Re: [SLUG] ping problems with BIND9 - SemiSolved

From: Paul M Foster (paulf@quillandmouse.com)
Date: Sat Dec 04 2004 - 02:21:38 EST


On Fri, Dec 03, 2004 at 03:31:05PM -0500, Mike Branda wrote:

> > > >> Mike Branda said:
> > > >> > O.K. here goes. after muddling around for a bit now I am out
> of ideas
> > > >> > as to why this isn't working. I have set up an internal only
> domain
> > > >> > "my.fakedomain.local" and am having a minor issue. I can use
> dig from
> > > >> > the dns server to any machine listed in the zone and get the
> proper
> > > >> > answer and can do the same from any client machine as well as
> reverse
> > > >> > lookups. The caching from external web servers works also.
> What I am
> > > >> > having an issue with is that I can ping by IP and hostname for
> the
> > > >> local
> > > >> > network machines from the dns box itself but pings only work by
> IP
> > > >> from
> > > >> > the clients. Again, dig works on both dns and clients for
> local
> > > >> machine
> > > >> > name lookups. Any ideas why I can't ping hostnames from
> clients??
> > > >> >
> > > >> > Thanks.
> > > >> >
> > > >> > Mike
> > > >>
> > > >>
> > > >> On Wed, 2004-12-01 at 13:56, Kerry Thompson wrote:
> > > >> Mike
> > > >> Some information on what the client OS is would help.
> > > >>
> > > >> (taking a punt that they are *nix) It sounds like the clients
> have
> > > >> /etc/resolv.conf configured, but /etc/nsswitch.conf hasn't got
> "dns"
> > > >> configured for hosts lookups. A key difference between dig/host
> and
> > > >> vanilla commands ( ping, telnet ) are that dig goes straight to
> > > >> resolv.conf to find DNS servers, whereas ping uses normal
> libraries to
> > > >> read nsswitch.conf then oges to resolv.conf
> > > >>
> > > >> Kerry
> > > >
> > > >
> > > >
> > > > Mike Branda said:
> > > > Kerry,
> > > >
> > > > here's what's in nsswitch.conf. it already had dns in the hosts
> and
> > > > networks lines. What's strange is that if I remove the nameserver
> from
> > > > resolv.conf, when I do "ping machinename" it immediately returns
> "ping:
> > > > unknown host machinename". But when the nameserver is there, it
> takes
> > > > about 15 seconds to return the same message.
> > > >
> > > > Mike
> > > >
> > >
> > >
> > > On Wed, 2004-12-01 at 14:50, Kerry Thompson wrote:
> > > That delay sounds like its searching for the domain, in other words
> the
> > > client system doesn't know what domain its in.
> > > Try pinging the fully qualified domain name eg.
> > > machinename.your_domain.tld, and/or adding a 'domain' statement into
> > > /etc/resolv.conf:
> > >
> > > domain your_domain.tld
> > >
> > > Kerry
> > >
> > >
> > >
> > >
> >
> > On Wed, 2004-12-01 at 15:14, Mike Branda wrote:
> > I did both before joining the list. Ping doesn't work for short or
> > fully qualified and the domain and search entries are both in
> > resolv.conf. The server is set to listen on all interfaces right now
> > for testing. Other than the related bind files, /etc/hosts and resolv
> > are the same (with the exception of the hostname in hosts) on both
> > client and server. www/external stuff works fine from the client with
> > no problem. I'm assuming that's due to the root.hint servers.
> External
> > caching seems to be o.k. too from dig response times. Dig on the
> client
> > returns the properly associated IP in the answer section and the
> reverse
> > lookup (-x) returns the fully qual. domain name. No other internal
> > services work....eg ssh,ping,http.
> >
> > Mike
> >
>
> Since I didn't get anywhere on our local list, I turned to the
> bind-users list. The only reason I'm posting this is I know a lot of
> people have recently installed SuSE 9.1 from the Novell eval pack and
> this may pertain to you and anybody using a recent copy of Mandrake.
> They have taken a new step in the way local network names are resolved.
>

<snip>

>
> So Here's what I've got in case anybody's interested. Somewhere along
> the line I must have failed to mention that I'm using SuSE 9.1 as the
> client. Herein lies the problem....apparently SuSE decided to go the
> zeroconf route with /lib/libresolv.so.2 and anything that uses the
> ".local" top level automatically tries to go to multicast for
> resolution. I'm still doing research as to solutions. One guy just
> copied an older libresolv from 9.0 and that worked. Indeed it does.
> I've tried it. But who know what else they've changed so That's going
> to be a last resort until I get a chance to check the source. Other
> options seem to be to pick another "fake" non-likely internal domain
> name. Here's one of the more informative links that explains how this
> has already been done in apple's Rendezvous and MS for multicast
> lookups.

Excuse my ignorance. This isn't in my area of expertise. I can't solve
your problem, but I had a couple of questions.

What you're saying is that when you set up your local domains with the
suffix ".local", the version of the resolver library on SuSE 9.1 tries
to multicast for resolution. Right?

It seems like the resolver library would have two choices: 1) anything
not an internet TLD (.com, .org, .biz, etc.) would be considered
"local"; 2) the ".local" domain is considered local. This leads to my
questions:

I realize this is probably not practical for you, but if you changed
your suffix to something like ".lan", would it make a difference? Second
question is: is the ".local" suffix standard practice for local domains?

Paul

-----------------------------------------------------------------------
This list is provided as an unmoderated internet service by Networked
Knowledge Systems (NKS). Views and opinions expressed in messages
posted are those of the author and do not necessarily reflect the
official policy or position of NKS or any of its employees.



This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 20:09:50 EDT