Broken nsswitch.conf with Fedora?

Ralph.Grothe at itdz-berlin.de Ralph.Grothe at itdz-berlin.de
Tue Feb 28 15:11:09 UTC 2006


Hello Fedora users,

I don't get nsswitch to work as I am used to it on other Unices
such as Solaris (ok, it has to work on the inventors' OS, hasn't
it?)
or HP-UX.

The problem is that I need to register private (virtual) IP
addresses
that are neither routable nor resolvable by any DNS server (even
our own),
but whose bidirectional resolution is required by certain
applications.

This is usually no problem because it boils down to registering
them in /etc/hosts,
like in the old days.

Because nowadays there is a multitude of name services (e.g. DNS,
NIS, LDAP)
one would have to configure the name service switch.
But this is usually as simple as telling applications to use the
local files 
before referring to any other name services.

e.g. on an HP-UX box I would simply add these entries

$ uname -srv
HP-UX B.11.11 U

$ tail -1 /etc/hosts
123.123.123.123 sample.our-rotten.org   sample

$ grep hosts /etc/nsswitch.conf 
hosts:        files [NOTFOUND=continue] dns


Now on HP-UX the getent tool lacks, but therefore they provide a
tool called nsquery
which is equally suited for testing the nsswitch.


$ nsquery hosts sample

Using "files [NOTFOUND=continue] dns" for the hosts policy. 

Searching /etc/hosts for sample 
Hostname: sample.our-rotten.org 
Aliases: sample 
Address: 123.123.123.123 
Switch configuration: Terminates Search 


$ nsquery hosts 123.123.123.123

Using "files [NOTFOUND=continue] dns" for the hosts policy. 

Searching /etc/hosts for 123.123.123.123 
Hostname: sample.our-rotten.org 
Aliases: sample 
Address: 123.123.123.123 
Switch configuration: Terminates Search 


As can be seen resolution works bidirectional independent of what
any nameserver may have to say
(because it isn't even bothered)
The nice thing on HP-UX is that they even patched their nslookup
resolver tool to honour
nsswitch.conf settings

$ nslookup 123.123.123.123
Using /etc/hosts on:  venice

looking up FILES
Name:    sample.our-rotten.org
Address:  123.123.123.123
Aliases:  sample

$ nslookup sample.our-rotten.org
Using /etc/hosts on:  venice

looking up FILES
Name:    sample.our-rotten.org
Address:  123.123.123.123
Aliases:  sample


So this is the functionality I expect from any modern
Unix-(SysV)-like OS.

However, so far I have never achieved this on Linux (or a RedHat
based distro to be precise)

I assume that I simply lack some lib or maybe a PAM patch.

So doing the same on this Fedora 3 box I get

$ uname -srv
Linux 2.6.9-1.667smp #1 SMP Tue Nov 2 14:59:52 EST 2004

$ cat /etc/fedora-release 
Fedora Core release 3 (Heidelberg)

$ grep ^hosts /etc/nsswitch.conf 
hosts:      files [NOTFOUND=continue] dns

$ tail -1 /etc/hosts
123.123.123.123         sample.our-rotten.org   sample

$ getent hosts sample
123.123.123.123 sample.our-rotten.org sample

$ getent hosts 123.123.123.123

$ echo $?
2


Why isn't it doing reverse lookups?

Needless to say that neither nslookup, nor host, nor dig
care about the content of nsswitch.conf but instead straight away
seem to query the first nameserver from /etc/resolv.conf.

These are the DNS related RPMs installed on the box

$ rpm -qa|grep -E dns\|bind
bind-libs-9.2.4-2
ypbind-1.17.2-3
bind-utils-9.2.4-2

$ rpm -qf /etc/nsswitch.conf 
glibc-2.3.3-74

$ rpm -qf /etc/resolv.conf 
file /etc/resolv.conf is not owned by any package

$ rpm -qf /etc/hosts
file /etc/hosts is not owned by any package


I consulted the RedHat Refernce Guide
but the only reference to the nsswitch therein
relates to LDAP.
The rest is silence.

Regards
Ralph








More information about the fedora-list mailing list