Linux system DNS error resolution

Applicable scene

CentOS, Euleros series operating systems

Symptoms

If the ping of the public network domain name fails, it prompts Name or service not known, but the elastic public network IP can be pinged. The same is true for CURL

Root cause analysis

There are usually three reasons for this problem:

• The DNS address is not configured in /etc/resolv.conf or the DNS address is incorrect.
• The /etc/nsswitch.conf file deletes DNS resolution records.
• The /lib64/libnss_dns.so.2 library file is missing and domain names cannot be resolved.

Execute the following command to view all files opened by resolving the domain name.
strace -e trace=open ping www.baidu.com -c 1
All files appearing in this result will affect domain name resolution.

Approach

Scenario 1: DNS address is not configured in /etc/resolv.conf or the DNS address is wrong

The most critical item in /etc/resolv.conf is the nameserver item. If no nameserver is specified, the DNS server cannot be found. Other keywords are optional.

nameserver indicates that the host specified by this address is the domain name server when resolving the domain name. Among them, the domain name servers are queried in the order in which they appear in the file, and only when the first nameserver does not respond, the next nameserver is queried

Please check the DNS address configured in /etc/resolv.conf

Scenario 2: Deletion of DNS resolution records in the /etc/nsswitch.conf file causes

1. Check whether /etc/nsswitch.conf has DNS resolution configuration

grep hosts /etc/nsswitch.conf

The echo information is as follows, the DNS option is not configured in the hosts line, resulting in /etc/resolv.conf not being read when resolving the domain name, resulting in domain name resolution failure

#hosts: db files nisplus nis dns
hosts: files myhostname

2. Open /etc/nsswitch.conf and find the hosts line to add DNS resolution

#hosts: db files nisplus nis dns
hosts: files dns myhostname

The value of the hosts item represents a list of services in priority order, which are used to look up the IP address of the domain name.

"file" means to use the /etc/hosts file, and "dns" means to use the domain name service. If "file" precedes "dns", it means that the system will first try to look up the domain name in /etc/hosts before looking it up via DNS (this is the default configuration). DNS lookups will not be used if dns is not configured

Scenario 3: The /lib64/libnss_dns.so.2 library file is missing and the domain name cannot be resolved

1. The /lib64/libnss_dns.so.2 library file is generated by the glibc package, you can check whether the package has been modified by checking glibc

rpm -V glibc

Execute rpm -qf /lib64/libnss_dns.so.2 on a normal Linux system to generate a library file

The echo information is as follows, indicating that the /lib64/libnss_dns.so.2 file is missing

missing /lib64/libnss_dns.so.2

2. Execute the following command to re-establish the soft link

ln -s /usr/lib64/libnss_dns-2.17.so /usr/lib64/libnss_dns.so.2

Executing ls -l /lib64/libnss_dns.so.2 on a normal cloud server shows that the source file of /lib64/libnss_dns.so.2 is /usr/lib64/libnss_dns-2.17.so