Very Computer

This is the situation: a friend and I both use a broadband router with a few
machines behind them, at our respective homes. We each picked a name for our
'domain'. His is fictional. Mine also exists on the net, but with only the
www and ftp of rikishi42.net defined in the DNS, not my home machines.

He's added 2 of my PC's in the /etc/hosts of his laptop, for use when he
visits and connects it to my LAN.

This would be a sample from that file:

# Home net
192.168.108.101   desktop.myDomain    desktop
192.168.108.124   laptop.myDomain     laptop
192.168.108.101   server.myDomain     server
#Rikishi's net
192.168.8.142   gramps.rikishi42.net  gramps
192.168.8.181   pigmy.rikishi42.net   pigmy

We've allways used this, works just fine.
When connectiong to my machines, he's allways used the short (host only)
name. Last time, he accidentally tried with the full name. It failed.

My guess is that, upon finding that rikishi42.net exists, there is an
attempt to get the address from the DNS, skipping hosts all together.

But do I presume correctly, or is there more to it?

--
There is an art, it says, or rather, a knack to flying.
The knack lies in learning how to throw yourself at the ground and miss.
Douglas Adams

| This is the situation: a friend and I both use a broadband router with a few
| machines behind them, at our respective homes. We each picked a name for our
| 'domain'. His is fictional. Mine also exists on the net, but with only the
| www and ftp of rikishi42.net defined in the DNS, not my home machines.
|
| He's added 2 of my PC's in the /etc/hosts of his laptop, for use when he
| visits and connects it to my LAN.
|
| This would be a sample from that file:
|
| # Home net
| 192.168.108.101   desktop.myDomain    desktop
| 192.168.108.124   laptop.myDomain     laptop
| 192.168.108.101   server.myDomain     server
| #Rikishi's net
| 192.168.8.142   gramps.rikishi42.net  gramps
| 192.168.8.181   pigmy.rikishi42.net   pigmy
|
|
| We've allways used this, works just fine.
| When connectiong to my machines, he's allways used the short (host only)
| name. Last time, he accidentally tried with the full name. It failed.
|
|
| My guess is that, upon finding that rikishi42.net exists, there is an
| attempt to get the address from the DNS, skipping hosts all together.
|
| But do I presume correctly, or is there more to it?

/etc/nsswitch.conf determines whether DNS or /etc/hosts is checked
first, and whether the other is checked at all.

Sounds like your friend might have DNS first. The second choice is
generally only checked if the first fails (i.e DNS is unreachable). If
DNS returns a "host does not exist" error, that does not trigger a fall
back to /etc/hosts.

--
Reverend Paul Colquhoun, ULC.    http://andor.dropbear.id.au/~paulcol
     Asking for technical help in newsgroups?  Read this first:
        http://catb.org/~esr/faqs/smart-questions.html#intro

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Quote:,--- Rikishi 42 writes:

| This is the situation: a friend and I both use a broadband router with a few
| machines behind them, at our respective homes. We each picked a name for our
| 'domain'. His is fictional. Mine also exists on the net, but with only the
| www and ftp of rikishi42.net defined in the DNS, not my home machines.

| He's added 2 of my PC's in the /etc/hosts of his laptop, for use when he
| visits and connects it to my LAN.

| This would be a sample from that file:

| # Home net
| 192.168.108.101   desktop.myDomain    desktop
| 192.168.108.124   laptop.myDomain     laptop
| 192.168.108.101   server.myDomain     server
| #Rikishi's net
| 192.168.8.142   gramps.rikishi42.net  gramps
| 192.168.8.181   pigmy.rikishi42.net   pigmy

| We've allways used this, works just fine.
| When connectiong to my machines, he's allways used the short (host only)
| name. Last time, he accidentally tried with the full name. It failed.

How is he trying connect to your box ? And are you sure, it failed at
name resolution step, not something like connection etc. ? To resolve
a hostname yourself, you can try "getent hosts <hostname>" .

| My guess is that, upon finding that rikishi42.net exists, there is an
| attempt to get the address from the DNS, skipping hosts all together.

| But do I presume correctly, or is there more to it?

It all depends on "/etc/nsswitch.conf"'s "hosts" entry. Usually
"hosts" entry has "files" first and then "dns". But anyways, even if
order is reverse, then also it should work, if it is not able to
resolve from DNS.

Anyways I added your records in my /etc/hosts and it is able to
resolve 'gramps.rikishi42.net' without any problems.

| --
| There is an art, it says, or rather, a knack to flying.
| The knack lies in learning how to throw yourself at the ground and miss.
| Douglas Adams

Anyways, you can instead of adding each other's boxes in /etc/hosts,
there is one more way, which you can try. i.e. Avahi
( http://avahi.org/ ) .

HTH
- --
Ashish Shukla ???? ?????                      http://wahjava.wordpress.com/
-- - --- - - - --- -- -- - - --- -- --- --
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFHK3KdHy+EEHYuXnQRArHrAJ0dOR9cpFYjjqCMoxozdPyhi555wwCg7kdV
lndtGZxKxNnPX5e3Avip+0A=
=4AKA
-----END PGP SIGNATURE-----

Quote:> /etc/nsswitch.conf determines whether DNS or /etc/hosts is checked
> first, and whether the other is checked at all.

Didn't know that one, thanks. I'll check it out.

Quote:> Sounds like your friend might have DNS first. The second choice is
> generally only checked if the first fails (i.e DNS is unreachable). If
> DNS returns a "host does not exist" error, that does not trigger a fall
> back to /etc/hosts.

Seems exactly what I feared. I'll check his config, next time he visits.

--
There is an art, it says, or rather, a knack to flying.
The knack lies in learning how to throw yourself at the ground and miss.
Douglas Adams

Quote:>| We've allways used this, works just fine.
>| When connectiong to my machines, he's allways used the short (host only)
>| name. Last time, he accidentally tried with the full name. It failed.

> How is he trying connect to your box ? And are you sure, it failed at
> name resolution step, not something like connection etc. ? To resolve
> a hostname yourself, you can try "getent hosts <hostname>" .

Connection is OK, since the short names worked.
Thanks for getent, I leared something.

Quote:>| My guess is that, upon finding that rikishi42.net exists, there is an
>| attempt to get the address from the DNS, skipping hosts all together.

>| But do I presume correctly, or is there more to it?

> It all depends on "/etc/nsswitch.conf"'s "hosts" entry. Usually
> "hosts" entry has "files" first and then "dns". But anyways, even if
> order is reverse, then also it should work, if it is not able to
> resolve from DNS.

> Anyways I added your records in my /etc/hosts and it is able to
> resolve 'gramps.rikishi42.net' without any problems.

That would confirm that his nsswitch is not set correctly.
Thanks for the info.

--
There is an art, it says, or rather, a knack to flying.
The knack lies in learning how to throw yourself at the ground and miss.
Douglas Adams

On Fri, 2 Nov 2007, in the Usenet newsgroup comp.os.linux.networking, in article

Minor quibble - a given hostname OR IP address should appear on one
line only.

Quote:>#Rikishi's net
>192.168.8.142   gramps.rikishi42.net  gramps
>192.168.8.181   pigmy.rikishi42.net   pigmy

>We've allways used this, works just fine.
>When connectiong to my machines, he's allways used the short (host only)
>name. Last time, he accidentally tried with the full name. It failed.

Might be interesting to know what is in /etc/resolv.conf - domain or
search lines?

Quote:>My guess is that, upon finding that rikishi42.net exists, there is an
>attempt to get the address from the DNS, skipping hosts all together.

No - how would it know that a domainname exists in DNS without asking
the DNS?

Quote:>But do I presume correctly, or is there more to it?

There are two files that control the order in which the hosts file or
DNS is consulted.    Older applications used /etc/host.conf, and this
has a simple line that reads

   order hosts,bind

which translates to 'check the hosts file, and if the hostname is not
found, check DNS'. The second (more modern file) is /etc/nsswitch.conf
which has it's own man page

[compton ~]$ whatis nsswitch.conf
nsswitch.conf [nsswitch] (5)  - System Databases and Name Service Switch
   configuration file
[compton ~]$

and a common configuration might be

   hosts:      files nisplus nis dns

which translates to 'check the hosts file, and if the hostname is not
found, check NIS+ and if the hostname is not found check NIS, and if the
hostname is not found check DNS".  This line might be shortened by
eliminating the NIS terms if you don't have NIS or NIS+ servers on your
LAN (most don't).

The other possible problem is the '/etc/resolv.conf' file, and the
brain-dead use of 'domain' and/or 'search' lines. These lines allow
use of short names in DNS - which may or may not be a massive security
hole.  There are a number of man pages you can look at - start with
'gethostbyname', 'resolver (5)' and 'hostname'.

Perhaps the best way to troubleshoot DNS problems is to simply use a
packet sniffer and LOOK at the questions (and answers) you are tossing
at the name server.

  /usr/sbin/tcpdump -ni eth0 port 53

might give the clues needed. The DNS-HOWTO offers some assistance if
you don't know what this dialog should look like.

        Old guy

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Quote:,--- Paul Colquhoun writes:

[...]

| Sounds like your friend might have DNS first. The second choice is
| generally only checked if the first fails (i.e DNS is unreachable). If
| DNS returns a "host does not exist" error, that does not trigger a fall
| back to /etc/hosts.

If 'dns' returns 'host doesn't exist' (i.e. NOTFOUND, for details checkout
nsswitch.conf(5)), then the default action will be to continue, unless
your friend's 'hosts' entry in '/etc/nsswitch.conf' is similar to following
entry:

hosts: dns [NOTFOUND=return] files

According to above entry, if 'dns'  returns NOTFOUND, name resolution
should end there only, didn't proceed to 'files' .

HTH
- --
Ashish Shukla ???? ?????                      http://wahjava.wordpress.com/
-- - --- - - - --- -- -- - - --- -- --- --
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFHK6RjHy+EEHYuXnQRAvHDAKCqTIZNh6ovmpWC9OKEhuKVOXqd4gCgqJj4
k/t2RAq4muAkJs7KHfga8dk=
=s4wh
-----END PGP SIGNATURE-----

It depends on whether he told his system to look for the address in hosts
or in dns first.
/etc/hosts.conf and /etc/nsswitch.conf

Quote:>But do I presume correctly, or is there more to it?
>--
>There is an art, it says, or rather, a knack to flying.
>The knack lies in learning how to throw yourself at the ground and miss.
>Douglas Adams

Quote:> This is the situation: a friend and I both use a broadband router with a few
> machines behind them, at our respective homes. We each picked a name for our
> 'domain'. His is fictional. Mine also exists on the net, but with only the
> www and ftp of rikishi42.net defined in the DNS, not my home machines.
> He's added 2 of my PC's in the /etc/hosts of his laptop, for use when he
> visits and connects it to my LAN.

This will not answer your question but you may want to try and use DHCP
with `dnsmasq' on your home network.  This way you can setup your local
dns proxy to serve names for your local network.  E.g. I have my router
use a fictional ".home" domain and all the machines that connect to it
get a name there and can lookup each other without having to twiddle any
/etc/hosts file.

Better yet: the name they get is determined by the machine's name
(passed to the DHCP server), so I don't even have a centralized database
that maps names to IP either: it's all setup dynamically (although you
do have to ask GNU/Linux's dhcp client to pass this name explicitly
because it doesn't do it by default contrary to Mac OS X's).

        Stefan

That's is correct the format is

  [internet address] [domain name] [alias]

Quote:

>> #Rikishi's net
>> 192.168.8.142   gramps.rikishi42.net  gramps
>> 192.168.8.181   pigmy.rikishi42.net   pigmy

>> We've allways used this, works just fine.
>> When connectiong to my machines, he's allways used the short (host only)
>> name. Last time, he accidentally tried with the full name. It failed.

> Might be interesting to know what is in /etc/resolv.conf - domain or
> search lines?

>> My guess is that, upon finding that rikishi42.net exists, there is an
>> attempt to get the address from the DNS, skipping hosts all together.

> No - how would it know that a domainname exists in DNS without asking
> the DNS?

>> But do I presume correctly, or is there more to it?

> There are two files that control the order in which the hosts file or
> DNS is consulted.    Older applications used /etc/host.conf, and this
> has a simple line that reads

>    order hosts,bind

> which translates to 'check the hosts file, and if the hostname is not
> found, check DNS'. The second (more modern file) is /etc/nsswitch.conf
> which has it's own man page

> [compton ~]$ whatis nsswitch.conf
> nsswitch.conf [nsswitch] (5)  - System Databases and Name Service Switch
>    configuration file
> [compton ~]$

> and a common configuration might be

>    hosts:      files nisplus nis dns

> which translates to 'check the hosts file, and if the hostname is not
> found, check NIS+ and if the hostname is not found check NIS, and if the
> hostname is not found check DNS".  This line might be shortened by
> eliminating the NIS terms if you don't have NIS or NIS+ servers on your
> LAN (most don't).

> The other possible problem is the '/etc/resolv.conf' file, and the
> brain-dead use of 'domain' and/or 'search' lines. These lines allow
> use of short names in DNS - which may or may not be a massive security
> hole.  There are a number of man pages you can look at - start with
> 'gethostbyname', 'resolver (5)' and 'hostname'.

> Perhaps the best way to troubleshoot DNS problems is to simply use a
> packet sniffer and LOOK at the questions (and answers) you are tossing
> at the name server.

>   /usr/sbin/tcpdump -ni eth0 port 53

> might give the clues needed. The DNS-HOWTO offers some assistance if
> you don't know what this dialog should look like.

>         Old guy

stealing - Using some one elses domain name is unethical.  Bottom line
"IT'S NOT YOURS"

Quote:> He's added 2 of my PC's in the /etc/hosts of his laptop, for use when he
> visits and connects it to my LAN.

> This would be a sample from that file:

> # Home net
> 192.168.108.101   desktop.myDomain    desktop
> 192.168.108.124   laptop.myDomain     laptop
> 192.168.108.101   server.myDomain     server
> #Rikishi's net
> 192.168.8.142   gramps.rikishi42.net  gramps
> 192.168.8.181   pigmy.rikishi42.net   pigmy

192.168.xxx.xxx addresses are private network addresses and usually not
forwarded upstream by a router. Can you imagine what would happen if
everyone using the same addresses allowed all their network traffic to
reach the www.  They would be mass collisions Not to mention that your
private network is no longer "private".

Be forewarned of the security implications

Quote:

> We've allways used this, works just fine.
> When connectiong to my machines, he's allways used the short (host only)
> name. Last time, he accidentally tried with the full name. It failed.

> My guess is that, upon finding that rikishi42.net exists, there is an
> attempt to get the address from the DNS, skipping hosts all together.

> But do I presume correctly, or is there more to it?

Why bother with all this ?  Do it right.  Just use the name & IP address
that has been assigned to you by your ISP.  If you are assigned a
dynamic (IP address changes from time to time) which they normally are
then use a FREE service like DynDns  and have your own "REAL" domain   ...

   "YOU".dyndns.org

they have several domain you can pick from other than dyndns.org. There
are programs you can run that will update the Dyndns listing
automatically when your ISP changes your IP address.

Dns lookup Work ... Other friends anyware can reach your machine and you
will NOT be blocked by upstream routers.

I would recommend adding .invalid to those domain names that are not
owned by you/him, just incase email escapes the local lan.

You might want to read http://www.rfc-editor.org/rfc/rfc2606.txt

Here is a snippet from mine.
$ head -5 /etc/hosts
127.0.0.1               localhost
192.168.1.31            wb7.home.invalid wb7
192.168.1.11            fw.home.invalid fw
192.168.1.12            wb1.home.invalid wb1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

|| On Fri, 2 Nov 2007, in the Usenet newsgroup comp.os.linux.networking, in article

[...]

||| # Home net
||| 192.168.108.101   desktop.myDomain    desktop
||| 192.168.108.124   laptop.myDomain     laptop
||| 192.168.108.101   server.myDomain     server
||
|| Minor quibble - a given hostname OR IP address should appear on one
|| line only.

| That's is correct the format is

|  [internet address] [domain name] [alias]

He's having double entries for the same IP address (192.168.108.101) .
- --
Ashish Shukla ???? ?????                      http://wahjava.wordpress.com/
-- - --- - - - --- -- -- - - --- -- --- --
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFHLKi0Hy+EEHYuXnQRAjWgAKDF7fDDJhxpDLU0VhFX6mfbTR2gWgCgnWYI
lbcabKVk3/KAm7rskjy8/AA=
=mWk/
-----END PGP SIGNATURE-----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Quote:,--- Stefan Monnier writes:

[...]

| Better yet: the name they get is determined by the machine's name
| (passed to the DHCP server), so I don't even have a centralized database
| that maps names to IP either: it's all setup dynamically (although you
| do have to ask GNU/Linux's dhcp client to pass this name explicitly
| because it doesn't do it by default contrary to Mac OS X's).

Why not use Avahi[1] ( which provides mDNS[2] ) and libnss-mdns[3] (nss
plugin for name resolving using mDNS) .

[1]. http://www.avahi.org/
[2]. http://en.wikipedia.org/wiki/Zeroconf
[3]. http://0pointer.de/lennart/projects/nss-mdns/

|         Stefan

HTH
- --
Ashish Shukla ???? ?????                      http://wahjava.wordpress.com/
-- - --- - - - --- -- -- - - --- -- --- --
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFHLKy1Hy+EEHYuXnQRAk16AKDxSLw2M/IoFVwfqD9KmBUV7OO++ACdFcbI
qCVhcIkwjqR50ekGiukVcRw=
=y7ql
-----END PGP SIGNATURE-----

That would be my fault, I messed up the example. In the real file, there are
no double entries.

--
There is an art, it says, or rather, a knack to flying.
The knack lies in learning how to throw yourself at the ground and miss.
Douglas Adams