I'm not a networking guru so could use some help. I am running a RHEL7 (Red Hat Enterprise Linux) VM (Virtual Machine) where some component on the OS is sending frequent DNS queries to resolve it's own local hostname to our main DNS server (which shouldn't be happening because the DNS server won't know anything about its address). Can anyone provide guidance as to how I can find out what component/service/process this is? It's filling our logs with 19k records over just hours and I need to find a way to fix this.
The hostname for the RHEL VM is spe1.2v29999999.dev.local , there is a static IP on this VM and it is 10.70.49.61. The /etc/hosts looks like:
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost4 localhost4.localdomain4
I suspected it might be a java jar we have running on the VM, but I stopped it via systemctl stop MyJavaJar but after running a tcp dump via tcpdump -i any udp port 53, I could still see the queries happening.
Here are some examples from different days/times in the logs (both A and TXT records):
2020-05-05T13:53:50.189178+00:00 dns.green.blue.mycompany.com 127.0.0.1 <daemon.info> dnsmasq[20886]: 739 10.70.49.61/65078 query[A] spe1.2v29999999.dev.local from 10.70.49.61
2020-05-07T00:01:39.934899+00:00 dns.green.blue.mycompany.com 127.0.0.1 <daemon.info> dnsmasq[8615]: 27827 10.70.49.61/57348 reply spe1.2v29999999.dev.local is NXDOMAIN
2020-05-11T00:01:20.674688+00:00 dns.green.blue.mycompany.com 127.0.0.1 <daemon.info> dnsmasq[8615]: 130345 10.70.49.61/53321 query[TXT] bootstrap.spe1.2v29999999.dev.local from 10.70.49.61
Would making any changes to /etc/hostname, /etc/sysconfig, /var/named .zone files, /var/named.conf or /etc/named help? Can I do more with tcpdump? Thanks
Put:
127.0.0.1 spe1.2v29999999.dev.local
in /etc/hosts. This is done by default on many distros.
Related
In an Ubuntu 20 or 22 LTS, if I attempt to use a hostname like anyname.localhost it always seems to resolve to IPv6 ::1 address.
In an old RHEL 6, if I attempt to use a hostname like anyname.localhost it always seems to resolve to IPv4 127.0.0.1 address.
In a MS-Windows or MacOS 12.6 machine, this does not seem to happen. (It only happens if I manually edit /etc/hosts and manually add an host alias to 127.0.0.1
127.0.0.1 localhost localhost.localdomain somename.localhost
)
Is this any.sequence.of.names.localhost resolution to ::1 (localhost) always garanteed to happen ? By what reason ? In what Linux distros ?
I have a few projects where it seems useful to have many localhost aliases without having to edit /etc/hosts, but I searched about TCP and DNS quirks, and found nothing about this behaviour. (Not very sure what I should search for). Not sure if I can depend on this behaviour.
Well, thanks to the link posted in the comments above by Patrick Mevzek, I could reach a documented explanation.
For the Ubuntu 20/22 LTS, it seems to use systemd-resolved for DNS resolution.
And, as it says on
https://www.freedesktop.org/software/systemd/man/systemd-resolved.service.html
Synthetic Records
...
The hostnames "localhost" and "localhost.localdomain" as well as any hostname ending in ".localhost" or ".localhost.localdomain" are resolved to the IP addresses 127.0.0.1 and ::1.
So, this seems to explain that Linux OSes that have DNS resolution based on systemd will have this behaviour, and others (like Windows and MacOS) do not.
(So, this seemed a systemd question after all :-)
(This question is in fact a duplicate of https://serverfault.com/questions/1065513/how-does-linux-resolve-wildcard-locahost-subdomains-e-g-ping-test-localhost/1065514#1065514 - just using systemd-resolved instead of nss-myhostname , and if anyone knows how to link them both ways, could help others searching by other words).
I started an instance on AWS ec2 and am trying to connect via my web browser to the app on the server running on port 3000. I've also turned off iptables...
I can telnet via telnet localhost 3000 and telnet 127.0.0.1 3000 but can't telnet via the hostname or ip like telnet ipaddress 3000.
When i do that, I get a connection refused. I think this has somethign to do with my hosts file but can't figure out what. My host file looks like this:
127.0.0.1 ip-108-205-72-168
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost6 localhost6.localdomain6
Provided that you gave the instance a public ip, have you checked the security groups? AWS security groups are associated with instances and apply inbound/outbound rules.
If you have already done that then my next step would probably be to make sure that the port is bound to the correct interface(s). ss -tupan | grep 3000
please make sure you iptable rules is right and can accessed by ip.
Could you confirm whether you using elastic IP over the amazon VM?
If yes, then it will do the entry in the host file automatically when you associate elastic IP to the EC2.
But if not, then need to do a manual entry.
Thanks,
SIM
I have created a cluster using the CloudBreak and that all works and I can log into the servers just fine. The problem that I am having is the network setups on the host os and the docker containers seems to not be setup right. The host os and the containers /etc/hosts file like like this
cloudbreak# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
This causes a problem for the hadoop cluster because all the nodes then don’t know how to communicate. If I change the hosts files to contain the other nodes then things start to work. However this does not seems like something I should have to do. This will also be a problem when trying make new clusters, as I will have to go in and make changes, and the auto scaling will not work if i have to change the host file on every host and docker container.
Any help would be helpful, thanks.
CloudBreak does not use the host file to resolve the other nodes in the cluster, It uses swarm and consul for discovery.
I downloaded Apache2 and it is currently running. I typed in my IP address and it brings me to the "It Works!" page, however when I type in localhost or 127.0.0.1 I receive an error. Can someone tell me whats up?
check 127.0.0.1 able to ping or not with same machine.
check /etc/hosts file having 127.0.0.1 entry or not?
check in apache configuration file Listen 0.0.0.0:80 or not?
So that requests to localhost are treated as if coming from remote host in LAN?
Have you tried updating your /etc/hosts file, replacing:
127.0.0.1 localhost
With your actual IP address? e.g.,
192.168.0.42 localhost
(This doesn't actually disable the loopback address, you can still connect to 127.0.0.1, but connecting to localhost should come in through your network interface, which I believe is what you're asking)