Why is my /etc/hosts file not queried when nslookup tries to resolve an address?

dns hosts

77,554

Solution 1

nslookup only does proper DNS resolution, which is significantly different from the Name Service Switch subsystem that your other applications use; that is to say nslookup ignores /etc/hosts and mDNS.

To test local resolutions like that, use something that uses NSS. ping <hostname> for example. Here's a simple demo based on an /etc/hosts entry on my network.

$ nslookup bert
Server:     8.8.8.8
Address:    8.8.8.8#53

** server can't find bert: NXDOMAIN

$ ping bert
PING bert (10.10.0.4) 56(84) bytes of data.
64 bytes from bert (10.10.0.4): icmp_seq=1 ttl=64 time=0.352 ms
64 bytes from bert (10.10.0.4): icmp_seq=2 ttl=64 time=0.407 ms

Note that there are DNS servers and proxies that can factor in an /etc/hosts file. In these cases, nslookup might return a result from a local source.

Solution 2

I guess that you want the name resolution from /etc/hosts file for the specific host (mysite.com).

Another common problem that can cause this behavior is that you may have many entries on the /etc/hosts file for the same IP, example:

1.1.1.1 host1.domain1.com
1.1.1.1 host2.domain2.com

In some implementations, this can cause the name resolution to get handed to DNS. A quick fix, group everything in 1 row

1.1.1.1 host1.domain1.com host2.domain2.com

Solution 3

Another common thing I see is where somebody (usually me) reverses the IP address with the hostname in /etc/hosts - for example:

mysite.com    10.2.3.4

At first glance, it looks normal... Here is my solution about 50% of the time:

10.2.3.4    mysite.com

77,554

Mehran

Updated on September 18, 2022

Comments

Mehran over 1 year

I have a couple of local domains resolved to 127.0.0.1 in my /etc/hosts file. And it was all alright for a period of time but now when I run:

nslookup test.local

It results in:

Server:     192.168.1.3
Address:    192.168.1.3#53

** server can't find test.local: NXDOMAIN

The 192.168.1.3 is our network DNS and it's not supposed to know my local domain test.local. After a couple of searches I found that /etc/nsswitch.conf file holds information on the priority of the DNS sources to query by. But there was no problem there! Here's mine:

# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.

passwd:         compat
group:          compat
shadow:         compat

hosts:          files mdns4_minimal [NOTFOUND=return] dns
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis

So does anyone know why my hosts file is not included in DNS look-up?

CybeX almost 7 years

guilty of it this time...#sigh
Mikko Rantalainen over 6 years

Instead of ping one should be using getent ahosts because that does not require all the extra stuff that ping has.
m3nda about 6 years

Usually the hosts files comes with predefined 127.0.0.1 localhost entry. Doing it wrong is so much wrong :-)