Lost DNS lookup

McGuffey, David C. DAVID.C.MCGUFFEY at saic.com
Mon Jul 21 15:44:40 UTC 2008

> -----Original Message-----
> From: McGuffey, David C.
> Sent: 12 June, 2008 11:00
> To: dtimms at iinet.net.au
> Cc: fedora-list at redhat.com
> Subject: Re: Lost DNS lookup
> On Thu, 12 Jun 2008 22:48:12 +1000 David Timms <dtimms at iinet.net.au>
> >
> > McGuffey, David C. wrote:
> > > A few days ago, a workstation in a lab stopped doing DNS lookups
> > > support connectivity to SMTP, POP, and web services.  As I think
> > > the behavior started in close proximity in time to a stunnel
> > # uname -a
> > # ifconfig
> > # time route
> > # ping localhost
> > # ping
> > # ping self ip from ifconfig
> > # ping self hostname by name
> > # ping another machine on this network.
> > # ping next hop router {from route}
> > # ping   {google}
> > # cat /etc/resolv.conf
> > # ping nameserver ip from resolv.conf
> > # dig www.google.com.au
> > # ping www.google.com.au
> >
> > Guessing you did all that, but maybe dropping the results would help
> > work out what's up ?
> >
> I did some of that, but not all.  Will try to get back to the machine
> today and do that.
> BTW, I dropped an F8 loaded laptop onto the network, powered it up,
> received the dhcp configuration and was able to get out through the
> gateway.  So the problem is definitely associated with the F7 load on
> workstation.
> Dave McGuffey

I thought this was solved when I fixed an unusually short dhcp lease
setting in our ISP provided firewall/switch.  But guess not.

Problem went away for quite a while.  Then it reared its ugly head
again.  Seems to be an intermittent issue.  This is eally driving us

This machine and the other few devices on the internal network are
static IP using host files.

I ran through the list above, and can ping localhost, two printers, and
another computer via IP and hostname. Of course that is using the
/etc/host entries.  CUPS is working and we can print to both printers.
Samba is working on this machine, and the other machine can log in and
reach the smb shared folder. So, the network components (except for dns)
seem to be working A-OK.

As soon as I try to dig, or ping an external site by hostname the effort
times out.

When I try to ping my two ISP provided DNS servers, the effort times
out. That is not unusual, because most ISPs are dropping a lot of icmp
to their servers, except from a small number of their internal
management systems.  I do the same on my internal networks.

So...this appears to be a dns lookup problem. The /etc/host,
/etc/resolv.conf, /etc/networks, and /etc/nsswitch.conf all look good
and have not changed since before the problem started.

Iptables hasn't changed, so there is not a rule that intermittently
appears that would block dns lookups through the gateway.

I believe I may have a corrupted library routine upon which the dns
client relies.

I don't have a lot of time to go poking around...the boss is telling me
to get it fixed quickly, or move on to F9 (which I'm not quite ready to
do for this particular machine.)

Later today I'm going to try tshark to snoop the network traffic to see
if the machine is actually sending dns queries out through the gateway.

***Assuming there are no dns queries going out of the machine, using yum
in a force mode, which network components should I reload from the F7

Dave McGuffey
Principal Information System Security Engineer // NSA-IEM, NSA-IAM
SAIC, IISBU, Columbia, MD

More information about the users mailing list