[ale] nslookup works, ping doesn't ???

Greg Freemyer greg.freemyer at gmail.com
Tue Jan 19 15:32:12 EST 2010


All,

I restored an old copy of /etc/resolv.conf and it is now working.

It may not be the opensuse 11.2 way, but at least it is working.

Trying to finish my upgrade now.  (I needed network access / dns to finish up).

Greg

On Tue, Jan 19, 2010 at 3:22 PM, Greg Freemyer <greg.freemyer at gmail.com> wrote:
> On Tue, Jan 19, 2010 at 3:00 PM, Brian Pitts <brian at polibyte.com> wrote:
>> On 01/19/2010 02:28 PM, Greg Freemyer wrote:
>>> I can ping local machines by IP.
>>>
>>> I can do:
>>> nslookup yahoo.com 127.0.0.1
>>> and
>>> nslookup yahoo.com 10.0.1.44   (my desired primary dns server)
>>>
>>> Both those give the expected result.
>>>
>>> But "ping yahoo.com" comes back with unknown host.
>>>
>>> What gives?
>>>
>>> fyi: resolv.conf is not used in this distro.  I see 10.0.1.44 as my
>>> nameserver down in /etc/sysconfig/network/config, but I don't know if
>>> it is working.
>>
>> You could strace ping and see everywhere it checks for name resolution
>> info. EG on my box it's reads resolv.conf, nsswitch.conf, host.conf, and
>> hosts, then does a dns lookup using the server in my resolv.conf file.
>> You can even see the data sent and received in the sendto() and
>> recvfrom() calls, although tcpdump would make that easier to read.
>>
> Brain,
>
> Good thought.
>
> It does some basic stuff and quickly opens and closes resolv.conf.
>
> Then it seems to interrogate "/var/run/nscd/socket"  (I don't know
> what that is):
>
> socket(PF_FILE, 0x80801 /* SOCK_??? */, 0) = 4
> connect(4, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = 0
> send(4, "\2\0\0\0\r\0\0\0\6\0\0\0hosts\0", 18, MSG_NOSIGNAL) = 18
> poll([{fd=4, events=POLLIN|POLLERR|POLLHUP}], 1, 5000) = 1 ([{fd=4,
> revents=POLLIN|POLLHUP}])
> recvmsg(4, {msg_name(0)=NULL, msg_iov(2)=[{"\2\0\0\0|\255", 6},
> {"\1\0\0\0D\th\267", 8}], msg_controllen=0,
> msg_flags=MSG_CMSG_CLOEXEC}, MSG_CMSG_CLOEXEC) = 0
> close(4)                                = 0
> socket(PF_FILE, 0x80801 /* SOCK_??? */, 0) = 4
> connect(4, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = 0
> send(4, "\2\0\0\0\4\0\0\0\n\0\0\0yahoo.com\0", 22, MSG_NOSIGNAL) = 22
>                                                       ^^^^^^^^^^^
> this is the only attempt to resolve that I saw
>
> poll([{fd=4, events=POLLIN|POLLERR|POLLHUP}], 1, 5000) = 1 ([{fd=4,
> revents=POLLIN|POLLHUP}])
> read(4, "\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0",
> 32) = 32
> close(4)                                = 0
> write(2, "ping: unknown host yahoo.com\n", 29ping: unknown host yahoo.com
> ) = 29
> exit_group(2)                           = ?
>



-- 
Greg Freemyer
Head of EDD Tape Extraction and Processing team
Litigation Triage Solutions Specialist
http://www.linkedin.com/in/gregfreemyer
Preservation and Forensic processing of Exchange Repositories White Paper -
<http://www.norcrossgroup.com/forms/whitepapers/tng_whitepaper_fpe.html>

The Norcross Group
The Intersection of Evidence & Technology
http://www.norcrossgroup.com



More information about the Ale mailing list