cancel
Showing results for 
Search instead for 
Did you mean: 
cestrada
Level 7

Host entry file Issues

Hello All-

Iwas wondering if anyone else is having any issues when you add host entry filesto the appliances ( under CONFIGURATION\ File Editor \ HOSTS).   Itappears that we are unable to get this to work properly.  If we run anNSLOOKUP we do not get the assigned IP address of what we placed in the hostsfile.   Has anyone encountered this and what is the fix. 

0 Kudos
8 Replies
McAfee Employee

Re: Host entry file Issues

nslookup actually performs a DNS request to the DNS server, it does not use the host file.

Try a ping instead as this will use hosts file, then DNS if it cannot find an entry.

Best,

Jon

0 Kudos
cestrada
Level 7

Re: Host entry file Issues

Hello JON-

I understand how DNS performs the lookup but I would think that when you add the host entry file on the applaince, that by defualt, it would look at the local table first - not run nslookup on the preferred DNS server(s) you cofigured on the box.    If I run an nslookup consoled onto the box, it doesnt resolve the lcoal host file i added - the apliances simply bypass anything i place.

[root@MWG-XX-SecondaryXXXXXX ~]# nslookup XX.XX.XX.XX

;; Got SERVFAIL reply from 10.X.X>X, trying next server

;; connection timed out; trying next origin

;; Got SERVFAIL reply from 10.X.X.X, trying next server

^C

0 Kudos
andyclements
Level 12

Re: Host entry file Issues

nslookup itself does not use the hosts file, it directly queries DNS servers.  Other applications have the OS do the lookup, which will use it. This includes ping and the MWG software.

From my /etc/hosts file:

10.10.10.10     foo.com

If I do a nslookup, it queries my DNS server directly:

# nslookup foo.com
Server:         192.168.1.4
Address:        192.168.1.4#53

Non-authoritative answer:
Name:   foo.com
Address: 23.21.224.150
Name:   foo.com
Address: 23.21.179.138

But ping uses the OS to resolve things, which will check the hosts file before doing a DNS lookup (Well, usually.  That can be changed in /etc/nsswitch.conf.):

rigel ~ # ping -c 2 foo.com
PING foo.com (10.10.10.10) 56(84) bytes of data.

--- foo.com ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1000ms

dfasdfsdfdfadsfdsfasdf

Note that the 10.10.10.10 is a non-existent host on my network.

In your case the SERVAIL reply indicates that your DNS server is having issues resolving the query.  In this case it looks like you are trying to do a reverse lookup, is that correct?

cestrada
Level 7

Re: Host entry file Issues

My point is that it shouldn’t look at my DNS records but rather my host entry file to resolve.  The mere definition of host entry file is for the purpose of not using DNS to resolve.  I’m a Windows guy so excuse my ignorance on the Linux side, but via windows you can modify the hosts file on your computer which allows you to bypass the DNS server and go straight to the IP address ( domain)  of your choice. If this is not the case on a Linux kernel then someone let me know as the webgateway isn’t reading my host files entries I add.  

This is an example, it reads the localhost by IP and name but not anything else i place in the host file entry.

[root@MWG-XX-SecondXXXXX ~]# nslookup localhost

Server:         10.X.X.X

Address:        10.X.X.X#53

Non-authoritative answer:

Name:   localhost

Address: 127.0.0.1

localhost.JPG

0 Kudos
McAfee Employee

Re: Host entry file Issues

Carlos,

I think you are missing the point here.

nslookup is a tool that is meant to perform DNS queries. When the OS uses the hosts file the OS, never executes a DNS query.

The MWG or any other tool on its OS, will use the hosts file first, then DNS. Web Gateway does read the hosts file, this is why I asked you to perform a ping. You will see that the MWG will begin to ping whatever IP you hardcoded in the hosts file.

This is independent of the OS (windows or linux).

Best,

Jon

0 Kudos
cestrada
Level 7

Re: Host entry file Issues

"Web Gateway does read the hosts file, this is why I asked you to perform a ping."

Why does it feel like we're going in circles here- LOL

Webgateay is not reading my host files first is my point.   Yes if i ping it resovles the address but only via the CLI ----via GUI it does NOT.  Which essentially means , my users who use the proxy do not get the host entry file

PIng:  ( it resolves)

[root@MWG-UX-SeconXXXX ~]# ping -c 2 pXXX-uX.XXXXXXcom

PING pXXX-uX.XXXXXXcom (1X.XX.XX.XX) 56(84) bytes of data.

GUI:  ( it DOES NOT)

hangs.JPG

see SCREENSHOT - it just hangs

Users connected to any Webgateway appliance:  ------------------------- i'm assuming it would resolve based on host entry file.


0 Kudos
McAfee Employee

Re: Host entry file Issues

Hi Carlos,

Working through what you stated I was not able to reproduce, see screenshots below:

1. Here I ping mcafee.com (it resolves to a 161..... address):

1_2013-04-11_135932.png

2. I do a nslookup for mcafee.com (it resolves to the 161 address):

2_2013-04-11_135952.png

3. I add a hosts file entry for mcafee.com to resolve to 127.0.1.1:

3_2013-04-11_140324.png

4. I ping mcafee.com, and it resolves to 127.0.1.1:

3_2013-04-11_140036.png

5. I do another nsloookup for the site, and it still resolves to the IP found in DNS (not the hosts file):

4_2013-04-11_140052.png

The ping test does assume that the site is pingable, which may be why its hanging.

Best,

Jon

andyclements
Level 12

Re: Host entry file Issues

Windows has the same behavior.

hosts.png

As far as nslookup resolving localhost, that is also being done from your DNS server.  Any sane DNS configuration will list localhost as 127.0.0.1, to prevent bad things from happening on poorly designed software.  You show the following results:

[root@MWG-XX-SecondXXXXX ~]# nslookup localhost

Server:         10.X.X.X

Address:        10.X.X.X#53

Non-authoritative answer:

Name:   localhost

Address: 127.0.0.1

I would have to assume that the Server: address shown is not the MWG, but one of your DNS servers.

0 Kudos