109.4 Configure client side DNS

Weight: 2

Candidates should be able to configure DNS on a client host.

Key Knowledge Areas

  • Query remote DNS servers.
  • Configure local name resolution and use remote DNS servers.
  • Modify the order in which name resolution is done.

Terms and Utilities

  • /etc/hosts
  • /etc/resolv.conf
  • /etc/nsswitch.conf
  • host
  • dig
  • getent

DNS

We already know a lot about Domain Name Server - A service who translates domain names (like yahoo.com) to IP addresses (like 206.190.36.45). A DNS server is used when you try to ping a server using its name. You have seen the config files for DNS and should know that the actual DNS server which is being used by the computer can be checked / changed (temporarily) from /etc/resolv.conf:

$ cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 192.168.1.1
nameserver 4.2.2.4

$ ping x.org
PING x.org (131.252.210.176) 56(84) bytes of data.
64 bytes from annarchy.freedesktop.org (131.252.210.176): icmp_seq=1 ttl=45 time=338 ms
64 bytes from  annarchy.freedesktop.org (131.252.210.176): icmp_seq=2 ttl=45 time=333 ms
^C
--- x.org ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 333.088/335.612/338.136/2.524 ms

dig

The dig tool is specificly build to query DNS. If you want to find out where x.org points to, you can do:

$ dig x.org

; <<>> DiG 9.10.3-P4-RedHat-9.10.3-12.P4.fc23 <<>> x.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7483
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;x.org.                IN    A

;; ANSWER SECTION:
x.org.            1625    IN    A    131.252.210.176

;; Query time: 35 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Sun Apr 17 12:45:02 IRDT 2016
;; MSG SIZE  rcvd: 50

As you can see, dig did a ip lookup for x.org and told me that the IP is 131.252.210.176. The 1625 is called the TTL or Time To Live and show how many secconds before this answer expires. This command also tells us which server is used to find the answer (last 4 lines) and when and how long it took.

There is also a way to tell dig command what server it should use as the DNS:

$ dig @8.8.8.8 google.com

; <<>> DiG 9.10.3-P4-RedHat-9.10.3-12.P4.fc23 <<>> @8.8.8.8 google.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24313
;; flags: qr rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;google.com.            IN    A

;; ANSWER SECTION:
google.com.        112    IN    A    173.194.32.133
google.com.        112    IN    A    173.194.32.136
google.com.        112    IN    A    173.194.32.132
google.com.        112    IN    A    173.194.32.129
google.com.        112    IN    A    173.194.32.137
google.com.        112    IN    A    173.194.32.130
google.com.        112    IN    A    173.194.32.134
google.com.        112    IN    A    173.194.32.135
google.com.        112    IN    A    173.194.32.128
google.com.        112    IN    A    173.194.32.131
google.com.        112    IN    A    173.194.32.142

;; Query time: 238 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Sun Apr 17 13:03:38 IRDT 2016
;; MSG SIZE  rcvd: 215

Here I haved asked dig to use 8.8.8.8 as its DNS and query google.com. You can see that I've got more than 1 answer (actually much more than 1 answer). My computer can randomly contact any of those IPs to reach the google.com. In other words, google.com is using more than 1 server/IP and 8.8.8.8 provides all of them when queried for that domain.

/etc/hosts

This is a file containing IP addresses and their domain names - statically saved! Lets have a look:

$ head /etc/hosts
127.0.0.1    funlife localhost.localdomain    localhost clickadu.com
::1    funlife localhost6.localdomain6    localhost6

10.159.32.155 nsnproxy
172.16.12.134 linuxclass wonderland
193.40.12.135 salma

87.106.233.90 gratis.vps

192.168.59.231 mass1

This file can be changed by root and will map some domain names (localhost, mass1, gratis.vps, ...) to some IP addresses. If I ping mass1 on this computer.. lets see:

$ dig mass1

; <<>> DiG 9.10.3-P4-RedHat-9.10.3-12.P4.fc23 <<>> mass1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 39464
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;mass1.                IN    A

;; AUTHORITY SECTION:
.            600    IN    SOA    a.root-servers.net. nstld.verisign-grs.com. 2016041700 1800 900 604800 86400

;; Query time: 516 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Sun Apr 17 13:15:07 IRDT 2016
;; MSG SIZE  rcvd: 109

$ ping mass1
PING mass1 (192.168.59.231) 56(84) bytes of data.
From 85-15-16-103.shatel.ir (85.15.16.103) icmp_seq=1 Packet filtered
From 85-15-16-103.shatel.ir (85.15.16.103) icmp_seq=2 Packet filtered

My computer pings 192.168.59.231 when I go for mass1 even when the DNS can not finds this name because that is defined in /etc/hosts.

nsswitch

The /etc/nsswitch.conf file tells the system about the priority of lookups, password checks, .... Lets have a look to make it clear:

$ cat /etc/nsswitch.conf
#
# /etc/nsswitch.conf
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Valid entries include:
#
#    nisplus            Use NIS+ (NIS version 3)
#    nis            Use NIS (NIS version 2), also called YP
#    dns            Use DNS (Domain Name Service)
#    files            Use the local files
#    db            Use the local database (.db) files
#    compat            Use NIS on compat mode
#    hesiod            Use Hesiod for user lookups
#    [NOTFOUND=return]    Stop searching if not found so far
#

# To use db, put the "db" in front of "files" for entries you want to be
# looked up first in the databases
#
# Example:
#passwd:    db files nisplus nis
#shadow:    db files nisplus nis
#group:     db files nisplus nis

passwd:     files sss
shadow:     files sss
group:      files sss

#hosts:     db files nisplus nis dns
hosts:      files mdns4_minimal [NOTFOUND=return] dns myhostname mymachines

# Example - obey only what nisplus tells us...
#services:   nisplus [NOTFOUND=return] files
#networks:   nisplus [NOTFOUND=return] files
#protocols:  nisplus [NOTFOUND=return] files
#rpc:        nisplus [NOTFOUND=return] files
#ethers:     nisplus [NOTFOUND=return] files
#netmasks:   nisplus [NOTFOUND=return] files

bootparams: nisplus [NOTFOUND=return] files

ethers:     files
netmasks:   files
networks:   files
protocols:  files
rpc:        files
services:   files sss

netgroup:   files sss

publickey:  nisplus

automount:  files sss
aliases:    files nisplus

On the DNS line I have hosts: files mdns4_minimal [NOTFOUND=return] dns myhostname mymachines. This means when the system wants to find the IP address of a name, it first go for the files (/etc/hosts) and then for mdns4_minimal and then dns and so on. In this case if I add the facebook.com to my /etc/hosts like this:

127.0.0.1 facebook.com

and then point my browser to facebook.com, my computer will try to open a webserver on 127.0.0.1 instead of the real IP of facebook.

getent

The getent command is a utility to get entries from Name Service Switch libraries (read /etc/nsswitch.conf). If you want to check what is the config of your hosts, you can do as follow.

$ getent hosts
127.0.0.1       funlife localhost.localdomain localhost clickadu.com
127.0.0.1       funlife localhost6.localdomain6 localhost6
10.159.32.155   nsnproxy
172.16.12.134   linuxclass wonderland
193.40.12.135   salma
87.106.233.90   gratisvps
192.168.59.231  mass1
192.168.59.232  mass2
192.168.59.233  mass3
192.168.59.234  mass4
192.168.59.235  mass5
192.168.59.236  mass6
192.168.59.237  mass7
192.168.59.238  mass8
192.168.59.239  mass9
127.0.0.1       frctlstartupfailure localtodoer localdeliv
127.0.0.1       frctlmeth

.

.

.

.

.

.

.

.

.


← 109.3 Basic network troubleshooting
Chapter List
110.1 Perform security administration tasks →

Category

LPIC1

Tags

Contact