dig: OK. ping: unknown host ??

Torsten Behle tbehle at fcb-wilkens.com
Fri Oct 29 09:08:08 UTC 1999 

Oops, where is my original post? (see below)

Heiko Ploehn:
>did you check the file /etc/nsswitch.conf?
>There should be, among others,  the following line:
>hosts:  files dns

Yes. File exists, is readable by all and has this line in.

Joseph S D Yao wrote:
> Do you allow queries both from the machine's IP address and
> from 127.0.0.1?

I think so. I have configuered:
ipchains -A input  -i lo -j ACCEPT
ipchains -A output -i lo -j ACCEPT
And I can e.g. telnet to itself (127.0.0.1, IP, the machine's name).
However, I temporarily deleted ALL ipchains without success
(and without intruders, I hope :-)
All ipchains denied connections and all nameserver queries
are being logged, and there is no entry after 'ping notworking.host'.
The "unknown hosts" comes extremely fast.

I discovered that the names that are not working are all CNAMEs
(internal and external). Most CNAMEs work. All A-records work.
('work' means: I can do ftp/telnet/ping etc. with the name.)
Because we are running the squid-proxy on the server,
CNAME resolving is essential (for virt. www-servers).

Maybe this is a hint ....

Some other information on my config:
- /etc/host.conf has: order hosts bind
- /etc/hosts has:
   127.0.0.1       localhost
   172.16.13.1     saturn.wilkens-net.com  saturn
- /etc/resolv.conf has:
   search wilkens-net.com
   nameserver 172.16.13.1
   nameserver 172.16.13.12
- I dumped the internal DNS-database to a file and verified that
  "notworking.internal.host" is in there. (kill -SIGINT named.pid)
- I restarted named (and one time the whole machine) without success.

And here is a complete example of an external host:
tbehle at saturn:~ > dig www.hamburger-digitaldruck.de

; <<>> DiG 2.2 <<>> www.hamburger-digitaldruck.de
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr rd ra; Ques: 1, Ans: 2, Auth: 2, Addit: 2
;; QUESTIONS:
;;      www.hamburger-digitaldruck.de, type = A, class = IN

;; ANSWERS:
www.hamburger-digitaldruck.de.  86400   CNAME   drvhh-support1.drvhh.de.
drvhh-support1.drvhh.de.        86400   A       195.179.55.131

;; AUTHORITY RECORDS:
drvhh.de.       86400   NS      drvhh-support.drvhh.de.
drvhh.de.       86400   NS      dns-d.is-europe.net.

;; ADDITIONAL RECORDS:
drvhh-support.drvhh.de. 86400   A       195.179.55.130
dns-d.is-europe.net.    81335   A       195.180.210.3

;; Total query time: 1923 msec
;; FROM: saturn to SERVER: default -- 172.16.13.1
;; WHEN: Fri Oct 29 10:53:16 1999
;; MSG SIZE  sent: 47  rcvd: 220

tbehle at saturn:~ > ping www.hamburger-digitaldruck.de
ping: unknown host: www.hamburger-digitaldruck.de

Thanks for any ideas on this crazy thing.
Torsten Behle
FCB/Wilkens Hamburg



>> Hi all,
>> having a local nameserver running Linux-krnl 2.2.10, Bind 4.9.7.
>> It's a master for zone foo.com and forwards all other queries to
>> ns.forward.com.
>> It's configured as a ipchains-firewall.
>>
>> On THIS MACHINE:
>> I can successfully dig and nslookup hosts on local and remote
>> networks.
>> When I try to ping/traceroute/ftp/telnet/etc. to this same host, I
>> get a "host unknown" error.
>> Logging named-queries show that there's no query in the second
>> (non-working) cases.
>> I do not get ipchains errors. Just nothing in syslog.
>>
>> On every OTHER MACHINE on the local network:
>> Everything works fine.
>>
>>
>> I'm trapped. Don't know where to look further.
>> Any hints?
>> Thanks so much.
>>
>> Torsten Behle
>> FCB/Wilkens Germany

More information about the bind-users mailing list