Re: Changed IP - DNS strangely cached?

From: David Croft (david@infotrek.co.uk)
Date: Fri Feb 15 2002 - 15:43:29 EST


Doh! I just realised when looking at this again that these messages are
actually coming from NetSaint, not sysmon. Apparently it's still running.
Sorry for wasting your time!

Regards,

David

-- 
|> /+\ \| | |>

David Croft Infotrek On Fri, 15 Feb 2002, Jared Mauch wrote:

> On Fri, Feb 15, 2002 at 02:47:49PM -0500, David Croft wrote: > > > > Hi, > > > > I have a config file which specifies each object's 'ip' field as a > > hostname rather than an IP address. > > > > A few weeks ago I changed the IP address of one of the monitored machines > > in the DNS. I can confirm that this successfully propagated to the > > secondary DNS. > > > > However I still get e-mail alerts from sysmon stating "DNS CRITICAL - No > > response from server" and "Network is unreachable" on the two services > > that are monitored on that machine (dns and smtp). The e-mail shows it is > > trying to monitor the OLD ip address. > > Hmm. Is this machine running solaris? > > > Interestingly, these services never appear on the sysmon status display, > > neither in the curses interface, java client nor html page. The only > > problem is the e-mail sent. > > > > I have killed sysmon repeatedly and restarted it. I have confirmed that a > > nslookup from that machine returns the correct address. There is nothing > > in /etc/hosts. I have tried setting the dnsexpire to 1. > > > > My only guess at this point is that sysmon has a DNS cache file hidden > > somewhere but I can't find anything like that. > > There is no such file. > > > The only other noteworthy point is that this was previously a /24 network > > but it has now been subnetted, so the old address for this machine > > (x.x.x.16) is actually now a subnet address. I don't see how this would > > affect sysmon keeping the old IP address across a restart. > > i assume the netmasks on all the machines are > correct now also. > > > > Any ideas? > > if you are running solaris or any other operating system > that has "nscd" you may be running into a situation whereby > this caches information. > > here's how it works: > > process->libc->nscd->dns query > > but nslookup just does > > process->dns query > > does "ping" report the correct ip address? what about > telnet X ? > > these all use the libc gethostbyname function call to get > the remote systems ip instead of a direct dns query based off > of the first resolver in /etc/resolv.conf > > - jared > > > > > > Thanks. > > > > David > > > > -- > > |> /+\ \| | |> > > > > David Croft > > Infotrek > > -- > Jared Mauch | pgp key available via finger from jared@puck.nether.net > clue++; | http://puck.nether.net/~jared/ My statements are only mine. >



This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:14:07 EDT