Hay un bug de la aplicación ping en Red hat haciendo que cuando se ejecuta devuelve una ip diferente al que devuelve nslookup. El caso está documentado en el siguiente enlace :
https://access.redhat.com/solutions/4542771
Ping resolves a different IP than what is returned by nslookup. - Red
When attempting to ping by hostname it is pinging an address different from what is returned by nslookup
nscd -i hosts
Ping resolves a different IP than what is returned by nslookup.
SOLUTION VERIFIED - Updated October 30 2019 at 8:24 PM -
English
Environment
Red Hat Enterprise Linux
Issue
When attempting to ping by hostname it is pinging an address different from what is returned by nslookup
Resolution
ï Clear the nscd hosts db
Raw
# nscd -i hosts
Root Cause
The entry for the host in /var/db/ncsd/hosts was not correct. glibc will check the entry for the host in /var/db/ncsd/hosts via /var/run/nscd/socket before referencing /etc/nsswitch.conf.
Snip from an strace of a ping
Raw
23237 11:45:36.523725 socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 5<UNIX:[1814099]> <0.000008>
23237 11:45:36.523797 connect(5<UNIX:[1814099]>, {sa_family=AF_UNIX, sun_path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory) <0.000012>
23237 11:45:36.523865 close(5<UNIX:[1814099]>) = 0 <0.000008>
23237 11:45:36.523916 socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 5<UNIX:[1814100]> <0.000005>
23237 11:45:36.523960 connect(5<UNIX:[1814100]>, {sa_family=AF_UNIX, sun_path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory) <0.000008>
23237 11:45:36.524014 close(5<UNIX:[1814100]>) = 0 <0.000005>
23237 11:45:36.524068 open("/etc/nsswitch.conf", O_RDONLY|O_CLOEXEC) = 5</etc/nsswitch.conf> <0.000007>
23237 11:45:36.524107 fstat(5</etc/nsswitch.conf>, {st_dev=makedev(253, 1), st_ino=526196, st_mode=S_IFREG|0644, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=8, st_size=1768, st_atime=1572435989 /* 2019-10-30T07:46:29.194508306-0400 */, st_atime_nsec=194508306, st_mtime=1544905437 /* 2018-12-15T15:23:57.226889025-0500 */, st_mtime_nsec=226889025, st_ctime=1544905437 /* 2018-12-15T15:23:57.226889025-0500 */, st_ctime_nsec=226889025}) = 0 <0.000005>
23237 11:45:36.524154 read(5</etc/nsswitch.conf>, "#\n# /etc/nsswitch.conf\n#\n# An example Name Service Switch config file. This file should be\n# sorted with the most-used services at the beginning.\n#\n# The entry '[NOTFOUND=return]' means that the search for an\n# entry should stop if the search in the previous entry turned\n# up nothing. Note that if the search failed due to some other reason\n# (like no NIS server responding) then the search continues with the\n# next entry.\n#\n# Valid entries include:\n#\n#\tnisplus\t\t\tUse NIS+ (NIS version 3)\n#\tnis\t\t\tUse NIS (NIS version 2), also called YP\n#\tdns\t\t\tUse DNS (Domain Name Service)\n#\tfiles\t\t\tUse the local files\n#\tdb\t\t\tUse the local database (.db) files\n#\tcompat\t\t\tUse NIS on compat mode\n#\thesiod\t\t\tUse Hesiod for user lookups\n#\t[NOTFOUND=return]\tStop searching if not found so far\n#\n\n# To use db, put the \"db\" in front of \"files\" for entries you want to be\n# looked up first in the databases\n#\n# Example:\n#passwd: db files nisplus nis\n#shadow: db files nisplus nis\n#group: db files nisplus nis\n\npasswd: files sss systemd\nshadow: files sss\ngroup: files sss systemd\n\n#hosts: db files nisplus nis dns\nhosts: files mdns4_minimal [NOTFOUND=return] dns myhostname mymachines\n\n# Example - obey only what nisplus tells us...\n#services: nisplus [NOTFOUND=return] files\n#networks: nisplus [NOTFOUND=return] files\n#protocols: nisplus [NOTFOUND=return] files\n#rpc: nisplus [NOTFOUND=return] files\n#ethers: nisplus [NOTFOUND=return] files\n#netmasks: nisplus [NOTFOUND=return] files\n\nbootparams: nisplus [NOTFOUND=return] files\n\nethers: files\nnetmasks: files\nnetworks: files\nprotocols: files\nrpc: files\nservices: files sss\n\nnetgroup: files sss\n\npublickey: nisplus\n\nautomount: files sss\naliases: files nisplus\n", 4096) = 1768 <0.000005>
23237 11:45:36.524203 read(5</etc/nsswitch.conf>, "", 4096) = 0 <0.000005>
23237 11:45:36.524231 close(5</etc/nsswitch.conf>) = 0 <0.000005>
Diagnostic Steps
ï Confirm the IP returned by nslookup
Raw
[testbuild root @ test ~]
# nslookup test.example.com
Server: 192.168.0.65
Address: 192.168.0.65#53
Non-authoritative answer:
Name: test.example.com
Address: 192.168.0.182
ï Check ip used by ping
Raw
[testbuild root @ test ~]
# ping test.example.com
PING test.example.com (192.168.0.118) 56(84) bytes of data.
From 192.168.0.123 (192.168.0.123) icmp_seq=1 Destination Host Unreachable
From 192.168.0.123 (192.168.0.123) icmp_seq=2 Destination Host Unreachable
^C
--- test.example.com ping statistics ---
2 packets transmitted, 0 received, +2 errors, 100% packet loss, time 1001ms
ï Check /etc/hosts to make sure there is no entry pointing to the wrong IP
Raw
# cat etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 localhost.localdomain localhost
::1 localhost6.localdomain6 localhost6
ï confirm if ncsd is configured to cache hosts
Raw
# cat /etc/nscd.conf
----------snip----------
enable-cache hosts yes
positive-time-to-live hosts 3600
negative-time-to-live hosts 20
suggested-size hosts 211
check-files hosts yes
persistent hosts yes
shared hosts yes
max-db-size hosts 33554432
---------snip------------
ï Product(s)
ï Red Hat Enterprise Linux
ï Category
ï Configure
ï Tags
ï nscd
This solution is part of Red Hatís fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Ping resolves a different IP than what is returned by nslookup. - Red
When attempting to ping by hostname it is pinging an address different from what is returned by nslookup