Lost DNS lookup

John Cornelius jc at hangarpilot.net
Mon Jul 21 17:36:31 UTC 2008 

McGuffey, David C. wrote:
> I thought this was solved when I fixed an unusually short dhcp lease
> ----Snip----
>
> As soon as I try to dig, or ping an external site by hostname the effort
> times out.
>
> When I try to ping my two ISP provided DNS servers, the effort times
> out. That is not unusual, because most ISPs are dropping a lot of icmp
> to their servers, except from a small number of their internal
> management systems.  I do the same on my internal networks.
>   
I would consider this unusual. When you get an address through dhcp the 
dhclient overwrites /etc/resolv.conf with the IP addresses of the ISP's 
name servers and those wind up being the only ones that you get. If you 
can't get to your name servers everything else is interesting but 
unimportant.
> So...this appears to be a dns lookup problem. The /etc/host,
> /etc/resolv.conf, /etc/networks, and /etc/nsswitch.conf all look good
> and have not changed since before the problem started.
>   
What is in /etc/resolv.conf?
> Iptables hasn't changed, so there is not a rule that intermittently
> appears that would block dns lookups through the gateway.
>   
Unless you blocked the DNS ports iptables wouldn't be the problem.
> I believe I may have a corrupted library routine upon which the dns
> client relies.
>   
Very unlikely! Have you checked the routing tables?
> I don't have a lot of time to go poking around...the boss is telling me
> to get it fixed quickly, or move on to F9 (which I'm not quite ready to
> do for this particular machine.)
>
> Later today I'm going to try tshark to snoop the network traffic to see
> if the machine is actually sending dns queries out through the gateway.
>   
Good idea! You might also try a traceroute to the name servers and see 
where it gets hung up.

The last time I saw this thread you had more than one machine with this 
problem. Is that still the case?
> ***Assuming there are no dns queries going out of the machine, using yum
> in a force mode, which network components should I reload from the F7
> repository?***
>
> Dave McGuffey
> Principal Information System Security Engineer // NSA-IEM, NSA-IAM
> SAIC, IISBU, Columbia, MD
>
>   
John Cornelius

More information about the users mailing list