DNS resolution problem – dig working, ping not
Today I was reconfiguring my internal laptop network as I use virtual machines a lot (KVM ftw) and using /etc/hosts was not scaling anymore. I could use DNSmasq, but I prefer BIND – so I installed & chrooted it, and configured as caching-name server that properly resolve my internal zone ‘local’ (as I use addresses like ‘git.local’ or ‘dev1.local’ or whatever). Next I had to make NetworkManager to use this local DNS in the first place instead of those given from DHCP. I could of course edit properly /etc/resolv.conf and protect it with immutable attribute, but I suppose, that NM developers didn’t take it into consideration, that resolv.conf would be unwritable and hell knows what would happen then. So I added:
DNS1=127.0.0.1
DNS2=8.8.8.8
DNS3=8.8.4.4
To the /etc/sysconfig/network-scripts/ifcfg-Auto_WLANname and things were ok – after restarting network I had what I wanted to have in /etc/resolv.conf. I resolved VPN resolving problem similarly.
So now I wanted to start my work with VMs, and it appeared that I couldn’t make a connection to any of those:
[docent@docent-toshiba ~]$ ssh_git
ssh: Could not resolve hostname git.local: Name or service not known
Weird… And check this:
[docent@docent-toshiba ~]$ cat /etc/resolv.conf
# Generated by NetworkManager
search local
nameserver 127.0.0.1
nameserver 8.8.8.8
nameserver 8.8.4.4
So WTF with this DNS?
[docent@docent-toshiba ~]$ dig +short git.local
192.168.122.14
This time WTF was much bigger. Local DNS appears to be working correctly. So I thought that this Fedora claimed that won’t be resolving ‘local’ addresses via DNS. Just to confirm this idea I used tcpdump: tcpdump -n port 53 – in the meantime trying to ping ‘git.local’ host. And nothing there – tcpdump was silent. bingo – Fedora was not using DNS at all to resolve this one. So why? Let’s see:
[docent@docent-toshiba ~]$ strace -e poll,select,connect,recvfrom,sendto ping git.local
connect(3, {sa_family=AF_FILE, sun_path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
connect(3, {sa_family=AF_FILE, sun_path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
connect(3, {sa_family=AF_FILE, sun_path="/var/run/avahi-daemon/socket"}, 110) = 0
ping: unknown host git.local
+++ exited with 2 +++
Ok – we have nscd in the first way (which is not running on my laptop) and next we have Avahi… but where the hell is DNS? Let’s see /etc/nsswitch.conf:
hosts: files mdns4_minimal [NOTFOUND=return] dns myhostname
Ha – now everything is clear! You can read about Avahi, MDNS and ‘local’ domains here: http://avahi.org/wiki/AvahiAndUnicastDotLocal
Solution? There are two. Firstly we could just replace above nsswitch.conf entry with the following (of course only when NOT using Avahi):
hosts: files dns myhostname
Second solution – we could reconfigure Avahi – just as You can read in the above URL:
#/etc/avahi/avahi-daemon.conf
[server]
domain-name=.alocal
Now only restart Avahi, web browsers and everything should be working fine.