ypmatch xxx hosts & nslookup xxx mismatch

ypmatch xxx hosts & nslookup xxx mismatch

Post by paul y » Sun, 09 Dec 2001 08:34:13



OS:
SunOS 5.7 Generic_106541-08 sun4m sparc SUNW,SPARCstation-20
DNS server: BIND-8.2.5-p5
/etc/nsswitch.conf:
hosts: files nis dns

Today, www.caiso.com keeps changing their IP address. But
whenI did "ypcat www.caiso.com hosts" and "nslookup www.caiso.com",
the result (IP address) mismatch.

yinhe# ypmatch www.caiso.com hosts
216.102.255.66  www.caiso.com

yinhe# nslookup www.caiso.com
Server:  yinhe.hottestnet.com
Address:  64.128.98.57

Name:    www.caiso.com
Address:  64.95.119.68

BTW, I already flushed the nscd by doing:
/etc/rc2.d/S76nscd stop;
/etc/rc2.d/S76nscd start

If you have a chance, you can do the same commands on you Sun system
(do it several times), you will find same problem.

Could some explain me why?
How does "ypmatch xxx hosts" work? It uses DNS? If yes, why they mismatch?

Thanks.

 
 
 

ypmatch xxx hosts & nslookup xxx mismatch

Post by Casper H.S. Dik - Network Security Engine » Sun, 09 Dec 2001 17:41:08


[[ PLEASE DON'T SEND ME EMAIL COPIES OF POSTINGS ]]


>Today, www.caiso.com keeps changing their IP address. But
>whenI did "ypcat www.caiso.com hosts" and "nslookup www.caiso.com",
>the result (IP address) mismatch.
>yinhe# ypmatch www.caiso.com hosts
>216.102.255.66  www.caiso.com

Probably still cached in th NIS server.

Quote:>BTW, I already flushed the nscd by doing:
>/etc/rc2.d/S76nscd stop;
>/etc/rc2.d/S76nscd start

Not involved in either nslookup or ypmatch.

Quote:>If you have a chance, you can do the same commands on you Sun system
>(do it several times), you will find same problem.

Probably not; unless those systems also cached the result.

Quote:>Could some explain me why?
>How does "ypmatch xxx hosts" work? It uses DNS? If yes, why they mismatch?

ypmatch contacts the NIS server; the NIS serer first looks in the
NIS maps (try "ypcat hosts |grep www.caiso.com" to see if the host
is directly included in the map) then it contacts rpc.nisd_resolv (or
some such) to do the name resolution for it.

The daemon may cache the results.

Casper
--
Expressed in this posting are my opinions.  They are in no way related
to opinions held by my employer, Sun Microsystems.
Statements on Sun products included here are not gospel and may
be fiction rather than truth.

 
 
 

1. question: Who is xxx.xxx.xxx.xxx tell xxx.yyy.yyy.zzz

This morning I noticed the activity LED on my cable modem has been going
nuts with loads of network traffic. I'm just sitting there not doing
anything. I'm using a Mandrake 7.2 box with IPCHAINS and Portsentry.

I checked my log files and Portsentry mail and see lots of DENY stuff.

I then fired up ethereal and start capturing. I see page after page of
messages such as:

Who has 24.177.63.127 Tell 65.112.55.123

The numbers are not accurate (I can post them if needed), but the messages
are all the same with differing IP numbers on both sides.

What does this mean? I called my broadband provider and they said they had
no idea.

Has my system been hacked?

Thanks,
Paul Nixon

2. DOSEMU-0.6.4 compiles OK but insmod won't load.

3. Arpresolve error: can't allocate llinfo for xxx.xxx.xxx.xxx

4. Trouble with CRON and starting PPP connect

5. These "ICMP redirect from xxx.xxx.xxx.xxx" errors

6. Apache and JAVA .class

7. Installation freezing at "Add default route xxx.xxx.xxx.xxx" with NE2000 card

8. HELP! pppd-trouble getting Permission denied error message

9. kernel: ICMP: xxx.xxx.xxx.xxx: Source route failed

10. Telnet xxx.xxx.xxx.xxx 25

11. Arpresolve error: can't allocate llinfo for xxx.xxx.xxx.xxx

12. Netstat returns IP= xxx.xxx.xxx.xxx.blackjack what's up?

13. ICMP: xxx.xxx.xxx.xxx Source Route Failed ?