[prev in list] [next in list] [prev in thread] [next in thread]
List: hpux-admin
Subject: [HPADM] Summary Login & DNS
From: Garry Armour <g.armour () spanboard ! co ! uk>
Date: 2000-11-30 15:47:42
[Download RAW message or body]
Thank to all who responded.
These things are always sooo obvious when you hear the answer :-)
I'm in the process of putting separate (windoze) DNS on every network
(to link to WINS with DHCP) so this won't be a long term problem.
In the meantime I will make the changes everyone recommends just in case DNS
falls down again.
Thanks
Garry
Please respond to "Rodney Wines" <Rodney.Wines@ahqps.alcatel.fr>
To: Garry Armour/SonaeUK@Sonae Group UK
cc:
Subject: Re: [HPADM] Login & DNS
> Does anyone know how to reduce this timeout value or bypass the reverse
lookup
> altogether in the event of no DNS ??
Edit nsswitch.conf so that "files" is checked before "DNS" for host name
resolution. Then, add the required IP addresses and hostnames to /etc/hosts.
That's the safest way to do it.
Rodney
Yup, the HP-UX box itself needs a DNS,
when I had similar problem time ago I just
moved /etc/resolv.conf to /etc/resolv.disabled
this way the HP-UX assumes no DNS at all and
works fine
Good luck
Stef.
Subject: Re: [HPADM] Login & DNS
you're right guessing that the hp box waits for reverse dns lookup
change the nsswitch.conf either manually or by sam to tell the hp box that
the "hosts" resolution has to be only handled by "file" but not by dns
neither by nis and to return immediatly if the entry is not found
then the reverse lookyp will be immediate
hth,
Thierry ITTY
eMail : Thierry.Itty@Besancon.org FRANCE
Hello,
Did you look at /etc/nsswitch.conf ? Your hosts precedence must be
something like :
hosts: dns nis files
(if using nis)
Try this:
hosts: dns [NOTFOUND=continue UNAVAIL=continue] nis files
HTH !
Regards.
--
Frederic Soriano
Alcatel Submarine Networks
On the problem system hide your /etc/resolv.conf file (if you are using
/etc/hosts instead of DNS). This should clear up the delay.
Tony Kruse
Systems Integrator
Powertrain Operations and Engine Engineering
Ford Motor Company
Voice: (313)84-52584 Pager: (313)795-8016 Fax: (313)317-4531
akruse1@ford.com
Garry,
I'm surprised it needs to do the reverse at all.
Are you using /var/adm/inetd.sec?
Regards,
-Matt
PS. You can of course define multiple (up to three)
servers in /etc/resolv.conf to reduce the chance of
this thing happening again.
Subject: Re: [HPADM] Login & DNS
temporary bodge, edit /etc/nsswitch.conf and change
hosts: dns files
to
hosts: files
for longer outages, and/or if there are a lot of dns clients on the network
setup a false DNS root server, and either bring it up with the IP address
of your internal primary DNS (assuming the latter is down),
or re-configure your internal DNS server(s) to forward to the false root.
For details see the O-Reilly "DNS and Bind" book.
The latter technique is also useful when your internet connectivity is down
.
--
Mike
Please respond to Eef Hartman <E.J.M.Hartman@math.tudelft.nl>
To: Garry Armour/SonaeUK@Sonae Group UK
cc:
Subject: Re: [HPADM] Login & DNS
In a message to me Garry Armour wrote:
> Does anyone know how to reduce this timeout value or bypass the reverse lookup
> altogether in the event of no DNS ??
Either use /etc/nsswitch.conf to use "files" first (and make sure all of the
clients ARE in the /etc/hosts file, so that lookups can be done there) or
remove/rename the /etc/resolv.conf file altogether (which will make it use
/etc/hosts ONLY from now on).
As far as I remember the usage of nsswitch is a PATCH in HP-UX 10.xx, it will
be standard in HP-UX 11 (so it may be that your system doesn't use it when
you don't have that patch, then use the rename of the resolver config file).
As an example, this is our nsswitch.conf:
# /etc/nsswitch.conf
#
# This is the configuration file for the name service switch.
#
# See the Adminstering Internet Services Manual and the switch(4) man
# page for more information on the name service switch.
#
hosts: files [NOTFOUND=continue] dns
services: files
protocols: files
networks: files
rpc: files
netgroup: files
As you can see, DNS is only used for hosts "when they are not in the local
files". Everything else is done from files and not, for instance, NIS.
--
I've been down that same road in a different situation, but same problem.
And you're right it is definitely a reverse DNS issue. The telnet service
is trying to determine who you are (where you came from) and since DNS is
down, it won't find it, hence the long delay.
There doesn't appear to be a way to change this behavior, unless you either
disable DNS on the clients (the ones you are telneting too.) or use the
nsswitch.conf on the clients to allow both files and DNS for host lookups
and then put the hostname of where you're coming from in the local
/etc/hosts.
I did not get an answer from this group or HP on whether there was a way to
disable reverse lookups for telnet or reduce the delay. Apparently there
isn't one. The ideas I mentioned aren't nice so I would recommend setting
up a secondary DNS server so if one goes down, you still have another that
will respond. A cheap Linux box makes a good secondary DNS server. Good
luck!
You can remove the dns entry from /etc/nswitch.conf file for host database
or you can add the entries for the client system in /etc/hosts file (system
name and IP)
Hasham
the problem is that the HP-UX seems to accept the telnet then delays
Telnet does a reverse lookup on the IP and waits until it times out.
I don't know how to bypass it other than adding the workstations to the
/etc/host file so they can reverse lookup from that.
Make sure you machine is set up to check files and DNS for IP lookup.
configure a 2nd dns server(a secondary off the primary), and make sure that
/etc/resolv.conf points to both servers.
Or make /etc/nsswitch.conf look at /etc/hosts first, then DNS.
Hi Gary,
You have just discovered how essential a reliable DNS is! What I am
wondering is do your HP servers and the clients that connect to it only
reference one DNS server? E.g. on the HP box concerned how many lines
which begin:
nameserver nn.nn.nn.nn
are in the:
/etc/resolv.conf
file. It is it only one then I would *very* strongly recommend you find
out the IP addresses of alternative secondary DNS servers. If you only
have one prinary DNS server then it's time to create one or two secondaries
of it. Your HP hosts will make excellent secondary DNS servers by the way.
The way to get round the problem of a DNS server going down is to maximise
the availability of the DNS service. This is done by providing more
secondary servers to the DNS primaries and configuring more than one DNS
server IP address on each and every client.
If DNS service was critical to your infrastructure (and it usually is) I
would go as far as putting a secondary DNS server on *every* network
segment. This means that should a network segment lose connectivity to
other network segments (routers going down for example) then DNS resolution
is still possible.
DNS has redundancy built into it's design so it makes sense to use it.
Regards,
Andy Cranston.
--
---> Please post QUESTIONS and SUMMARIES only!! <---
To subscribe/unsubscribe to this list, contact majordomo@dutchworks.nl
Name: hpux-admin@dutchworks.nl Owner: owner-hpux-admin@dutchworks.nl
Archives: ftp.dutchworks.nl/pub/digests/hpux-admin (FTP, browse only)
http://www.dutchworks.nl/htbin/hpsysadmin (Web, browse & search)
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic