How exactly are the default Puppet cert-names generated?
I always assumed it was simply the hostname but when changing the router a device uses I noticed it changed in the following pattern.
oldCertName -> oldCertName.ccapcable.com
Where ccapcable.com is the name of the Internet provider. This has caused some trouble as it is now a new entry on PuppetDb.
Puppet indeed does use the hostname as the default certname. Note well that it accepts whatever the machine says is its hostname. In particular, if the machine obtains its hostname via DHCP or some other dynamic mechanism, then its hostname -- and therefore its default certname -- may occasionally change.
Moreover, do not confuse a machine's hostname with its qualified or unqualified DNS domain name. There is no requirement for them to agree. In fact, although it is common for machines' host names to agree with either their simple or their fully-qualified domain names, there is no standardization or general convention for which one they should agree with.
As you probably have gathered, I have a speculation about what happened here. I suspect that:
Your machine gets its hostname via DHCP
Because of or in conjunction with the router change, your DHCP service provider changed the format of the dynamic hostname it issues, from an unqualified one to a qualified one.
Since it relies on the default certname, your machine's certname changed as well.
Related
Is there a good API alternative to res_ninit?
There are problems with this call because the res->_u.ext.nscount6 and res->nscount do not reflect correct numbers. Adding a IPv6 address to /etc/resolv.conf still results in the nscount increasing where you would have expected the nscount6 to increase.
An older glibc version seems to increase both nscount and nscount6 for a IPv6 address in /etc/resolv.conf.
I am currently parsing resolv.conf directly because i am unable to depend on the res_ninit call. But this is fine for Manual DNS.
When it comes to DHCP DNS, then i need an API to give me the result. There is no other way (that i can think of) to determine the DNS IP addresses over DHCP.
Tried posting in other places within the board but not of help so far. E.g.
Retrieve IPv4 and IPv6 nameservers programmatically
res_ninit and res_init only ever read name server information from /etc/resolv.conf. You can always get the same data name servers by parsing /etc/resolv.conf yourself and examining the nameserver lines. If there is no nameserver line, the default 127.0.0.1 will be used.
I don't think it is necessary to provide an API for that because the file format is so simple that is likely more difficult to use the API than to read the file instead.
Name server assignment over DHCP is implemented by rewriting /etc/resolv.conf if there is no local caching resolver running on the machine. The exact mechanism used for that is distribution-specific, e.g. Debian uses resolvconf if it is installed.
If a local caching resolver is running on the system (such as dnsmasq or Unbound), name servers over DHCP can be directly configured in that caching resolver. In this case, /etc/resolv.conf will keep pointing to the same name server, typically by listing nameserver 127.0.0.1 or no name server information at all (which is the default).
I noticed that one of Google's mail servers (alt4.aspmx.l.google.com) points to 74.125.200.26, but when I do a reverse DNS lookup on that IP I see that the hostname associated with it is sa-in-f26.1e100.net. My limited understanding of DNS is that when you have a situation like that, one hostname is an alias of the other, but that's not the case here.
My initial goal was making a Python program that given an IP address and a hostname, returns a boolean answer indicating whether the IP belongs to a mail server of that domain. The algorithm I implemented used dig to search all mail servers of a domain and then tried to match any of them to the hostname associated with the given IP (which I found using dig -x). My program fails with the case I mentioned before. What am I missing?
Sorry for my bad english. Thanks!
Many services can run on one server/ipaddress, and many hostnames can resolve to one IP address. In the other direction, one ip address will most often resolve to only one hostname (if it has PTR record at all), and the name will very often be something generic like ip-xx-yy-zz-qq.networkcarrier.net (so unrelated to any of the services that are legitimately running on that server).
Depending on the purpose of your check, perhaps you can just test if the hostname A record points to the required IP address (because your initial requirement is flawed: ip addresses do not belong to domains, they belong to network providers).
(Still, for some purposes, most notably as anti spam measure, there is a use case for checking if ip address resolves to some particular hostname.)
I want to get host name from ip. I know a few command who does the work like host, nslookup and dig but they are not completely reliable. In many of the cases they fail to give the host name. So, is there any command who can always give me the host name.
For ex: If I check "host stackoverflow.com" then it gives me a list of five different ip addresses. But when I check "host ip_address (each of the five different ip addresses)" than it's not able to find the host name.
DNS has a forward and reverse zones and what are you going to get by requesting a domain name for an IP-address depends on reverse DNS-zone configuration of that domain name, that's not an application malfunction or something - it's just asking DNS-servers. So no, there's no such command that you're looking for.
If you are not getting IP to hostname resolution, this means that the reverse lookup is either not allowed or not configured properly at the dns server (you are pointing to). In other words, PTR record does not exist, or you are not allowed access to it.
All the dns commands use the same or similar methods and underlying system calls to get the name; they search for the PTR record.
Without going into too much detail. If this is something you really want to do, you can look at other options like looking at the reconnaissance tools in Kali.
I have written a module that will configure network settings on my system but I can't apply the manifest because before a manifest is applied it does "facter ipaddress" to find and present global facts.
Does it mean that in order to apply puppet manifest we must have IP configured ?
So I have a system that has no IP address configured and i want to use puppet to configure that IP address for me, for that I am asking user to input IP address which i save in a .csv file, then I am using a template to configure if-eth0 file. Template will do extlookup to fill up the fields in template and template is finally called upon inside a manifest. So the problem is that before anything is applied by puppet, it fails to run with following error
facter ip address unable to resolve IP , reason anonymous
I am not sure about the actual question (if IP is indeed needed). However, if I understand correctly you can try one of the two workarounds:
Enable DHCP
This way when your system boots will take a little bit more time (assuming there is no DHCP service on the network). A timeout will occur which, in most of the cases, results in a default IP (169.254.Y.Z if I remember). In this case you may need to stop/kill the dhcp client process before applying static IP or restart the interface to get the new configuration.
Assign default static IP
If you know that puppet configuration will be applied no matter what (maybe a call in rc.local?), you can configure your interface with a static IP (ie 10.1.1.10) to avoid the error message. This is temporary since once puppet runs, the correct configuration will be applied.
Hope it helps,
Andreas
I am struggling to understand the FQDN for servers.
At the moment mine is just localhost if i type hostname in to my server terminal it just says localhost.
I understand you need a different one from this if you want to set up cpanel, or postfix or anything really.
As i know its comprised of two parts:
hostname.domainname
can domain name be made up, or does it have to be one of your domains that is set up for use on your server?
and host name can be anything, or it has to be the servername? and does it have to be set up as a sub domain of the domain?
I hope you understand my issues.
Thanks
Try typing
hostname --fqdn
FQDN means Fully Qualified Domain Name, composed mainly of two parts:
Your hostname
The domain name where your hostname is located.
It can be as easy as mycomputername.myfamilydomainname.tld, or as complex as cor-th3-1.par.fr.eu.mynetwork.net.
All of this can technically be made up, though, if you use for example, google.com as local domain, your local resolver may use this info and believe you're in the google.com DNS zone, you may then have problems resolving entries that are in the google.com DNS zone.
More info at: http://en.wikipedia.org/wiki/Hostname