Outgoing "flow"

  2. Home
  4. Docs
  6. Outgoing “flow”
  8. Testing domain queries and application quirks

Testing domain queries and application quirks

When trying to gather test results, there are some important quirks that should be remembered.

(1) DNS query tools such as ‘dig’ and ‘nslookup’ do -NOT- go through nsswitch.

They check /etc/resolv.conf directly.

This means if you are debugging /etc/hosts entries you cannot use dig or nslookup.

If you need to test the full DNS query ‘flow’ path (application -> glibc -> nsswitch -> /etc/hosts -> /etc/resolv.conf)
you should use the ‘getent‘ tool instead. It is designed for testing nsswitch entries:

DESCRIPTION
The getent command displays entries from databases supported by the Name Service Switch libraries, which are configured in /etc/nsswitch.conf. If one or more key arguments are provided, then only the entries that match the supplied keys will be displayed. Otherwise, if no
key is provided, all entries will be displayed (unless the database does not support enumeration).

Ex. 1:
I have defined ‘rhel92’ in my /etc/hosts. I want to get the value using getent:

$ getent hosts rhel92
192.168.0.66 rhel92

Ex. 2:
I want to go through the full /etc/nsswitch.conf ‘hosts:’ list (files, dns, myhostname) to lookup redhat.com:

$ getent hosts google.com
2607:f8b0:400f:802::200e google.com

If you can’t remember to use getent, you can also use ping, it follow the same flow:

Ex. 1:

$ ping -c 1 rhel92
PING rhel92 (192.168.0.66) 56(84) bytes of data.
64 bytes from rhel92 (192.168.0.66): icmp_seq=1 ttl=64 time=1.30 ms

Ex. 2:

ping -c 1 www.redhat.com
PING e3396.dscx.akamaiedge.net (23.37.105.122) 56(84) bytes of data.
64 bytes from www.redhat.com (23.37.105.122): icmp_seq=1 ttl=55 time=4.26 ms

(2) In the previous version of nslookup, by default only IPv4 results were returned from the DNS server. This was actually a bug, which was corrected in nslookup in RHEL 7.7:

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html-single/7.7_release_notes/index

Per the documentation above:

“The nslookup utility now looks up both IPv6 and IPv4 addresses by default.”

As of RHEL 7.7 this is the default behavior for nslookup.

It is a common mistake for users to see nslookup return valid IPv4 records, but also return NXDOMAIN for IPv6 entries and think it’s a bug on the nslookup side when it is not.

Here is a basic example of what that might look like:

[root@rhel79 ~]# nslookup rhel92
Server: 127.0.0.1
Address: 127.0.0.1#53

Name: rhel92
Address: 192.168.0.66
** server can't find rhel92: NXDOMAIN

What happens here is nslookup tries to search our local DNS server running at 127.0.0.1 for both IPv4 and IPv6 records for the ‘rhel92’ domain.

The DNS server only has IPv4 records and is only configured for IPv4, so it gives the IPv4 records to us:

Address: 192.168.0.66

But it does not have any IPv6 records. Since nslookup asked for both, ‘NXDOMAIN’ is reported for the the requested but not found IPv6 records from our DNS server:

** server can't find rhel92: NXDOMAIN

If you wish to only query ‘A’ records/IPv4 records, you must specify the -query option with the ‘A’ value:

[root@rhel79 ~]# nslookup -query=A redhat.com
Server: 192.168.122.1
Address: 192.168.122.1#53

Non-authoritative answer:
Name: redhat.com
Address: 10.4.204.55

The only other alternative to -not- receive NXDOMAIN for IPv6 when using nslookup is for the DNS server to be properly configured to respond to IPv6 requests.

Was this article helpful to you? Yes No

How can we help?