FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora User

 
 
LinkBack Thread Tools
 
Old 06-11-2008, 08:15 PM
"McGuffey, David C."
 
Default Lost DNS lookup

A few days ago, a workstation in a lab stopped doing DNS lookups to
support connectivity to SMTP, POP, and web services. As I think back,
the behavior started in close proximity in time to a stunnel update.

Checked the usual locations and all seems to be ok. /etc/resolv.conf,
/etc/nsswitch.conf, /etc/host and /etc/networks files look ok. Running
ifconfig in a terminal shows that DHCP on the boundary firewall gave it
a good address, netmask, and gateway. The machine still serves up an
ext3 partition via samba to some windowze machines on the 192.168.1.0
network, and still prints to two network printers via cups (same
192.168.1.0 network), so it is not a hardware problem. The two other
windowze machines on the network can reach the web via Firefox, but the
fedora 7 box won't, so I don't believe it is a firewall problem (nothing
has changed there).

As a last resort, I executed the normal windowze solution...a reboot.
That did not solve the problem.

Lights on the local 8-port switch don't seem to indicate any network
traffic when an nslookup command is issued. I don't believe it is
issuing DNS requests through the gateway to the dns server...but will
confirm with tshark later today/this evening.

Any ideas?

Dave McGuffey
Principal Information System Security Engineer // NSA-IEM, NSA-IAM
SAIC, IISBU, Columbia, MD


--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 06-12-2008, 12:48 PM
David Timms
 
Default Lost DNS lookup

McGuffey, David C. wrote:

A few days ago, a workstation in a lab stopped doing DNS lookups to
support connectivity to SMTP, POP, and web services. As I think back,
the behavior started in close proximity in time to a stunnel update.

# uname -a
# ifconfig
# time route
# ping localhost
# ping 127.0.0.1
# ping self ip from ifconfig
# ping self hostname by name
# ping another machine on this network.
# ping next hop router {from route}
# ping 66.249.89.99 {google}
# cat /etc/resolv.conf
# ping nameserver ip from resolv.conf
# dig www.google.com.au
# ping www.google.com.au

Guessing you did all that, but maybe dropping the results would help us
work out what's up ?


--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 06-12-2008, 02:59 PM
"McGuffey, David C."
 
Default Lost DNS lookup

On Thu, 12 Jun 2008 22:48:12 +1000 David Timms <dtimms@iinet.net.au>
wrote
>
> McGuffey, David C. wrote:
> > A few days ago, a workstation in a lab stopped doing DNS lookups to
> > support connectivity to SMTP, POP, and web services. As I think
back,
> > the behavior started in close proximity in time to a stunnel update.
> # uname -a
> # ifconfig
> # time route
> # ping localhost
> # ping 127.0.0.1
> # ping self ip from ifconfig
> # ping self hostname by name
> # ping another machine on this network.
> # ping next hop router {from route}
> # ping 66.249.89.99 {google}
> # cat /etc/resolv.conf
> # ping nameserver ip from resolv.conf
> # dig www.google.com.au
> # ping www.google.com.au
>
> Guessing you did all that, but maybe dropping the results would help
us
> work out what's up ?
>
I did some of that, but not all. Will try to get back to the machine
today and do that.

BTW, I dropped an F8 loaded laptop onto the network, powered it up,
received the dhcp configuration and was able to get out through the
gateway. So the problem is definitely associated with the F7 load on
the workstation.

Dave McGuffey
Principal Information System Security Engineer // NSA-IEM, NSA-IAM
SAIC, IISBU, Columbia, MD

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 06-13-2008, 11:16 PM
John Cornelius
 
Default Lost DNS lookup

The most likely problem is that you have been issued a bogus name server
address by DHCP or you have a good one but you can't access it. First
you should check the order in which nslookups are done in
/etc/nsswitch.conf and be certain that DNS is the first choice. Then
doing an nslookup or dig will either do the right thing or report that
it cannot get a name for the name server address.


If the problem is in DHCP then it will spread to other machines. If the
name server address is correct but you cannot access it check your
routing tables and try a traceroute to the name server to ensure that
you can get to it. It never hurts to check /etc/resolv.conf either. If
the machine has been hacked the file may not be writeable and DHCP
client won't be able to write to it. With Linux there are a lot of
things to check so besides doing cat and ls do a lsattr on the file. All
of the attributes should be off. While you're at it do a netstat -r to
check the route to the name server (usually the default route).


John Cornelius

McGuffey, David C. wrote:

A few days ago, a workstation in a lab stopped doing DNS lookups to
support connectivity to SMTP, POP, and web services. As I think back,
the behavior started in close proximity in time to a stunnel update.

Checked the usual locations and all seems to be ok. /etc/resolv.conf,
/etc/nsswitch.conf, /etc/host and /etc/networks files look ok. Running
ifconfig in a terminal shows that DHCP on the boundary firewall gave it
a good address, netmask, and gateway. The machine still serves up an
ext3 partition via samba to some windowze machines on the 192.168.1.0
network, and still prints to two network printers via cups (same
192.168.1.0 network), so it is not a hardware problem. The two other
windowze machines on the network can reach the web via Firefox, but the
fedora 7 box won't, so I don't believe it is a firewall problem (nothing
has changed there).

As a last resort, I executed the normal windowze solution...a reboot.
That did not solve the problem.

Lights on the local 8-port switch don't seem to indicate any network
traffic when an nslookup command is issued. I don't believe it is
issuing DNS requests through the gateway to the dns server...but will
confirm with tshark later today/this evening.

Any ideas?

Dave McGuffey
Principal Information System Security Engineer // NSA-IEM, NSA-IAM
SAIC, IISBU, Columbia, MD



------------------------------------------------------------------------



No virus found in this incoming message.
Checked by AVG.
Version: 8.0.100 / Virus Database: 270.2.0/1495 - Release Date: 6/10/2008 5:11 PM



--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 07-21-2008, 03:44 PM
"McGuffey, David C."
 
Default Lost DNS lookup

> -----Original Message-----
> From: McGuffey, David C.
> Sent: 12 June, 2008 11:00
> To: dtimms@iinet.net.au
> Cc: fedora-list@redhat.com
> Subject: Re: Lost DNS lookup
>
> On Thu, 12 Jun 2008 22:48:12 +1000 David Timms <dtimms@iinet.net.au>
wrote
> >
> > McGuffey, David C. wrote:
> > > A few days ago, a workstation in a lab stopped doing DNS lookups
to
> > > support connectivity to SMTP, POP, and web services. As I think
back,
> > > the behavior started in close proximity in time to a stunnel
update.
> > # uname -a
> > # ifconfig
> > # time route
> > # ping localhost
> > # ping 127.0.0.1
> > # ping self ip from ifconfig
> > # ping self hostname by name
> > # ping another machine on this network.
> > # ping next hop router {from route}
> > # ping 66.249.89.99 {google}
> > # cat /etc/resolv.conf
> > # ping nameserver ip from resolv.conf
> > # dig www.google.com.au
> > # ping www.google.com.au
> >
> > Guessing you did all that, but maybe dropping the results would help
us
> > work out what's up ?
> >
> I did some of that, but not all. Will try to get back to the machine
> today and do that.
>
> BTW, I dropped an F8 loaded laptop onto the network, powered it up,
> received the dhcp configuration and was able to get out through the
> gateway. So the problem is definitely associated with the F7 load on
the
> workstation.
>
> Dave McGuffey
>

I thought this was solved when I fixed an unusually short dhcp lease
setting in our ISP provided firewall/switch. But guess not.

Problem went away for quite a while. Then it reared its ugly head
again. Seems to be an intermittent issue. This is eally driving us
nuts.

This machine and the other few devices on the internal network are
static IP using host files.

I ran through the list above, and can ping localhost, two printers, and
another computer via IP and hostname. Of course that is using the
/etc/host entries. CUPS is working and we can print to both printers.
Samba is working on this machine, and the other machine can log in and
reach the smb shared folder. So, the network components (except for dns)
seem to be working A-OK.

As soon as I try to dig, or ping an external site by hostname the effort
times out.

When I try to ping my two ISP provided DNS servers, the effort times
out. That is not unusual, because most ISPs are dropping a lot of icmp
to their servers, except from a small number of their internal
management systems. I do the same on my internal networks.

So...this appears to be a dns lookup problem. The /etc/host,
/etc/resolv.conf, /etc/networks, and /etc/nsswitch.conf all look good
and have not changed since before the problem started.

Iptables hasn't changed, so there is not a rule that intermittently
appears that would block dns lookups through the gateway.

I believe I may have a corrupted library routine upon which the dns
client relies.

I don't have a lot of time to go poking around...the boss is telling me
to get it fixed quickly, or move on to F9 (which I'm not quite ready to
do for this particular machine.)

Later today I'm going to try tshark to snoop the network traffic to see
if the machine is actually sending dns queries out through the gateway.

***Assuming there are no dns queries going out of the machine, using yum
in a force mode, which network components should I reload from the F7
repository?***

Dave McGuffey
Principal Information System Security Engineer // NSA-IEM, NSA-IAM
SAIC, IISBU, Columbia, MD


--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 07-21-2008, 05:36 PM
John Cornelius
 
Default Lost DNS lookup

McGuffey, David C. wrote:

I thought this was solved when I fixed an unusually short dhcp lease
----Snip----

As soon as I try to dig, or ping an external site by hostname the effort
times out.

When I try to ping my two ISP provided DNS servers, the effort times
out. That is not unusual, because most ISPs are dropping a lot of icmp
to their servers, except from a small number of their internal
management systems. I do the same on my internal networks.

I would consider this unusual. When you get an address through dhcp the
dhclient overwrites /etc/resolv.conf with the IP addresses of the ISP's
name servers and those wind up being the only ones that you get. If you
can't get to your name servers everything else is interesting but
unimportant.

So...this appears to be a dns lookup problem. The /etc/host,
/etc/resolv.conf, /etc/networks, and /etc/nsswitch.conf all look good
and have not changed since before the problem started.


What is in /etc/resolv.conf?

Iptables hasn't changed, so there is not a rule that intermittently
appears that would block dns lookups through the gateway.


Unless you blocked the DNS ports iptables wouldn't be the problem.

I believe I may have a corrupted library routine upon which the dns
client relies.


Very unlikely! Have you checked the routing tables?

I don't have a lot of time to go poking around...the boss is telling me
to get it fixed quickly, or move on to F9 (which I'm not quite ready to
do for this particular machine.)

Later today I'm going to try tshark to snoop the network traffic to see
if the machine is actually sending dns queries out through the gateway.

Good idea! You might also try a traceroute to the name servers and see
where it gets hung up.


The last time I saw this thread you had more than one machine with this
problem. Is that still the case?

***Assuming there are no dns queries going out of the machine, using yum
in a force mode, which network components should I reload from the F7
repository?***

Dave McGuffey
Principal Information System Security Engineer // NSA-IEM, NSA-IAM
SAIC, IISBU, Columbia, MD



John Cornelius

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 

Thread Tools




All times are GMT. The time now is 08:12 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org