25

I have a couple of local domains resolved to 127.0.0.1 in my /etc/hosts file. And it was all alright for a period of time but now when I run:

nslookup test.local

It results in:

Server:     192.168.1.3
Address:    192.168.1.3#53

** server can't find test.local: NXDOMAIN

The 192.168.1.3 is our network DNS and it's not supposed to know my local domain test.local. After a couple of searches I found that /etc/nsswitch.conf file holds information on the priority of the DNS sources to query by. But there was no problem there! Here's mine:

# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.

passwd:         compat
group:          compat
shadow:         compat

hosts:          files mdns4_minimal [NOTFOUND=return] dns
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis

So does anyone know why my hosts file is not included in DNS look-up?

muru
  • 193,181
  • 53
  • 473
  • 722
Mehran
  • 1,647
  • 4
  • 20
  • 31

3 Answers3

34

nslookup only does proper DNS resolution, which is significantly different from the Name Service Switch subsystem that your other applications use; that is to say nslookup ignores /etc/hosts and mDNS.

To test local resolutions like that, use something that uses NSS. ping <hostname> for example. Here's a simple demo based on an /etc/hosts entry on my network.

$ nslookup bert
Server:     8.8.8.8
Address:    8.8.8.8#53

** server can't find bert: NXDOMAIN

$ ping bert
PING bert (10.10.0.4) 56(84) bytes of data.
64 bytes from bert (10.10.0.4): icmp_seq=1 ttl=64 time=0.352 ms
64 bytes from bert (10.10.0.4): icmp_seq=2 ttl=64 time=0.407 ms

Note that there are DNS servers and proxies that can factor in an /etc/hosts file. In these cases, nslookup might return a result from a local source.

Oli
  • 289,791
  • 117
  • 680
  • 835
  • 8
    Instead of `ping` one should be using `getent ahosts` because that does not require all the extra stuff that `ping` has. – Mikko Rantalainen Oct 02 '17 at 10:09
  • ^--- this should be its own answer. Been using `getent` for years for user & group info - had no idea it could handle DNS. – colm.anseo Oct 06 '22 at 21:20
  • Why do you say that nslookup ignores /etc/hosts? When I run nslookup on an IP address, it gives me entries that exist only in my /etc/hosts. In fact, I'm trying to figure out how to get nslookup to ignore /etc/hosts. – lord_nimon Oct 10 '22 at 19:12
2

I guess that you want the name resolution from /etc/hosts file for the specific host (mysite.com).

Another common problem that can cause this behavior is that you may have many entries on the /etc/hosts file for the same IP, example:

1.1.1.1 host1.domain1.com
1.1.1.1 host2.domain2.com

In some implementations, this can cause the name resolution to get handed to DNS. A quick fix, group everything in 1 row

1.1.1.1 host1.domain1.com host2.domain2.com
muru
  • 193,181
  • 53
  • 473
  • 722
afe038
  • 21
  • 1
1

Another common thing I see is where somebody (usually me) reverses the IP address with the hostname in /etc/hosts - for example:

mysite.com    10.2.3.4

At first glance, it looks normal... Here is my solution about 50% of the time:

10.2.3.4    mysite.com
amc
  • 7,022
  • 7
  • 39
  • 51
KLaw
  • 111
  • 2