Bug 72474 - DNS resolution failure
DNS resolution failure
Status: CLOSED NOTABUG
Product: Red Hat Linux
Classification: Retired
Component: initscripts (Show other bugs)
8.0
i386 Linux
high Severity medium
: ---
: ---
Assigned To: Bill Nottingham
Brock Organ
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2002-08-24 06:38 EDT by Michel Alexandre Salim
Modified: 2014-03-16 22:30 EDT (History)
8 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-10-11 23:57:16 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Michel Alexandre Salim 2002-08-24 06:38:09 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.0.1) Gecko/20020815

Description of problem:
When using a PPP connection (I tried using an Alcatel ADSL modem with the
open-source GPL driver, but others have tried using plain dial-up or PPPoE), I
could ping but DNS resolution fails completely (i.e. ping www.redhat.com,
nslookup www.redhat.com)

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. Set up a dial-up connection
2. Connect using dial-up

	

Actual Results:  Cannot ping/nslookup - it just times out

Expected Results:  Name resolved to IP address in a timely manner

Additional info:

Have been discussed recently in Limbo-list
Comment 1 Thomas Dodd 2002-08-26 11:00:31 EDT
stopping nscd seams to allow DNS lookups to work correctly.
At least ping and mozilla started doing lookups.
Comment 2 Eugene Regad 2002-08-26 13:14:16 EDT
I've got the same problem; programs cannot get an answer from the ISP's Domain
Name Server. FTP (terminal session or window on X session) reports (after a
couple minutes) : "Name or service not known."  Mozilla reports (error window:
"www.redhat.com could not be found.  Please check the name and try again." 
Evoluton reported (at end of configuration) "Error downloading RDF"

I am connected via cable modem, with a LinkSys router after the modem  I can
ping the DNS server by number. Another computer (running RH 7.3) works normally.
The "null computer", with the drive swapped with a drive with RH 7.2, works
normally.

Both Mozilla and ftp do connect under "null", if given the numeric address.
Turning off nscd (command: nscd -K) does not clear the problem for me.
Comment 3 Bill Nottingham 2002-08-27 20:44:13 EDT
Do you have a firewall configured?
Comment 4 Thomas Dodd 2002-08-28 09:58:19 EDT
Who were you asking Bill?

I don't have a firewall, and killing nscd gets resolutions working.
Comment 5 Bill Nottingham 2002-08-28 12:24:05 EDT
Asking anyone, actually.

OK, so if it doesn't have anything to do with the firewall, it *might* be a
glibc issue.

Is the correct thing being written in /etc/resolv.conf?
Comment 6 Thomas Dodd 2002-08-28 13:47:48 EDT
resolve.conf was correct. ppp/dhcp added the nameservers
correctly (but erased my search domains....) and
as I said, nsswitch.conf was also correct.

So bring up ppp0.
'ping IP' works.
'host redhat.com' works.
'ping redhat.com' fails.

stop nscd (service nscd stop)
'ping redhat.com' works.

It appears to be related to ppp though.
The box using dhcp for eth0 works fine.

I found nscd using strace. and comparing the LAN box
that worked to the ppp box that didn't.

I can try to recreate the strace log tonight.
Comment 7 Michel Alexandre Salim 2002-08-28 16:13:04 EDT
/etc/resolv.conf has the proper entries in it. Since I set up my PPP connection
manually (USB ADSL modem...) the first time round the dynamically-created
resolv.conf was not linked to /etc, but after I linked it manually it still did
not work.

Tried manually adding the entries from the automatic resolv.conf to
/etc/resolv.conf too and it still would not work. I could ping the DNS servers.

HTH,

Michel
Comment 8 Michel Alexandre Salim 2002-08-30 22:16:15 EDT
It might be nscd after all. I did a fresh install, this time of null, using a
bog-standard Workstation profile, and DNS resolution works fine. nscd is not
running.
Comment 9 Eugene Regad 2002-09-03 11:25:29 EDT
michel; ted
Check your security settings under system. If it's 'high' try 'medium'.  When I
installed null, I changed from the default 'medium' to 'high'.  'High' works
fine on RH 7.2 and RH 7.3, but these distributions use 'ipchains' for security.
 'null' uses 'iptables'.

When I switched the 'null' security settings from 'high' to 'medium', all the
DNS related problems went away.  Either a bug in the programming of iptables, or
the security model is more stringent.   I haven't looked at the actual rules for
either (commands:  iptables -L  ipchains -L).

Gene R.
Comment 10 Thomas Dodd 2002-09-03 12:02:42 EDT
I check tonight, but I pretty sure I set the firewall rules to "none",
since that machine dials in to a firewalled network.


I'll also try with the lates updates (glibc/nscd-2.2.92-2)
to see if that helps.
Comment 11 Bill McConaghy 2003-02-21 01:27:59 EST
I'm having a similar issue with DNS, but only intermittently.  I have a USB Alcatel modem connected to a router and use DHCP on my RH 8.0 machine to configure eth0.  DHCP adds the router's IP address as primary and secondary DNS to resolv.conf.  I can resolve most host names in a web browser just fine, but host names with many dots seem to puke.  For example, my.yahoo.com resolves, but story.news.yahoo.com doesn't.  This problem holds true for web browsing, but the host command resolves everything just fine.  Both Opera and Mozilla display this behavior.  Any ideas?
Comment 12 Adalberto B. Araújo 2003-04-03 12:31:06 EST
I also have the same problem, with Red Hat 8.0 & Conectiva Linux 8.0.
I don't have nscd running.
ping sites sometime works, and sometimes don't, but ican ping my DNS ip 
address, and all other ips on the internet.
the commands host, nslookup and dig always qork, even when ping is not working.
PS: SQUID stops resolving names together with ping.
I don't have a firewall set on my box.
Comment 13 Adalberto B. Araújo 2003-04-03 12:31:39 EST
I also have the same problem, with Red Hat 8.0 & Conectiva Linux 8.0.
I don't have nscd running.
ping sites sometime works, and sometimes don't, but ican ping my DNS ip 
address, and all other ips on the internet.
the commands host, nslookup and dig always qork, even when ping is not working.
PS: SQUID stops resolving names together with ping.
I don't have a firewall set on my box.
Comment 14 Adalberto B. Araújo 2003-04-03 12:36:24 EST
I forgot.
It happens with dial-up and ADSL connections.
I tried with 3COM homeconnect dual link and Allied CJ8M0
If i connect using windows, configure a NAT on it, and use this windows 
machine as my linux box gateway, the problem still happens.
When i use my linux box at work through an adsl gateway, i have the same 
problem. If i point my machine to a TC normal link, the problem stops.
Comment 15 Ulrich Drepper 2003-04-22 00:28:30 EDT
I doubt that this is a glibc bug.  At least not anymore.  I want to get glibc's
slate clean so I reassign it to firewall-config.  Note that RHL9 (and even more
the upcoming glibc which is not yet out) has some nscd fixes.

Also, when using nscd, note that if you're using dialup nscd would have to be
restarted after the the resolv.conf file is updated.  The file is read at
startup time.  So, if pppd establishes the connection amd modifies
/etc/resolv.conf nscd continues with the old setup and knows nothing about
default domains and new name servers.
Comment 16 Harald Hoyer 2003-04-22 04:50:44 EDT
there is no firewall-config-qt in 8.0 anymore... either assign to
redhat-config-security, but I do not think this is the case, because:
>>I don't have a firewall, and killing nscd gets resolutions working.<<
Comment 17 Harald Hoyer 2003-04-22 04:53:41 EDT
check for non-firewall should output:
# iptables -L -n
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
Comment 18 Adalberto B. Araújo 2003-04-22 08:48:04 EDT
I don't have any firewall configured in my boxes (same output above), and i 
don't use nscd. I have the same problem with Conectiva Linux 8.0

If i use ADSL with protocol PPPOE, it works perfectly, but with PPPOA, i have 
the problem.
Comment 19 Ulrich Drepper 2003-04-24 01:38:13 EDT
You have what problem (and I don't want to hear about Conectiva, I couldn't care
less about their problems).  There is no way this is a general problems.  People
use dialups all the time and there are no other reports.

When you have the problem run tcpdump or ethereal or some other tool examining
the network traffic.
Comment 20 Ulrich Drepper 2003-10-03 06:11:35 EDT
No reply in almost 6 months.  As said before, the generic connection problems
have nothing at all to do with glibc.  And the name resolution problems are
caused by nscd if nscd hasn't been restarted after the /etc/resolv.conf  was
updated.  This file is read only once at program startup time.  Just issue a

  services nscd restart

The interface ifup script should do this, or at least it should allow to be
configured to do this.

I'm closing this bug as NOTABUG.
Comment 21 Thomas Dodd 2003-10-03 09:33:35 EDT
I is a bug. I guess the if* scripts need to restart nscd if it was active.

I turned nscd off, and no problems. Still haven't gotten RHL9 installed on that
machine to see if it was still a problem.

So change the package. But when something starts a new interface, nscd should be
notified. Iguess make it an initscripts bug.


Comment 22 Jakub Jelinek 2003-10-03 09:42:01 EDT
s/service nscd restart/service nscd condrestart/
(nscd might not be installed or might not be running).

Note You need to log in before you can comment on or make changes to this bug.