FC13 install can ping by hostname, ssh by hostname fails

jeffk42 · 07-29-2010, 03:21 PM

My apologies if this ends up being a book.

I'm having an issue on two Fedora Core 13 machines where I can ping others by hostname, but the hostname resolution fails whenever I use ssh/scp/vnc/etc. I can still do these things by IP address, just not by hostname. RHEL5.3 machines on the same network with the same configuration do not seem to have this problem.

Here's the not-so-quick-and-dirty description of the situation:

Physical machines are on 192.168.30.0
Virtual machines are on 192.168.31.0

I know that there is a virtual router at 192.168.31.1 and another at 192.168.30.1. I also know that there is another network (let's call it 90.90.90.0) and on that network lies a number of resources. By nature of this configuration, any machine on 90.90.90.0 can be accessed by any 192.168.x.x, but not the other way around. Beyond that is out of my hands and currently out of my scope of knowledge.

I have a dnsmasq server on 90.90.90.10 that operates as a secondary nameserver, another machine out of my sphere of influence is the primary nameserver (90.90.90.31).

The secondary nameserver on 90.90.90.10 holds the hostnames of our development machines. The problem is that in some cases, while I can ping by hostname all day long, services such as ssh, scp, vncviewer, etc all fail to resolve the hostname. In other cases I can do all of these things.

Every machine has an equivalent resolv.conf:

> cat /etc/resolv.conf
nameserver 90.90.90.31
nameserver 90.90.90.10

As an example, I will show the output of a handful of my development machines:

nibbler -- virtual machine, Red Hat Enterprise 5.3, IP 192.168.31.100
discovery -- physical machine, Fedora Core 13, IP 192.168.30.100
atlantis -- virtual machine, Fedora Core 13, IP 192.168.31.3

I also included columbia as a one-way test -- even though it cannot access 30.x or 31.x, they can access it:

columbia -- physical machine, Red Hat Enterprise 5.3, IP 192.168.100.200

Okay, so here are the various outputs. Remember, nibbler, discovery, and atlantis can ALL:
- Ping by IP address
- Ping by hostname
- ssh, scp, vnc, etc by IP addess

Additionally, the SERVFAIL reply from 90.90.90.31 is expected since my dnsmasq server is on the secondary server.

Note that the only machine that can both ping and ssh/scp/etc by hostname is nibbler, which also happens to be the only one of the three running RHEL5.3 instead of FC13. Other virtual and physical machines running on the 192.168.31.0 and 192.168.30.0 networks (all running RHEL5.3) work just like nibbler does. So the problem seems to only affect machines running FC13.
-----------------------------------------------------------------

nibbler> ping columbia
PING columbia (192.168.100.200) 56(84) bytes of data.
64 bytes from 192.168.100.200: icmp_seq=1 ttl=63 time=1.40 ms
...

nibbler> ssh columbia
(works as expected)

nibbler> nslookup columbia
;; Got SERVFAIL reply from 90.90.90.31, trying next server
Server: 90.90.90.10
Address: 90.90.90.10#53

Name: columbia
Address: 192.168.100.200

nibbler> ping discovery
PING discovery (192.168.30.100) 56(84) bytes of data.
64 bytes from 192.168.30.100: icmp_seq=1 ttl=63 time=0.478 ms

nibbler> ssh discovery
(works as expected)

nibbler> nslookup discovery
;; Got SERVFAIL reply from 90.90.90.31, trying next server
Server: 90.90.90.10
Address: 90.90.90.10#53

Name: discovery
Address: 192.168.30.100

--------------------------------------------------------

discovery> ping columbia
PING columbia (192.168.100.200) 56(84) bytes of data.
64 bytes from 192.168.100.200: icmp_seq=1 ttl=63 time=1.89 ms

discovery> ssh columbia
ssh: Could not resolve hostname columbia: Name or service not known

discovery> nslookup columbia
;; Got SERVFAIL reply from 90.90.90.31, trying next server
Server: 90.90.90.10
Address: 90.90.90.10#53

Name: columbia
Address: 192.168.100.200

discovery> ping nibbler
PING nibbler (192.168.31.100) 56(84) bytes of data.
64 bytes from 192.168.31.100: icmp_seq=1 ttl=63 time=0.450 ms

discovery> ssh nibbler
ssh: Could not resolve hostname nibbler: Name or service not known

discovery> nslookup nibbler
;; Got SERVFAIL reply from 90.90.90.31, trying next server
Server: 90.90.90.10
Address: 90.90.90.10#53

Name: nibbler
Address: 192.168.31.100

---------------------------------------------------------

atlantis> ping discovery
PING discovery (192.168.30.100) 56(84) bytes of data.
64 bytes from 192.168.30.100: icmp_seq=1 ttl=63 time=0.523 ms

atlantis> ping columbia
PING columbia (192.168.100.200) 56(84) bytes of data.
64 bytes from 192.168.100.200: icmp_seq=1 ttl=63 time=0.465 ms

atlantis> ping nibbler
PING nibbler (192.168.31.100) 56(84) bytes of data.
64 bytes from 192.168.31.100: icmp_seq=1 ttl=64 time=0.128 ms

atlantis> ssh discovery
ssh: Could not resolve hostname discovery: Name or service not known
atlantis> ssh columbia
ssh: Could not resolve hostname columbia: Name or service not known
atlantis> ssh nibbler
ssh: Could not resolve hostname nibbler: Name or service not known

atlantis> nslookup discovery
;; Got SERVFAIL reply from 90.90.90.31, trying next server
Server: 90.90.90.10
Address: 90.90.90.10#53

Name: discovery
Address: 192.168.30.100

atlantis> nslookup columbia
(similar to previous)
atlantis> nslookup nibbler
(similar to previous)

--------------------------------------------------------

Final note: selinux is disabled, iptables is disabled, ip6tables is disabled.

Other than that, discovery is a brand-spanking-new install straight off of the FC13 DVD. atlantis has been around longer, but its just a file server so I haven't done anything too crazy to it.

Any ideas? Anyone still awake after that?

Thanks in advance!

LVsFINEST · 07-29-2010, 08:50 PM

Try removing 90.90.90.31 from /etc/resovl.conf and test again. And/or try adding a local entry in /etc/hosts to test too.

Does ssh -vvv give you any interesting clues?

jeffk42 · 07-30-2010, 05:06 AM

First of all, thanks for the reply!

Now this is interesting.

No clues in ssh -vvv, just the standard hostname error. BUT -- commenting out 90.90.90.31 did the trick! All of a sudden I could ssh to anything from anywhere. Also, switching the order works just as well, putting 90.90.90.10 first in resolv.conf.

So now I know the cause of the problem and I have a workaround.

But let me ask you this: Is there anything you can think of that may be causing this difference in behavior between RHEL5.3 and FC13? The RHEL 5.3 installs don't seem to care what order these nameservers are listed in. And if there is something specific causing it, is there anything I can do about it (besides the obvious, of course

)

Thanks again for the response, a great weight has been lifted!

LVsFINEST · 07-30-2010, 04:25 PM

I'm really not sure why you're seeing the difference in behavior, especially since RHEL and FC are like family. I'd guess it's either a difference in ssh configs, or a difference in ssh version. You could try diff'ing the configs, and/or upgrading ssh.

Regardless of your local problem tho, there is obviously a problem with 90.90.90.31 too. If this is the primary server for your domain, then it should not be SERVFAIL'ing. I think your best bet would be to contact the owner of this box and just have him fix his stuff. That would solve your problem and you wouldn't even need the workaround. And who knows, maybe this DNS server is SERVFAIL'ing your entire domain and noboby knows it because end clients are gracefully using their secondary DNS (unlike your FC13 box).

pradhanphy · 11-14-2011, 11:27 AM

Hi,
This is my first post in LQ. This discussion helped me lot.
I am having this problem for long. Now it sorted out after editing
the /etc/resolv.conf . I can access remote mechine by hostname over ssh.
It works fine Fedora 16.
Thanks ..