[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Lost DNS lookup

The most likely problem is that you have been issued a bogus name server address by DHCP or you have a good one but you can't access it. First you should check the order in which nslookups are done in /etc/nsswitch.conf and be certain that DNS is the first choice. Then doing an nslookup or dig will either do the right thing or report that it cannot get a name for the name server address.

If the problem is in DHCP then it will spread to other machines. If the name server address is correct but you cannot access it check your routing tables and try a traceroute to the name server to ensure that you can get to it. It never hurts to check /etc/resolv.conf either. If the machine has been hacked the file may not be writeable and DHCP client won't be able to write to it. With Linux there are a lot of things to check so besides doing cat and ls do a lsattr on the file. All of the attributes should be off. While you're at it do a netstat -r to check the route to the name server (usually the default route).

John Cornelius

McGuffey, David C. wrote:
A few days ago, a workstation in a lab stopped doing DNS lookups to
support connectivity to SMTP, POP, and web services.  As I think back,
the behavior started in close proximity in time to a stunnel update.

Checked the usual locations and all seems to be ok.  /etc/resolv.conf,
/etc/nsswitch.conf, /etc/host and /etc/networks files look ok.  Running
ifconfig in a terminal shows that DHCP on the boundary firewall gave it
a good address, netmask, and gateway. The machine still serves up an
ext3 partition via samba to some windowze machines on the
network, and still prints to two network printers via cups (same network), so it is not a hardware problem. The two other
windowze machines on the network can reach the web via Firefox, but the
fedora 7 box won't, so I don't believe it is a firewall problem (nothing
has changed there).

As a last resort, I executed the normal windowze solution...a reboot.
That did not solve the problem.

Lights on the local 8-port switch don't seem to indicate any network
traffic when an nslookup command is issued.  I don't believe it is
issuing DNS requests through the gateway to the dns server...but will
confirm with tshark later today/this evening.

Any ideas?

Dave McGuffey
Principal Information System Security Engineer // NSA-IEM, NSA-IAM
SAIC, IISBU, Columbia, MD


No virus found in this incoming message.
Checked by AVG. Version: 8.0.100 / Virus Database: 270.2.0/1495 - Release Date: 6/10/2008 5:11 PM

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]