Re: hosts seems to not be used by the resolver

Unruh wrote:
"Nico Kadel-Garcia" <nkadel@xxxxxxxxxxx> writes:

Because nslookup is hardly the only thing that does DNS checking.
Take a look at the contents of your /etc/nsswitch.conf to see if
it's actually set to use "files" or "dns" first: then look what
happens if you change the order around, then add "nis" with the
automatic or semi-automatic configuration tools and your order gets
messed up. Then look at tools like SSH that do reverse DNS lookups
and watch the craziness *they* create when you wind up with two IP
addresses corresponding to the same hostname.

??? If you have a hosts file you had better have the order
files,hosts. Anything else would be silly. If you misuse and
operating system, and it bites you, you should not be making laws
about how how others use theirs.

It is true that the new host lookup routines (which ssh uses and
which are supposed to ip6 ready)break almost everything for no
discernable reason.

Then you haven't looked into SSH. SSH does forward and reverse DNS lookups,
to verify that the host claiming to be "sshclient.whatever.com" and which is
permitted to do key-based or host-based access is really, really the host
expected, and so that connections can be logged with the appropriate
hostname so you can tell where someone was connecting from. This is
especially useful in dynamic DNS setups, like Windows machines in Active
Directory and Linux boxes that register their hostnames in active DNS, so
that connections from "mylaptop.whatever.com" are listed as actually coming
from that hostname, not just the DNS.

You can't rely on that in /etc/hosts: /etc/hosts is a serious legacy of when
DNS was awkward and painful to set up, and it was easier to simply publish
an /etc/hosts for your local network than to use a DNS server. These days,
it's easy to run an internal DNS server that handles this sort of thing for
you and avoids the conflicts. It's often done by using "views", that provide
one set of A records for internal use and another set for external or DMZ
use.


.

Relevant Pages

  • Re: General DNS config questions
    ... 0-9 and - are allowed as characters in DNS... ... host name that GoDaddy didn't like. ... No, no - you're right, it should be a hostname. ... Better to be safe. ...
    (microsoft.public.windows.server.dns)
  • Re: hostnames and interfaces
    ... > interface) and routers (multiple interfaces) can one define multiple ... > host names and IP addresses (strickly speaking that is what dns etc sees?) ... this can be a problem with a multi-homed host: ... Any machine will have a hostname -- that is the name which gets ...
    (freebsd-questions)
  • Re: can access IPs but not by hostname
    ... I know you said nslookup shows DNS is fine but, can you you ping a host name ... Using any browser by hostname fails with server can't be found. ...
    (microsoft.public.windows.server.general)
  • Re: cant connect with putty
    ... >> b) with ssh IPaddress ... >> if yes to b and d, but not to a and c, then it's a DNS thing. ... But ping by hostname is fine and the browser works fine by hostname, ... to it and can't (in my experience only slow connections, ...
    (Debian-User)
  • Re: exim HELO=fully qualified host name?
    ... > Basically correct. ... > You can test the system's idea of your host name either by running the ... (since one can't generally resolve the loopback address via DNS). ... suppose its less expensive than a DNS query, but specifying a hostname ...
    (Debian-User)
Loading