Iwas wondering if anyone else is having any issues when you add host entry filesto the appliances ( under CONFIGURATION\ File Editor \ HOSTS). Itappears that we are unable to get this to work properly. If we run anNSLOOKUP we do not get the assigned IP address of what we placed in the hostsfile. Has anyone encountered this and what is the fix.
nslookup actually performs a DNS request to the DNS server, it does not use the host file.
Try a ping instead as this will use hosts file, then DNS if it cannot find an entry.
I understand how DNS performs the lookup but I would think that when you add the host entry file on the applaince, that by defualt, it would look at the local table first - not run nslookup on the preferred DNS server(s) you cofigured on the box. If I run an nslookup consoled onto the box, it doesnt resolve the lcoal host file i added - the apliances simply bypass anything i place.
[root@MWG-XX-SecondaryXXXXXX ~]# nslookup XX.XX.XX.XX
;; Got SERVFAIL reply from 10.X.X>X, trying next server
;; connection timed out; trying next origin
;; Got SERVFAIL reply from 10.X.X.X, trying next server
nslookup itself does not use the hosts file, it directly queries DNS servers. Other applications have the OS do the lookup, which will use it. This includes ping and the MWG software.
From my /etc/hosts file:
If I do a nslookup, it queries my DNS server directly:
# nslookup foo.com
But ping uses the OS to resolve things, which will check the hosts file before doing a DNS lookup (Well, usually. That can be changed in /etc/nsswitch.conf.):
rigel ~ # ping -c 2 foo.com
PING foo.com (10.10.10.10) 56(84) bytes of data.
--- foo.com ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1000ms
Note that the 10.10.10.10 is a non-existent host on my network.
In your case the SERVAIL reply indicates that your DNS server is having issues resolving the query. In this case it looks like you are trying to do a reverse lookup, is that correct?
My point is that it shouldn’t look at my DNS records but rather my host entry file to resolve. The mere definition of host entry file is for the purpose of not using DNS to resolve. I’m a Windows guy so excuse my ignorance on the Linux side, but via windows you can modify the hosts file on your computer which allows you to bypass the DNS server and go straight to the IP address ( domain) of your choice. If this is not the case on a Linux kernel then someone let me know as the webgateway isn’t reading my host files entries I add.
This is an example, it reads the localhost by IP and name but not anything else i place in the host file entry.
[root@MWG-XX-SecondXXXXX ~]# nslookup localhost
I think you are missing the point here.
nslookup is a tool that is meant to perform DNS queries. When the OS uses the hosts file the OS, never executes a DNS query.
The MWG or any other tool on its OS, will use the hosts file first, then DNS. Web Gateway does read the hosts file, this is why I asked you to perform a ping. You will see that the MWG will begin to ping whatever IP you hardcoded in the hosts file.
This is independent of the OS (windows or linux).
"Web Gateway does read the hosts file, this is why I asked you to perform a ping."
Why does it feel like we're going in circles here- LOL
Webgateay is not reading my host files first is my point. Yes if i ping it resovles the address but only via the CLI ----via GUI it does NOT. Which essentially means , my users who use the proxy do not get the host entry file
PIng: ( it resolves)
[root@MWG-UX-SeconXXXX ~]# ping -c 2 pXXX-uX.XXXXXXcom
PING pXXX-uX.XXXXXXcom (1X.XX.XX.XX) 56(84) bytes of data.
GUI: ( it DOES NOT)
see SCREENSHOT - it just hangs
Users connected to any Webgateway appliance: ------------------------- i'm assuming it would resolve based on host entry file.
Working through what you stated I was not able to reproduce, see screenshots below:
1. Here I ping mcafee.com (it resolves to a 161..... address):
2. I do a nslookup for mcafee.com (it resolves to the 161 address):
3. I add a hosts file entry for mcafee.com to resolve to 127.0.1.1:
4. I ping mcafee.com, and it resolves to 127.0.1.1:
5. I do another nsloookup for the site, and it still resolves to the IP found in DNS (not the hosts file):
The ping test does assume that the site is pingable, which may be why its hanging.
Windows has the same behavior.
As far as nslookup resolving localhost, that is also being done from your DNS server. Any sane DNS configuration will list localhost as 127.0.0.1, to prevent bad things from happening on poorly designed software. You show the following results:
[root@MWG-XX-SecondXXXXX ~]# nslookup localhost
I would have to assume that the Server: address shown is not the MWG, but one of your DNS servers.