DNS lookups do not always work

General support questions
Post Reply
jkhord
Posts: 29
Joined: 2010/03/10 23:54:45
Location: Washington, DC

DNS lookups do not always work

Post by jkhord » 2011/07/31 16:50:44

Here's an odd one.

I can use the 'host' command to lookup an IP of a FQDN, but if I run the ping command against that FQDN, it cannot do the lookup



[username@hostname ~]$ host yahoo.com
yahoo.com has address 209.191.122.70
yahoo.com has address 67.195.160.76
yahoo.com has address 69.147.125.65
yahoo.com has address 72.30.2.43
yahoo.com has address 98.137.149.56
yahoo.com mail is handled by 1 n.mx.mail.yahoo.com.
yahoo.com mail is handled by 1 o.mx.mail.yahoo.com.
yahoo.com mail is handled by 1 a.mx.mail.yahoo.com.
yahoo.com mail is handled by 1 b.mx.mail.yahoo.com.
yahoo.com mail is handled by 1 c.mx.mail.yahoo.com.
yahoo.com mail is handled by 1 d.mx.mail.yahoo.com.
yahoo.com mail is handled by 1 e.mx.mail.yahoo.com.
yahoo.com mail is handled by 1 f.mx.mail.yahoo.com.
yahoo.com mail is handled by 1 g.mx.mail.yahoo.com.
yahoo.com mail is handled by 1 h.mx.mail.yahoo.com.
yahoo.com mail is handled by 1 i.mx.mail.yahoo.com.
yahoo.com mail is handled by 1 j.mx.mail.yahoo.com.
yahoo.com mail is handled by 1 k.mx.mail.yahoo.com.
yahoo.com mail is handled by 1 l.mx.mail.yahoo.com.
yahoo.com mail is handled by 1 m.mx.mail.yahoo.com.
[username@hostname ~]$ ping yahoo.com
ping: unknown host yahoo.com
[username@hostname ~]$


I get the same behavior when I try to implement iptables rules using hostnames rather than IPs





any ideas?

User avatar
AlanBartlett
Forum Moderator
Posts: 9345
Joined: 2007/10/22 11:30:09
Location: ~/Earth/UK/England/Suffolk
Contact:

Re: DNS lookups do not always work

Post by AlanBartlett » 2011/07/31 17:00:49

What is defined in your [b]/etc/resolv.conf[/b] file?

jkhord
Posts: 29
Joined: 2010/03/10 23:54:45
Location: Washington, DC

Re: DNS lookups do not always work

Post by jkhord » 2011/07/31 22:09:41

Just noticed that /etc/selinux/config had "SELINUX=enforcing" declared

changed to 'disabled' and rebooted and the problem went away

jkhord
Posts: 29
Joined: 2010/03/10 23:54:45
Location: Washington, DC

Re: DNS lookups do not always work

Post by jkhord » 2011/07/31 22:12:26

[quote]
AlanBartlett wrote:
What is defined in your [b]/etc/resolv.conf[/b] file?[/quote]


Thanks for the response, Alan.

I had symlink /etc/resolv.conf to /usr/local/etc/resolv.conf (part of our CM scheme) and SELINUX didn't like it.

pschaff
Retired Moderator
Posts: 18276
Joined: 2006/12/13 20:15:34
Location: Tidewater, Virginia, North America
Contact:

Re: DNS lookups do not always work

Post by pschaff » 2011/07/31 22:41:24

Disabling a key security feature of Enterprise Linux, rather than correcting the underlying error, sounds like a bad idea to me. See

http://wiki.centos.org/HowTos/SELinux
http://wiki.centos.org/TipsAndTricks/SelinuxBooleans

gerald_clark
Posts: 10642
Joined: 2005/08/05 15:19:54
Location: Northern Illinois, USA

DNS lookups do not always work

Post by gerald_clark » 2011/08/01 14:25:38

As is using hostnames in iptables rules.

jkhord
Posts: 29
Joined: 2010/03/10 23:54:45
Location: Washington, DC

Re: DNS lookups do not always work

Post by jkhord » 2011/08/01 20:17:46

Interestingly, re-enabling SELinux forced a relabel of everything and it "blessed" my symlink to /usr/local/etc/resolv.conf

grifs71
Posts: 157
Joined: 2007/10/02 05:15:38
Location: Arkansas, United States

Re: DNS lookups do not always work

Post by grifs71 » 2011/08/05 01:15:52

I am leaving SELinux enabled on all servers, I have found even with 3rd party apps that install in /opt work just fine with it.

also I find this command useful cp --preserve=context file1 file2

I did a relabel on the filesystem and then rebooting the server and verifying all services function correctly without any problems.


getsebool -a | grep "httpd"

will display all of the options with selinux, I have found it very useful especially when dealing with bind/dhcp/tftpboot ect...

Post Reply