gethostbyaddr errors from netstat?

gethostbyaddr errors from netstat?

Post by Kynd » Fri, 31 Oct 2003 01:34:45



I'm seeing this syslog message on 2 solaris database machines:

netstat[22250]: gethostbyaddr: fp01.blah.com. != 10.1.0.2

The hostname fp01.blah.com resolves to 10.1.0.1 so the error is a true
statement, but why is the machine expecting it to resolv to 10.1.0.2?
And what process is reporting this error?  I don't have any daemons
running called "netstat", and when I issue the netstat command in
various forms both with and without the "-n" option, it doesn't
generate any syslog messages.  Also there is no host entry for
fp01.blah.com in the hosts file and dns resolution works perfectly.

/etc/resolv.conf:
hosts:      files dns

So the only source for name/address information on fp01.blah.com
should be from dns, which returns 10.1.0.1...  Anyone have a clue
where this message is coming from?

 
 
 

gethostbyaddr errors from netstat?

Post by Barry Margoli » Fri, 31 Oct 2003 01:38:55




>I'm seeing this syslog message on 2 solaris database machines:

>netstat[22250]: gethostbyaddr: fp01.blah.com. != 10.1.0.2

>The hostname fp01.blah.com resolves to 10.1.0.1 so the error is a true
>statement, but why is the machine expecting it to resolv to 10.1.0.2?
>And what process is reporting this error?  I don't have any daemons
>running called "netstat", and when I issue the netstat command in
>various forms both with and without the "-n" option, it doesn't
>generate any syslog messages.  Also there is no host entry for
>fp01.blah.com in the hosts file and dns resolution works perfectly.

This message is generated automatically by the resolver library.  After
doing a reverse lookup, it then performs a forward lookup to see if they
are consistent.

It's complaining that it did a reverse lookup of 10.1.0.2 and got
fp01.blah.com, then did a forward lookup of that name and got something
else (10.1.0.1, according to your message).  Since 10.1.0.1 is not the same
as 10.1.0.2, this could be an indication that someone is attempting reverse
DNS spoofing.

--

Level(3), Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.

 
 
 

1. error using gethostbyaddr()

Hi

Since I'm new to linux-programming, my question may be a simple one:
I've
written a server-app which should return, among other things, the
hostname of the peering client connected over a socket. So I check the
client's IP by calling getpeername(sock, &in_addr, &addrlen). To get the
hostname of the returned IP, I proceed with a call to gethostbyaddr().
This function, unfortunately returns NULL, though the IP is correct.

Could anybody give some hints.

Thanks
        Rosi

2. Q: hp8100-pcl commands-line wrapping

3. gethostbyaddr() errors

4. Office Package?

5. gethostbyaddr error

6. Client-specific serving on Apache?

7. help ! gethostbyaddr error

8. Zmodem for Solaris

9. "gethostbyaddr() failed" error

10. NetStat Distributed Network Status Client - http://netstat.net

11. Problem: "Netstat : error in loading shared libraries : undefined symbol : __ register _ frame _ info

12. Q: netstat displaying input errors

13. netstat -nr error