Weird ping issue on redhat box

S

ScYcS

2[H]4U
Joined
Dec 11, 2004
Messages
3,960
Ok, this is a first for me. I've setup several linux servers and several Redhat ES servers in particular but never encountered this problem before:

- I *do* have network access

- I *can* dig everything i want and get the proper replies

- I *can* nslookup and get the proper replies

- I *can* browse the web but only by IP address

I can't get any ping response from the outside. My resolv.conf file has the proper (and working) DNS server address in it. My hosts file looks ok (all the necessary entries are in there), my nsswitch.conf file has the proper search as well. I even turned off the iptables firewall service to make sure it's not the firewall blocking something. No go. I'm out of ideas.....


ping: unknown host www.google.com


Why does my dns not resolve? Every other PC in the network (behind a enterprise cable router) works fine and DNS is resolved fine on these machines as well.
 
Is there any difference between pinging as a user and root?
 
Like i said in my initial post, the dig results are accurate, as are the nslookup results. Weird....
 
have u tried checking to see if it has something to do with A FIREWALL somwhere on SOME computer, etc.. or router..
 
Well, that was my first thought, but seeing that a simple desktop computer, no matter which OS can resolve dns and ping the outside just fine....i really has to do with the redhat OS config.
 
after Child of Wonder's question I'm thinking it may have something to do with the hosts file or maybe turning off IPV6 support in firefox and in the system may also work.
 
Child of Wonder said:
Can you ping an external IP address?
Click to expand...

With any client computer: yes

With the server in question: no (correction: i can ping IP addresses on the outside, just not names)

I also start to believe it's something with either the hosts file or IPV6. I'll turn off IPV6 tomorrow morning and see what it does.
 
Your routing table might be screwed up, specifically your default gateway.
 
ScYcS said:
Wouldn't that mean i would not get anywhere? I can get to websites via ip address...
Click to expand...

In my limited experience, you would be correct. Usually the main problem I run into in regards to not resolving IPs is the DNS server.

I know you don't want to hear this, but it would probably be worth it to double or triple check the DNS server you are using. You might want to add another one into the mix as a backup and see if it works then. If it works then, there is something wrong with the primary DNS server.

As already mentioned, you might want to try turning off ipv6. I turn it off on all my machines as it's not currently used. No reason to have it running like that if there is no use for it.

 
Still haven't figured it out yet :(

To make matters even worse, there is an additional piece of info that makes me go huh? even more:

2 days ago, the customer in question had an internet outage (i'm not physically where the server is located; i rather ssh into it from where i am). At the same time, the customer reported that their server is not accessible by telnet anymore internally. Telnet was coming back up as soon as internet was back. This is sure weird. Why would something external as the internet going down have something to do with the internal telnet capability?

Before you all start: Yes, i know telnet is not secure but the customer needs it and can't use ssh or any other method to login within their network for various reasons. So let's not make this a con telnet discussion. It would take me way too long to explain and quite frankly, it's the customers choice and not mine.
 
If all of your config files are correct, and the firewall is turned off, then the only other thing that could affect DNS resolution on a per-app basis is the resolver library. nslookup and dig might have been statically linked, while firefox and ping might have been dynamicallly linked against a lib that no longer exists. It's a shot in the dark, but I have no other ideas. Run ldd on ping, nslookup, dig, and firefox, and look for libresolv.so.#
 
Bones said:
If all of your config files are correct, and the firewall is turned off, then the only other thing that could affect DNS resolution on a per-app basis is the resolver library. nslookup and dig might have been statically linked, while firefox and ping might have been dynamicallly linked against a lib that no longer exists. It's a shot in the dark, but I have no other ideas. Run ldd on ping, nslookup, dig, and firefox, and look for libresolv.so.#
Click to expand...

Will do on monday....getting desperate here.
 
Another thing to look for is file corruption - if the resolver lib exists, it might still be broken. Check your logs, sometimes the failed calls are recorded. The only way you'll know if it's corruption (in a binary distro) is to compare crypto digests of your files with what is in the packages. Or possibly tripwire, if you have it installed.

Good luck.
 
Check your nsswitch.conf, my guess is that the dns lookup ("hosts:") is limited to the "files" only. Make sure that it has at least "files dns". nslookup and dig do not follow the rules of nsswitch.conf for some reason. Also make sure your /etc/resolv.conf is valid.

EDIT*** Trying to read tech stuff at 7am is bad. I totally missed that those two files are supposed to be valid, could you post the nsswitch.conf still?
 
Will post my hosts file, nsswitch and resolv.conf file as well as my host.conf file tomorrow. Still the same issue.
 
[root@redhat /]# more /etc/resolv.conf
nameserver 207.99.0.1
nameserver 63.223.76.173

[root@redhat /]# more /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 localhost.localdomain localhost
192.168.1.250 redhat redhat.xxx.com
204.16.252.97 dynupdate.no-ip.com

[root@redhat /]# more /etc/host.conf
order hosts,bind

[root@redhat /]# more /etc/nsswitch.conf
#
# /etc/nsswitch.conf
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Legal entries are:
#
# nisplus or nis+ Use NIS+ (NIS version 3)
# nis or yp Use NIS (NIS version 2), also called YP
# dns Use DNS (Domain Name Service)
# files Use the local files
# db Use the local database (.db) files
# compat Use NIS on compat mode
# hesiod Use Hesiod for user lookups
# [NOTFOUND=return] Stop searching if not found so far
#

# To use db, put the "db" in front of "files" for entries you want to be
# looked up first in the databases
#
# Example:
#passwd: db files nisplus nis
#shadow: db files nisplus nis
#group: db files nisplus nis

passwd: files
shadow: files
group: files

hosts: files dns
# hosts: dns files

# Example - obey only what nisplus tells us...
#services: nisplus [NOTFOUND=return] files
#networks: nisplus [NOTFOUND=return] files
#protocols: nisplus [NOTFOUND=return] files
#rpc: nisplus [NOTFOUND=return] files
#ethers: nisplus [NOTFOUND=return] files
#netmasks: nisplus [NOTFOUND=return] files

bootparams: nisplus [NOTFOUND=return] files

ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files

netgroup: files

publickey: nisplus

automount: files
aliases: files nisplus


[root@redhat /]# more /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=redhat.xxx.com
NETWORKING_IPV6=no
NISDOMAIN=xxx.com
GATEWAY=192.168.1.1

[root@redhat /]# nslookup www.yahoo.com
Server: 207.99.0.1
Address: 207.99.0.1#53

Non-authoritative answer:
www.yahoo.com canonical name = www.yahoo-ht3.akadns.net.
Name: www.yahoo-ht3.akadns.net
Address: 69.147.114.210


[root@redhat /]# ping www.yahoo.com
ping: unknown host www.yahoo.com

[root@redhat /]# nslookup www.microsoft.com
Server: 207.99.0.1
Address: 207.99.0.1#53

Non-authoritative answer:
www.microsoft.com canonical name = toggle.www.ms.akadns.net.
toggle.www.ms.akadns.net canonical name = g.www.ms.akadns.net.
g.www.ms.akadns.net canonical name = lb1.www.ms.akadns.net.
Name: lb1.www.ms.akadns.net
Address: 207.46.192.254
Name: lb1.www.ms.akadns.net
Address: 207.46.19.190
Name: lb1.www.ms.akadns.net
Address: 207.46.193.254
Name: lb1.www.ms.akadns.net
Address: 207.46.19.254

[root@redhat /]# ping www.microsoft.com
PING microsoft.com (86.55.206.250) 56(84) bytes of data.
64 bytes from 86.55.206.250: icmp_seq=0 ttl=47 time=130 ms
64 bytes from 86.55.206.250: icmp_seq=1 ttl=47 time=141 ms
64 bytes from 86.55.206.250: icmp_seq=2 ttl=47 time=133 ms
ò
--- microsoft.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2023ms
rtt min/avg/max/mdev = 130.777/135.421/141.503/4.495 ms, pipe 2


As you can see, i can ping some hosts just fine by name. Some (like yahoo, i can't). I can ping www.yahoo.com just fine from a client in that network though.
 
Interesting - so certain DNS lookups work and others don't?

Try pinging the following host: vis.ucsd.edu

Do you have a tcpdump of the problem?

For reference, you can always paste cleaned up config files by doing:
Code: 
cat /etc/nsswitch.conf | grep -v ^# | grep -v ^$
 
[root@redhat root]# nslookup vis.ucsd.edu
Server: 207.99.0.1
Address: 207.99.0.1#53

Non-authoritative answer:
Name: vis.ucsd.edu
Address: 137.110.119.234

[root@redhat root]# ping vis.ucsd.edu
ping: unknown host vis.ucsd.edu
[root@redhat root]#
 
Is bind running locally on this server?

Are there different zones (such as external clients and internal clients) set up on the name servers this box is connecting to? If so, which zone is it part of?

I put the same DNS servers in my /etc/resolv.conf file and was able to ping www.yahoo.com and vis.ucsd.edu just fine.
 
bind is not running on the server and is not supposed to run either.

The nameserver is from their internet provider and i have no control over it. However, i tried it with our local DNS server, one that i DO have control over, and i get the same results.
 
Well that at least tells us that the issue has to be with this specific server.

What are the other workstations that are not having problems using for DNS?
 
Hi ScYcS,

May I know what happen to this issue. Is this been resolved ? I am also encountered this same issue in my vm server and up to now i haven't figured it out.

Thanks,
RaAL
 
You must log in or register to reply here.
Back
Top