LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Debian
User Name
Password
Debian This forum is for the discussion of Debian Linux.

Notices


Reply
  Search this Thread
Old 04-04-2020, 05:12 PM   #1
erik2282
Member
 
Registered: May 2011
Location: TX
Distribution: Debian
Posts: 807

Rep: Reputation: 228Reputation: 228Reputation: 228
ping/ssh to unknown name resolves back to my own machine


Code:
root@ipa:~# ping madeupserver
PING madeupserver(localhost (::1)) 56 data bytes
64 bytes from localhost (::1): icmp_seq=1 ttl=64 time=0.027 ms
64 bytes from localhost (::1): icmp_seq=2 ttl=64 time=0.038 ms
64 bytes from localhost (::1): icmp_seq=3 ttl=64 time=0.032 ms
64 bytes from localhost (::1): icmp_seq=4 ttl=64 time=0.037 ms
^C
root@ipa:~# ssh root@madeupserver
The authenticity of host 'madeupserver (::1)' can't be established.
ECDSA key fingerprint is SHA256:cNF4m4nZFctfoa3/QG/v8j+ipmhwDvkiU2hzX8j46do.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'madeupserver' (ECDSA) to the list of known hosts.
root@madeupserver's password: 
Linux ipa 4.19.0-8-amd64 #1 SMP Debian 4.19.98-1 (2020-01-26) x86_64

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Sat Apr  4 16:56:28 2020 from ::1
root@ipa:~# exit
logout
Connection to madeupserver closed.
root@ipa:~# cat /etc/hosts
127.0.0.1	localhost
127.0.1.1	ipa.localhost	ipa
172.16.108.75 	topaz
172.16.12.50	tethra
172.16.12.60	cube

# The following lines are desirable for IPv6 capable hosts
::1     localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
root@ipa:~# cat /etc/resolv.conf
domain localhost
search localhost
nameserver 10.20.1.1
Code:
root@ipa:~# systemctl status NetworkManager
● NetworkManager.service - Network Manager
   Loaded: loaded (/lib/systemd/system/NetworkManager.service; disabled; vendor preset: enabled)
   Active: inactive (dead)
     Docs: man:NetworkManager(8

root@ipa:~# systemctl status networking
● networking.service - Raise network interfaces
   Loaded: loaded (/lib/systemd/system/networking.service; enabled; vendor preset: enabled)
   Active: active (exited) since Sat 2020-04-04 16:51:39 CDT; 19min ago
     Docs: man:interfaces(5)
  Process: 651 ExecStart=/sbin/ifup -a --read-environment (code=exited, status=0/SUCCESS)
 Main PID: 651 (code=exited, status=0/SUCCESS)
    Tasks: 1 (limit: 4915)
   Memory: 16.1M
   CGroup: /system.slice/networking.service
           └─679 /sbin/dhclient -4 -v -i -pf /run/dhclient.enp3s0.pid -lf /var/lib/dhcp/dhclient.enp3s0.leases -I -df /var/lib/dhcp/dhclient6.enp3s0.leases enp3s0

Apr 04 16:51:39 ipa ifup[651]: DHCPDISCOVER on enp3s0 to 255.255.255.255 port 67 interval 11
Apr 04 16:51:39 ipa ifup[651]: DHCPOFFER of 10.20.1.15 from 10.20.1.1
Apr 04 16:51:39 ipa ifup[651]: DHCPREQUEST for 10.20.1.15 on enp3s0 to 255.255.255.255 port 67
Apr 04 16:51:39 ipa ifup[651]: DHCPACK of 10.20.1.15 from 10.20.1.1
Apr 04 16:51:39 ipa dhclient[679]: DHCPOFFER of 10.20.1.15 from 10.20.1.1
Apr 04 16:51:39 ipa dhclient[679]: DHCPREQUEST for 10.20.1.15 on enp3s0 to 255.255.255.255 port 67
Apr 04 16:51:39 ipa dhclient[679]: DHCPACK of 10.20.1.15 from 10.20.1.1
Apr 04 16:51:39 ipa dhclient[679]: bound to 10.20.1.15 -- renewal in 3085 seconds.
Apr 04 16:51:39 ipa ifup[651]: bound to 10.20.1.15 -- renewal in 3085 seconds.
Apr 04 16:51:39 ipa systemd[1]: Started Raise network interfaces.
Below, dsnas is a device on my lan.
Code:
root@ipa:~# ping dsnas
PING dsnas.localhost (10.20.1.14) 56(84) bytes of data.
64 bytes from dsnas.localhost (10.20.1.14): icmp_seq=1 ttl=64 time=0.186 ms
64 bytes from dsnas.localhost (10.20.1.14): icmp_seq=2 ttl=64 time=0.158 ms

I'd like it to behave normally so that when I ping a non-existant hostname in my lan, nothing pings. I've tried commenting out the "127.0.0.1 localhost" line in hosts file but made no difference.

Thanks.

Last edited by erik2282; 04-04-2020 at 05:18 PM.
 
Old 04-04-2020, 06:31 PM   #2
berndbausch
Senior Member
 
Registered: Nov 2013
Location: Tokyo
Distribution: A few
Posts: 4,963

Rep: Reputation: 1481Reputation: 1481Reputation: 1481Reputation: 1481Reputation: 1481Reputation: 1481Reputation: 1481Reputation: 1481Reputation: 1481Reputation: 1481
Name resolution is usually done by /etc/hosts and DNS. I think Debian might also use mDNS.
What is the hosts line in /etc/nsswitch.conf?
What do you get from dig madeupserver?
 
Old 04-04-2020, 06:35 PM   #3
erik2282
Member
 
Registered: May 2011
Location: TX
Distribution: Debian
Posts: 807

Original Poster
Rep: Reputation: 228Reputation: 228Reputation: 228
Code:
root@ipa:~# cat /etc/nsswitch.conf
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.

passwd:         files systemd
group:          files systemd
shadow:         files
gshadow:        files

hosts:          files mdns4_minimal [NOTFOUND=return] dns
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis
root@ipa:~# dig madeupserver

; <<>> DiG 9.11.5-P4-5.1-Debian <<>> madeupserver
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 62054
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;madeupserver.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020040402 1800 900 604800 86400

;; Query time: 9 msec
;; SERVER: 10.20.1.1#53(10.20.1.1)
;; WHEN: Sat Apr 04 18:34:25 CDT 2020
;; MSG SIZE  rcvd: 116
10.20.1.1 is my pfsense firewall running dns resolver
 
Old 04-04-2020, 06:44 PM   #4
erik2282
Member
 
Registered: May 2011
Location: TX
Distribution: Debian
Posts: 807

Original Poster
Rep: Reputation: 228Reputation: 228Reputation: 228
Also I've stopped and disabled avahi-daemon.socket and avahi-daemon.service
 
Old 04-04-2020, 09:22 PM   #5
berndbausch
Senior Member
 
Registered: Nov 2013
Location: Tokyo
Distribution: A few
Posts: 4,963

Rep: Reputation: 1481Reputation: 1481Reputation: 1481Reputation: 1481Reputation: 1481Reputation: 1481Reputation: 1481Reputation: 1481Reputation: 1481Reputation: 1481
You can use getent to find out which of the three name resolution options is responsible for resolving madeupserver.
Code:
getent -s files ahosts madeupserver
getent -s mdns4_minimal ahosts madeupserver
getent -s dns ahosts madeupserver
Or you selectively delete them from the hosts line and run the ping test.

My guess would have been mdns, because I have only recently become aware of it I don't know if stopping the avahi daemon also stops mdns requests.

Other ideas:

Trace network traffic while pinging, such as all traffic involving your host and excluding port 22:
Code:
tcpdump -v -xX -i any not port 22 and host YOURHOST
If nothing else helps, you could use ltrace to find out where ping gets that name resolution from. That would mean wading through millions of log messages though.
 
Old 04-04-2020, 10:49 PM   #6
erik2282
Member
 
Registered: May 2011
Location: TX
Distribution: Debian
Posts: 807

Original Poster
Rep: Reputation: 228Reputation: 228Reputation: 228
Code:
root@ipa:~# getent -s files ahosts madeupserver
root@ipa:~# getent -s mdns4_minimal ahosts madeupserver
root@ipa:~# getent -s dns ahosts madeupserver
::1             STREAM madeupserver.localhost
::1             DGRAM  
::1             RAW
Code:
root@ipa:~# tcpdump -v -xX -i any not port 22 and host madeupserver
tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes
22:49:02.121838 IP6 (flowlabel 0xe5fda, hlim 64, next-header ICMPv6 (58) payload length: 64) localhost.localhost > localhost.localhost: [icmp6 sum ok] ICMP6, echo request, seq 1
	0x0000:  600e 5fda 0040 3a40 0000 0000 0000 0000  `._..@:@........
	0x0010:  0000 0000 0000 0001 0000 0000 0000 0000  ................
	0x0020:  0000 0000 0000 0001 8000 0ac4 285c 0001  ............(\..
	0x0030:  2e55 895e 0000 0000 d4db 0100 0000 0000  .U.^............
	0x0040:  1011 1213 1415 1617 1819 1a1b 1c1d 1e1f  ................
	0x0050:  2021 2223 2425 2627 2829 2a2b 2c2d 2e2f  .!"#$%&'()*+,-./
	0x0060:  3031 3233 3435 3637                      01234567
22:49:02.121854 IP6 (flowlabel 0x5aabb, hlim 64, next-header ICMPv6 (58) payload length: 64) localhost.localhost > localhost.localhost: [icmp6 sum ok] ICMP6, echo reply, seq 1
	0x0000:  6005 aabb 0040 3a40 0000 0000 0000 0000  `....@:@........
	0x0010:  0000 0000 0000 0001 0000 0000 0000 0000  ................
	0x0020:  0000 0000 0000 0001 8100 09c4 285c 0001  ............(\..
	0x0030:  2e55 895e 0000 0000 d4db 0100 0000 0000  .U.^............
	0x0040:  1011 1213 1415 1617 1819 1a1b 1c1d 1e1f  ................
	0x0050:  2021 2223 2425 2627 2829 2a2b 2c2d 2e2f  .!"#$%&'()*+,-./
	0x0060:  3031 3233 3435 3637                      01234567
22:49:03.149949 IP6 (flowlabel 0xe5fda, hlim 64, next-header ICMPv6 (58) payload length: 64) localhost.localhost > localhost.localhost: [icmp6 sum ok] ICMP6, echo request, seq 2
	0x0000:  600e 5fda 0040 3a40 0000 0000 0000 0000  `._..@:@........
	0x0010:  0000 0000 0000 0001 0000 0000 0000 0000  ................
	0x0020:  0000 0000 0000 0001 8000 4255 285c 0002  ..........BU(\..
	0x0030:  2f55 895e 0000 0000 9b49 0200 0000 0000  /U.^.....I......
	0x0040:  1011 1213 1415 1617 1819 1a1b 1c1d 1e1f  ................
	0x0050:  2021 2223 2425 2627 2829 2a2b 2c2d 2e2f  .!"#$%&'()*+,-./
	0x0060:  3031 3233 3435 3637                      01234567
22:49:03.149967 IP6 (flowlabel 0x5aabb, hlim 64, next-header ICMPv6 (58) payload length: 64) localhost.localhost > localhost.localhost: [icmp6 sum ok] ICMP6, echo reply, seq 2
	0x0000:  6005 aabb 0040 3a40 0000 0000 0000 0000  `....@:@........
	0x0010:  0000 0000 0000 0001 0000 0000 0000 0000  ................
	0x0020:  0000 0000 0000 0001 8100 4155 285c 0002  ..........AU(\..
	0x0030:  2f55 895e 0000 0000 9b49 0200 0000 0000  /U.^.....I......
	0x0040:  1011 1213 1415 1617 1819 1a1b 1c1d 1e1f  ................
	0x0050:  2021 2223 2425 2627 2829 2a2b 2c2d 2e2f  .!"#$%&'()*+,-./
	0x0060:  3031 3233 3435 3637                      01234567
^C
4 packets captured
12 packets received by filter
0 packets dropped by kernel
 
Old 04-04-2020, 11:23 PM   #7
erik2282
Member
 
Registered: May 2011
Location: TX
Distribution: Debian
Posts: 807

Original Poster
Rep: Reputation: 228Reputation: 228Reputation: 228
i fixed it, i guess. I disabled ipv6 and it doesnt do it anymore.

Code:
root@ipa:~# echo "net.ipv6.conf.all.disable_ipv6 = 1" >> /etc/sysctl.conf
root@ipa:~# ping madeupserver
ping: madeupserver: Name or service not known

Last edited by erik2282; 04-04-2020 at 11:24 PM.
 
Old 04-05-2020, 01:13 AM   #8
berndbausch
Senior Member
 
Registered: Nov 2013
Location: Tokyo
Distribution: A few
Posts: 4,963

Rep: Reputation: 1481Reputation: 1481Reputation: 1481Reputation: 1481Reputation: 1481Reputation: 1481Reputation: 1481Reputation: 1481Reputation: 1481Reputation: 1481
So your own localhost resolves that name, but only for IPv6. If you wanted to continue the investigation, the next step is /etc/resolv.conf, then perhaps the configuration of systemd-resolved?
 
Old 04-05-2020, 02:49 PM   #9
erik2282
Member
 
Registered: May 2011
Location: TX
Distribution: Debian
Posts: 807

Original Poster
Rep: Reputation: 228Reputation: 228Reputation: 228
Is that this the correct file that systemd-resolved looks at?
Code:
root@ipa:~# cat /etc/systemd/resolved.conf
#  This file is part of systemd.
#
#  systemd is free software; you can redistribute it and/or modify it
#  under the terms of the GNU Lesser General Public License as published by
#  the Free Software Foundation; either version 2.1 of the License, or
#  (at your option) any later version.
#
# Entries in this file show the compile time defaults.
# You can change settings by editing this file.
# Defaults can be restored by simply deleting this file.
#
# See resolved.conf(5) for details

[Resolve]
#DNS=
#FallbackDNS=
#Domains=
#LLMNR=yes
#MulticastDNS=yes
#DNSSEC=allow-downgrade
#DNSOverTLS=no
#Cache=yes
#DNSStubListener=yes
#ReadEtcHosts=yes
or maybe this one?
Code:
root@ipa:~# cat /usr/lib/systemd/resolv.conf
# This file belongs to man:systemd-resolved(8). Do not edit.
#
# This is a static resolv.conf file for connecting local clients to the
# internal DNS stub resolver of systemd-resolved. This file lists no search
# domains.
#
# Run "resolvectl status" to see details about the uplink DNS servers
# currently in use.
#
# Third party programs must not access this file directly, but only through the
# symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way,
# replace this symlink by a static file or a different symlink.
#
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.

#nameserver 127.0.0.53
#options edns0
 
Old 04-05-2020, 05:48 PM   #10
berndbausch
Senior Member
 
Registered: Nov 2013
Location: Tokyo
Distribution: A few
Posts: 4,963

Rep: Reputation: 1481Reputation: 1481Reputation: 1481Reputation: 1481Reputation: 1481Reputation: 1481Reputation: 1481Reputation: 1481Reputation: 1481Reputation: 1481
The one in /usr is the symbolic link target of /etc/resolv.conf and needs to be left alone. You use the file under /etc to configure systemd-resolved if it is activated.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
I cannot ping with command 'ping IP' address but can ping with 'ping IP -I eth0' sanketmlad Linux - Networking 2 07-15-2011 05:32 AM
host resolves names, but ping and ssh do not agent86a Linux - Networking 23 01-22-2010 02:35 PM
nameserver resolves unqualified hostname in nslookup, ping (at CLI) doesn't-- why? lumix Linux - Networking 1 02-29-2008 07:23 PM
Ping resolves DNS but other apps don't? jago25_98 Linux - Networking 12 02-25-2007 03:39 PM
no matter what I ping it resolves to the localhosts's IP.... aubrey-calm2 Linux - Newbie 4 08-31-2006 12:17 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Debian

All times are GMT -5. The time now is 01:50 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration