RHEL 6.6 unable to nslookup records in /etc/hosts

[Hemo]

weird question perhaps.


local network workstations and printer devices are assigned static IP, and mapped to a hostname in the /etc/hosts file

/etc/resolv.conf has the 'hostresorder local nis bind' entry, along with 'nameserver 8.8.8.8'

A side note, the 'who' command had historically produced output showing the hostname associated with a device, but is now reporting the IP address instead.

Let me example the behavior I am seeing when using the 'who' command:

issue the 'who' command and I used to see the hostname in parenthesis:
someuser pts/2 2015-10-02 20:13 (static_pc)

but now, I see the IP instead:
someuser pts/2 2015-10-02 20:13 (192.168.17.103)

What makes this behavior change?

any thoughts what to check?

 

[SamBones]

I don't think [tt]nslookup[/tt] uses [tt]/etc/hosts[/tt] at all. After all, the NS in the name is for "Name Server". It's a tool for doing DNS lookups and your local hosts file is not part of DNS.

You can use something like [tt]traceroute[/tt] to see which IP it has resolved for a given domain name. Or maybe write your own little C utility to look it up (getaddrinfo()?).

 

[Hemo]

I may have a simple understanding of this, but I understand the 'host' and 'nslookup' commands will call the resolver, and the resolver is configured to first look in the /etc/hosts file, and then use the public DNS

the line 'hostresorder local nis bind' in the /etc/resolv.conf file is telling the resolver to look _first_ to /etc/hosts, instead of the default behavior to look first to the public actual nameserver.

The issue here, is that it has stopped working, and either someone internal changed something and isn't fessing up, or something broke. It used to work until this morning for this server. It works on multiple other servers I work with and I've been comparing config files all day and coming up empty with what could have changed to force the resolver to stop looking at /etc/hosts. On the servers where things are still working, I can type 'nslookup local_host_name' and it will report back the IP address of the device as listed in the /etc/hosts file.

 

[SamBones]

No, from my understanding, [tt]nslookup[/tt] is Name Server Lookup. It specifically goes to the nameservers listed in [tt]resolv.conf[/tt] only.

I know it seems like it should use the order in the [tt]nsswitch.conf[/tt], but it doesn't.

Even the output of [tt]nslookup[/tt] says which nameserver it used to do the lookup...

# nslookup myserver
Server:         10.170.60.70
Address:        10.170.60.70#53

Non-authoritative answer:
Name:   myserver.mycorp.com
Address: 10.170.40.105

That IP [tt]10.170.60.70[/tt] was the nameserver it used to resolve the name, even though this particular host is in my [tt]/etc/hosts[/tt] file (I've altered the names to disguise my company, but the one I used for the command is in the hosts file).

 

[Hemo]

ok, enough, and I see your point and understand your answer is accurate regarding nslookup

Let me example the behavior I am seeing when using the 'who' command:

issue the 'who' command and I used to see the hostname in parenthesis:
someuser pts/2 2015-10-02 20:13 (static_pc)

but now, I see the IP instead:
someuser pts/2 2015-10-02 20:13 (192.168.17.103)

What makes this behavior change?

 

[iggsterman]

The "who" command will attempt to do a reverse lookup using your DNS server(s). You need to have a PTR record in the reverse zone for that "static_pc".
To verify please check dig -x 192.168.17.103. Until this resolves the command will be giving you IP addresses.

 

[Hemo]

thanks. that does verify things do not work. (!)

This is a RHEL system with default setups, we do not configure DNS on these, as we are not knowledgeable in DNS configurations or maintenance. 'Someone' did 'something' and things no longer work as they do work on 10's of other system setup. It sounds like the 'something' that was done was messing around with trying to configure as a DNS server perhaps?