8 Replies Latest reply on Apr 11, 2013 2:05 PM by Jon Scholten

    Host entry file Issues

    cestrada

      Hello All-

       

      Iwas wondering if anyone else is having any issues when you add host entry filesto the appliances ( under CONFIGURATION\ File Editor \ HOSTS).   Itappears that we are unable to get this to work properly.  If we run anNSLOOKUP we do not get the assigned IP address of what we placed in the hostsfile.   Has anyone encountered this and what is the fix. 

        • 1. Re: Host entry file Issues
          Jon Scholten

          nslookup actually performs a DNS request to the DNS server, it does not use the host file.

           

          Try a ping instead as this will use hosts file, then DNS if it cannot find an entry.

           

          Best,

          Jon

          • 2. Re: Host entry file Issues
            cestrada

            Hello JON-

             

            I understand how DNS performs the lookup but I would think that when you add the host entry file on the applaince, that by defualt, it would look at the local table first - not run nslookup on the preferred DNS server(s) you cofigured on the box.    If I run an nslookup consoled onto the box, it doesnt resolve the lcoal host file i added - the apliances simply bypass anything i place.

             

             

             

            [root@MWG-XX-SecondaryXXXXXX ~]# nslookup XX.XX.XX.XX

            ;; Got SERVFAIL reply from 10.X.X>X, trying next server

            ;; connection timed out; trying next origin

            ;; Got SERVFAIL reply from 10.X.X.X, trying next server

            ^C

            • 3. Re: Host entry file Issues
              andyclements

              nslookup itself does not use the hosts file, it directly queries DNS servers.  Other applications have the OS do the lookup, which will use it. This includes ping and the MWG software.

               

              From my /etc/hosts file:

              10.10.10.10     foo.com
              

               

              If I do a nslookup, it queries my DNS server directly:

              # nslookup foo.com
              Server:         192.168.1.4
              Address:        192.168.1.4#53
              
              Non-authoritative answer:
              Name:   foo.com
              Address: 23.21.224.150
              Name:   foo.com
              Address: 23.21.179.138
              

               

              But ping uses the OS to resolve things, which will check the hosts file before doing a DNS lookup (Well, usually.  That can be changed in /etc/nsswitch.conf.):

              rigel ~ # ping -c 2 foo.com
              PING foo.com (10.10.10.10) 56(84) bytes of data.
              
              --- foo.com ping statistics ---
              2 packets transmitted, 0 received, 100% packet loss, time 1000ms
              

               

               

              dfasdfsdfdfadsfdsfasdf

              Note that the 10.10.10.10 is a non-existent host on my network.

               

              In your case the SERVAIL reply indicates that your DNS server is having issues resolving the query.  In this case it looks like you are trying to do a reverse lookup, is that correct?

              • 4. Re: Host entry file Issues
                cestrada

                My point is that it shouldn’t look at my DNS records but rather my host entry file to resolve.  The mere definition of host entry file is for the purpose of not using DNS to resolve.  I’m a Windows guy so excuse my ignorance on the Linux side, but via windows you can modify the hosts file on your computer which allows you to bypass the DNS server and go straight to the IP address ( domain)  of your choice. If this is not the case on a Linux kernel then someone let me know as the webgateway isn’t reading my host files entries I add.  

                 

                This is an example, it reads the localhost by IP and name but not anything else i place in the host file entry.

                 

                 

                [root@MWG-XX-SecondXXXXX ~]# nslookup localhost

                Server:         10.X.X.X

                Address:        10.X.X.X#53

                 

                 

                Non-authoritative answer:

                Name:   localhost

                Address: 127.0.0.1

                 

                 

                 

                localhost.JPG

                • 5. Re: Host entry file Issues
                  Jon Scholten

                  Carlos,

                   

                  I think you are missing the point here.

                   

                  nslookup is a tool that is meant to perform DNS queries. When the OS uses the hosts file the OS, never executes a DNS query.

                   

                  The MWG or any other tool on its OS, will use the hosts file first, then DNS. Web Gateway does read the hosts file, this is why I asked you to perform a ping. You will see that the MWG will begin to ping whatever IP you hardcoded in the hosts file.

                   

                  This is independent of the OS (windows or linux).

                   

                  Best,

                  Jon

                  • 6. Re: Host entry file Issues
                    andyclements

                    Windows has the same behavior.

                    hosts.png

                     

                    As far as nslookup resolving localhost, that is also being done from your DNS server.  Any sane DNS configuration will list localhost as 127.0.0.1, to prevent bad things from happening on poorly designed software.  You show the following results:

                    [root@MWG-XX-SecondXXXXX ~]# nslookup localhost

                    Server:         10.X.X.X

                    Address:        10.X.X.X#53

                     

                     

                    Non-authoritative answer:

                    Name:   localhost

                    Address: 127.0.0.1

                    I would have to assume that the Server: address shown is not the MWG, but one of your DNS servers.

                    • 7. Re: Host entry file Issues
                      cestrada

                      "Web Gateway does read the hosts file, this is why I asked you to perform a ping."

                       

                      Why does it feel like we're going in circles here- LOL

                      Webgateay is not reading my host files first is my point.   Yes if i ping it resovles the address but only via the CLI ----via GUI it does NOT.  Which essentially means , my users who use the proxy do not get the host entry file

                       

                       

                      PIng:  ( it resolves)

                      [root@MWG-UX-SeconXXXX ~]# ping -c 2 pXXX-uX.XXXXXXcom

                      PING pXXX-uX.XXXXXXcom (1X.XX.XX.XX) 56(84) bytes of data.

                       

                      GUI:  ( it DOES NOT)

                      hangs.JPG

                      see SCREENSHOT - it just hangs

                       

                       

                       

                       

                       

                      Users connected to any Webgateway appliance:  ------------------------- i'm assuming it would resolve based on host entry file.

                       


                      • 8. Re: Host entry file Issues
                        Jon Scholten

                        Hi Carlos,

                         

                        Working through what you stated I was not able to reproduce, see screenshots below:

                         

                        1. Here I ping mcafee.com (it resolves to a 161..... address):

                        1_2013-04-11_135932.png

                         

                        2. I do a nslookup for mcafee.com (it resolves to the 161 address):

                        2_2013-04-11_135952.png

                         

                        3. I add a hosts file entry for mcafee.com to resolve to 127.0.1.1:

                        3_2013-04-11_140324.png

                         

                        4. I ping mcafee.com, and it resolves to 127.0.1.1:

                        3_2013-04-11_140036.png

                         

                        5. I do another nsloookup for the site, and it still resolves to the IP found in DNS (not the hosts file):

                        4_2013-04-11_140052.png

                         

                        The ping test does assume that the site is pingable, which may be why its hanging.

                         

                        Best,

                        Jon