networking - what does it mean if nslookup and ping fail to resolve a host name but tracert does not?
2014-04
This problem concerns an internal DNS server that for some reason sometimes fails to resolve the host names of some machines on the network. When it fails to resolve a host name, and this can happen on any client machine, the following commands return the following:
ipconfig /displaydns:
vm1host.domain.local - Name does not exist.
nslookup vm1host:
dnsserver1.domain.local can't find vm1host: Non-existent domain
ping vm1host:
Ping request could not find host vm1host. Please check the name and try again.
tracert vm1host:
Unable to resolve target system name vm1host.
nslookup vm1host.domain.local :
dnsserver1.domain.local can't find vm1host.domain.local: Non-existent domain
ping vm1host.domain.local:
Ping request could not find host vm1host.domain.local Please check the name and try again.
tracert vm1host.domain.local:
Unable to resolve target system name vm1host.domain.local.
nslookup <vm1-ip-address>
:
Works Ok...
ping <vm1-ip-address>
:
Works Ok...
tracert <vm1-ip-address>
:
Works Ok... (also displays vm1host.domain.local)
Interestingly, tracert resolves the name appropriately using only 2 hops.
Even if subsequently nslookup/ping the host name, I get the same error messages above.
Flushing the dns does nothing, and even if it did it would not solve the underlying problem since it is experienced by all client machines.
What does the failure of nslookup/ping but the success of tracert suggest about the underlying problem?
Your tracert
to the IP address is utilizing a reverse DNS lookup, that is to say it is querying the DNS server for the name to match the IP you entered. (As opposed to a regular forward DNS lookup where your computer queries the DNS server for an IP based on the name you entered.)
If, as in your case, you're not getting responses for a forward DNS lookup, but ARE getting responses from a reverse DNS lookup, then the issue would most likely be that no A Record exists for that host on the DNS server.
However, since you are getting the correct name for the host when your computer performs a reverse DNS lookup, it is likely that a PTR Record for the IP address does exists on the DNS server.
For more information on this, I recommend checking out the Wikipedia page on DNS record types.
The problem seems to be relatively easy, but I can't find good solution.
Configuration
I have local DHCP and DNS server running on ADSL router. It assigns IP addresses to local hosts and also keeps DNS records for assigned IPs.
This modem also registers itself via DynDNS services.
Let's assume I have no control over this modem, as it serves several groups.
Problem
When I look the host via nslookup
it works fine:
$ nslookup vanja
Server: 192.168.1.1
Address: 192.168.1.1#53
Name: vanja
Address: 192.168.1.12
but with ping
it fails:
$ ping vanja
ping: unknown host vanja
This happens, because ping
appends the local domain to the host, but DNS server does not know this domain (and I have no ways to set it), see strace output:
$ strace ping vanja
open("/lib/i686/cmov/libnss_dns.so.2", O_RDONLY) = 4
stat64("/etc/resolv.conf", {st_mode=S_IFREG|0644, st_size=23, ...}) = 0
socket(PF_INET, SOCK_DGRAM|SOCK_NONBLOCK, IPPROTO_IP) = 4
connect(4, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("192.168.1.1")}, 28) = 0
send(4, "\377N\1\0\0\1\0\0\0\0\0\0\5vanja\10dynalias\3com\0"..., 36, MSG_NOSIGNAL) = 36
recvfrom(4, "\377N\201\203\0\1\0\0\0\1\0\0\5vanja\10dynalias\3com\0"..., 1024, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("192.168.1.1")}, [16]) = 97
Also note that nslookup vanja.dynalias.com
will also fail on the same reason: DNS only maps dynamically assigned IPs to short PC names (which are passed from MS Windows workstations).
When I set the hostname to name without domain (# hostname centurion
) ping magically starts working, but I cannot leave hostname not in FQDN form, as otherwise it may confuse apache & postfix or break other things.
Question: How can I make ping
working together with having hostname in FQDN form?
Note: My attempts to play with search
and domain
options of /etc/resolv.conf
haven't succeeded. My goal was to force NSS library not to append domain name to the passed argument, or, better, make two tries: without and with domain appended.
Relative settings
$ hostname
centurion.dynalias.com
$ cat /etc/resolv.conf
nameserver 192.168.1.1
$ grep hosts /etc/nsswitch.conf
hosts: files dns
You may try
search . domainname.ext
to see if just adding the '.' works. Also
$ ping vanja.
would give you some clues.
Your resolver search path needs to be set.
In /etc/resolv.conf, add the line:
search domainname.ext
(Of course, replace domainname.net
above with your domain name).
This will ensure that ping hostname
also looks up hostname.domainname.ext
. Note that, you can add multiple domain names to the search path if you want.