 > /tmp/tcpdump.53 &
so I capture the very first dns packets. The result is:

$ cat /tmp/tcpdump.53 
19:19:36.504837 IP 74: 213.7.20.247.1025 > 129.143.1.1.53:  34068+ A? hal9000.schweikhardt.net. (42)
19:19:41.514465 IP 74: 213.7.20.247.1026 > 120.69.18.28.53:  34068+ A? hal9000.schweikhardt.net. (42)
19:19:46.524451 IP 74: 213.7.20.247.1027 > 193.174.247.193.53:  34068+ A? hal9000.schweikhardt.net. (42)
19:19:46.573495 IP 129: 193.174.247.193.53 > 213.7.20.247.1027:  34068 NXDomain* 0/1/0 (97) (DF)
19:19:46.576134 IP 91: 213.7.20.247.1028 > 193.174.247.193.53:  34069+ A? hal9000.schweikhardt.net.schweikhardt.net. (59)
19:19:46.625504 IP 146: 193.174.247.193.53 > 213.7.20.247.1028:  34069 NXDomain* 0/1/0 (114) (DF)
...

innd causes something similar lookups, but sendmail does not.
What's more, I can use perl's gethostbyname function and ask for
hal9000, localhost, hal9000.schweikhardt.net or hal9000.schweikhardt.net.
and it does not cause a remote name server query:
schweikh@hal9000:~/bin $ cat dns-test
#!/usr/bin/perl
# gethostbyname should not dial out if the name is found in /etc/hosts

my $name = defined $ARGV[0] ? $ARGV[0] : 'hal9000.schweikhardt.net';
print "gethostbyname $name\n";
my ($n, $aliases, $addrtype, $length, @addrs) = gethostbyname $name;
print "name: $n\n";
print "aliases: $aliases\n";
print "addrtype: $addrtype\n";
print "length: $length\n";
foreach (@addrs) {
        print join ('.', unpack ('C4', $_)), "\n";
}

$ dns-test localhost
gethostbyname localhost
name: localhost
aliases: localhost.schweikhardt.net localhost.schweikhardt.net.
addrtype: 2
length: 4
127.0.0.1

$ dns-test `hostname`
gethostbyname hal9000.schweikhardt.net
name: hal9000
aliases: hal9000.schweikhardt.net hal9000.schweikhardt.net. s253.shuttle.de hal9000.s.shuttle.de
addrtype: 2
length: 4
194.95.228.253

$ dns-test hal9000   
gethostbyname hal9000
name: hal9000
aliases: hal9000.schweikhardt.net hal9000.schweikhardt.net. s253.shuttle.de hal9000.s.shuttle.de
addrtype: 2
length: 4
194.95.228.253

$ dns-test hal9000.schweikhardt.net
gethostbyname hal9000.schweikhardt.net
name: hal9000
aliases: hal9000.schweikhardt.net hal9000.schweikhardt.net. s253.shuttle.de hal9000.s.shuttle.de
addrtype: 2
length: 4
194.95.228.253

I even made a C program that used gethostbayname(3) and the result is
the same as with the perl script, i.e. no remote ns lookups done for
hosts in /etc/hosts. I'm stumped. Is it possible for apps to *force* a
name server query, bypassing gethostbyname? How can I force apps to
obey my nsswitch.conf?

In case it matters, my isp1 interface is a dynamically assigned p2p link
configured with
...
ifconfig isp1 link1 0.0.0.0 0.0.0.1 netmask 255.255.0.0
and later made the default route.

The address 194.95.228.253 in /etc/hosts belongs to another statically
assigned interface, i.e.
isp0: flags=a011<UP,POINTOPOINT,LINK1,MULTICAST> mtu 1500
        inet 194.95.228.253 --> 194.95.242.2 netmask 0xffffff00 
        ether 00:00:00:00:00:00 
isp1: flags=a011<UP,POINTOPOINT,LINK1,MULTICAST> mtu 1500
        inet 0.0.0.0 --> 0.0.0.1 netmask 0xffff0000 
        ether 00:00:00:00:00:00 

Regards,

	Jens
-- 
Jens Schweikhardt http://www.schweikhardt.net/
SIGSIG -- signature too long (core dumped)


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010525113435.A955>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact