I have an issue where hostnames are being looked up from DNS even though they are present in /etc/hosts.
I have the following configured:
/etc/host.conf:
order hosts,bind
/etc/nsswitch.conf:
hosts: files dns
/etc/resolv.conf:
nameserver <nameserver one>
nameserver <nameserver two>
The application running on the host makes some internal and external API requests.
From tcpdump, I'm seeing DNS queries to some of the internal service hostnames that are listed in /etc/hosts. The tcpdump command I'm using is:
tcpdump -tqAlU -s0 port 53 and host <nameserver one>
In the dump I'm seeing requests like the following:
IP 10.0.80.11.domain > app004-private.51308: UDP, length 102
E...I2..>...
.P.
.........I.1E...:...Q.. localhost............ ..@.a.root-servers.net..nstld.verisign-grs.com.w..
IP app004-private.33828 > 10.0.80.11.domain: UDP, length 39
E..Ca.@.@.B.
.2.
.P..$.5./..3e.......... localhost.site.com.....
IP 10.0.80.11.domain > app004-private.33828: UDP, length 96
E..|....>.T;
.P.
.2..5.$.hU.3e.......... localhost.site.com................-.ns10.dnshost.com...dns.8w.............u.....
Notice that localhost is being sent to DNS as well as localhost.site.com. The /etc/hosts entry for localhost is:
127.0.0.1 localhost.localdomain localhost
And
IP 10.0.80.11.domain > app004-private.51664: UDP, length 93
E..yx...>.m.
.P.
.2..5...e.<N2...........api.site.com................-.ns10.dnshost...dns.5w.............u.....
IP app004-private.51664 > 10.0.80.11.domain: UDP, length 48
E..L`.@.@.C.
.2.
.P....5.8..n............api.site.com.site.com.....
IP 10.0.80.11.domain > app004-private.48878: UDP, length 76
E..h&e..>..w
.P.
.2..5...TQ..............11.80.0.10.in-addr.arpa.............Q............p.... . :...Q.
IP 10.0.80.11.domain > app004-private.51664: UDP, length 105
E...VX..>..g
.P.
.2..5...qJ.n............api.site.com.site.com................-.ns10.dnshost.'.dns.Aw.............u.....
Where api.site.com is in /etc/hosts. Running getent to query api.site.com returns:
$ getent hosts api.site.com
10.36.176.114 api001-private api001-private.site.com api001 api.site.com api
I'm stumped. Everything appears to be configured correctly (as far as I'm aware) to use /etc/hosts first then DNS. Any insight as to why /etc/nsswitch.conf and /etc/host.conf are not being respected?
The main application running on the system is http (apache 2.2.15 and PHP 5.3.8 with curl 7.30.0). The OS is Centos 5.6 running with kernel 2.6.18-238.9.1.el5 and glibc 2.5-58.el5_6.3.
Thanks in advance!
Best Answer
We were able to resolve this by disabling ipv6. We disabled ipv6 by adding the following to /etc/modprobe.conf and rebooting.
After reboot, we no longer see DNS lookups for hosts listed in /etc/hosts.
It's not clear to me exactly why this resolves the issue.