Linux – Cant resolve hostnames except using nslookup/dig in CentOS [resolved]

domain-name-systemlinuxlinux-networkingnetworking

I am unable to resolve hostnames, except using dig/nslookup. Declaring hosts in /etc/hosts works fine. DNSmasq nor bind is running. Below is the output of tcpdump port 53 when running dig google.com:

21:02:49.269083 IP txxxxxx1.corp.mxxxxxxs.com.39872 > dxxxxxx3.corp.mxxxxxs.com.domain:  7362+ A? google.com. (28)
21:02:49.269614 IP dxxxxxx3.corp.mxxxxxxs.com.domain > txxxxxx1.corp.mxxxxxxs.com.39872:  7362 5/0/0 A ord08s07-in-f19.1e100.net,[|domain]
21:02:49.270506 IP txxxxxx1.corp.mxxxxxxs.com.33316 > dxxxxxx3.corp.mxxxxxxs.com.domain:  30910+ PTR? 83.225.125.74.in-addr.arpa. (44)
21:02:49.303321 IP dxxxxxx3.corp.mxxxxxxs.com.domain > txxxxxx1.corp.mxxxxxxs.com.33316:  30910*- 1/0/0 (83)

And the results while running ping google.com:

21:03:05.027197 IP txxxxxx1.corp.mxxxxxxs.com.59151 > dxxxxxx3.corp.mxxxxxxs.com.domain:  56092+ A? google.com. (28)
21:03:05.029069 IP dxxxxxx3.corp.mxxxxxxs.com.domain > txxxxxx1.corp.mxxxxxxs.com.59151:  56092 5/0/0 A ord08s07-in-f18.1e100.net,[|domain]
21:03:05.029309 IP txxxxxx1.corp.mxxxxxxs.com.58238 > dxxxxxx3.corp.mxxxxxxs.com.domain:  10345+ PTR? 82.225.125.74.in-addr.arpa. (44)
21:03:05.065058 IP dxxxxxx3.corp.mxxxxxxs.com.domain > txxxxxx1.corp.mxxxxxxs.com.58238:  10345*- 1/0/0 (83)

Ping does not return any packets when used with hostnames. The results above are delayed ~5 seconds from when the command is given. I have no trouble pinging IPs.

Contents of /etc/resolv.conf:

nameserver 10.100.52.11
nameserver 10.100.52.13

Both name servers give good results when used with dig.

Results of route -n:

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.xxx.131.0    0.0.0.0         255.255.255.0   U     0      0        0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U     0      0        0 eth0
0.0.0.0         10.xxx.131.1    0.0.0.0         UG    0      0        0 eth0

Contents of /etc/hosts:

127.0.0.1       localhost.localdomain localhost
::1     localhost6.localdomain6 localhost6
10.xxx.131.xxx      txxxxxx1.corp.mxxxxxxs.com ast01
10.xxx.32.xxx       mail.mxxxxxxs.com

SSHD does not even allow logins if UseDNS is set to yes. NSCD is running: nscd 28525 0.0 0.0 233652 2900 ? Ssl 20:10 0:00 /usr/sbin/nscd.

Thanks!

. . . EDIT

I resolved this. /etc/nsswitch.conf had the line:

hosts: files wins dns

I changed it to read:

hosts: dns files wins

and everything works now. What's bizarre is that things were working fine up until last week. Nothing changed, certainly not as far as DNS. Hope this helps someone.

Best Answer

Are you relying on hostname completion (or "dns suffix appending" in the Windows world) to get a Fully Qualified Domain Name when you're running ping? If so, your /etc/resolv.conf is missing the domain and/or search options.

nameserver 10.100.52.11
nameserver 10.100.52.13
domain corp.mxxxxxxs.com

This should automatically append corp.mxxxxxxs.com to $HOST so you have a FQDN that correctly resolves.

See the manpage for more details.

Answer

The short answer to your specific question of listing CNAMEs is that you cannot without permission to do zone transfers (see How to list all CNAME records for a given domain?).

That said, if your company's DNS server still supports the ANY query, you can use dig to list the other records by doing:

dig +noall +answer +multiline yourdomain.yourtld any

These ... +noall +answer +multiline ... are strictly optional and are simply output formatting flags to make the output more easily human readable (see dig man page ).

Example

$ dig +noall +answer +multiline bad.horse any

Returns:

bad.horse.              7200 IN A 162.252.205.157
bad.horse.              7200 IN CAA 0 issue "letsencrypt.org"
bad.horse.              7200 IN CAA 0 iodef "mailto:abuse@sandwich.net"
bad.horse.              7200 IN MX 10 mx.sandwich.net.
bad.horse.              7200 IN NS a.sn1.us.
bad.horse.              7200 IN NS b.sn1.us.
bad.horse.              7200 IN SOA a.sn1.us. n.sn1.us. (
                                2017032202 ; serial
                                1200       ; refresh (20 minutes)
                                180        ; retry (3 minutes)
                                1209600    ; expire (2 weeks)
                                60         ; minimum (1 minute)
                                )

Caveats (RFC8482)

Note that, since around 2019, most public DNS servers have stopped answering most DNS ANY queries usefully. For background on that, see: https://blog.cloudflare.com/rfc8482-saying-goodbye-to-any/

If ANY queries do not enumerate multiple records, the only option is to request each record type (e.g. A, CNAME, or MX) individually.

Best Answer

Related Solutions

Debian – Setting up a DNS name server for a mass virtual host with Bind9

DNS Records – How to List All DNS Records in a Domain Using Dig

Answer

Example

Caveats (RFC8482)

Related Topic