Dear all ,
Very recently our DNS server ip got changed. I have entered the DNS ip in /etc/resolv.conf ...but I could not resolv it for my ip address.
Verified that , the IP is added in the DNS also.
It is still working with the old DNS ip.
Please let me know what could be the cause. I could ping DNS new IP from this machine.
Rgds
Rj
Perhaps the host cache needs to be invalidated (nscd, sssd)? What OS and version are you using?
From man nscd of an old version of nscd for example:
NOTES
Nscd doesn't know anything about the underlaying protocols for a ser-
vice. This also means, that if you change /etc/resolv.conf for DNS
queries, nscd will continue to use the old one if you have configured
/etc/nsswitch.conf to use DNS for host lookups. In such a case, you
need to restart nscd.
Newer version of nscd try to watch for changes to this file, but even then there may be a delay..
See for example here:
NOTES
The daemon will try to watch for changes in configuration files appropriate for each data-
base (e.g., /etc/passwd for the passwd database or /etc/hosts and /etc/resolv.conf for the
hosts database), and flush the cache when these are changed. However, this will happen
only after a short delay (unless the inotify(7) mechanism is available and glibc 2.9 or
later is available), and this auto-detection does not cover configuration files required
by nonstandard NSS modules, if any are specified in /etc/nsswitch.conf. In that case, you
need to run the following command after changing the configuration file of the database so
that nscd invalidates its cache:
$ nscd -i <database>
Thanks for the reply.
My OS version is RHEL 6.8 64 bit version.
And I also fine this daemon is running nscd..
Can I restart this daemon , this is prod server.
Rgds
Rj
Yes you can.
nscd is an accelaration service, not critical.
I restarted nscd services but it is not working ...
Ultimately whether you can restart the daemon depends on what you agreed upon in your organisation. But I agree with MadeInGermany it should have minimal impact, only performance-wise: directory backend (like LDAP) lookups could be a bit slower for some time and it would mean a bit more work for your directory backend server.
However, depending on the configuration set in /etc/nscd.conf , the cache may be persistent across restarts, so a restart may accomplish nothing.
IMO the best way would be to issue this command:
nscd -i hosts
which would simply invalidate all the host entries in the cache..
--
If that does not do the trick, does your host use sssd ?
What is the output of
grep ^hosts /etc/nsswitch.conf
?
Hi Scrut,
Please find the below output
# grep ^hosts /etc/nsswitch.conf
hosts: files dns
Thanks and Regards ,
RJ
Please tell us what you did to resolv.conf
Did you delete the old DNS server entry completely?
Or did you add the new DNS server to the bottom of the file leaving the old DNS entry above it?
(I'm not a RedHat expert but just asking this question at a generic level.)
The following commands tell you what the gethost...() syscalls get.
getent hosts serverIP
getent hosts servername
The following commands tell you the direct DNS lookup
nslookup serverIP
nslookup servername
If DNS is correct but not the getent, then you have an incorrect entry in /etc/hosts (or wrong data in the nscd cache)
Does the output from nslookup some-host-out-there query the new or old DNS server address? Can you post the output (in CODE tags) along with the contents of /etc/resolv.conf and /etc/nsswitch.conf
There can also be environmental variables that adjust the timeout & retrying of lookups. Can you paste in the output from this:-
set|grep -E "^RES_"
What symptoms do you actually get? A failure, a timeout, a hu_u_u_u_u_uge delay?
Kind regards,
Robin
OK, and what about my other question and did you try the suggestion before that?