Re: Changed IP - DNS strangely cached?

• Next message: David Croft: "Re: Changed IP - DNS strangely cached?"
• Previous message: David Croft: "Changed IP - DNS strangely cached?"
• In reply to: David Croft: "Changed IP - DNS strangely cached?"
• Next in thread: David Croft: "Re: Changed IP - DNS strangely cached?"
• Reply: David Croft: "Re: Changed IP - DNS strangely cached?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

On Fri, Feb 15, 2002 at 02:47:49PM -0500, David Croft wrote:
>
> Hi,
>
> I have a config file which specifies each object's 'ip' field as a
> hostname rather than an IP address.
>
> A few weeks ago I changed the IP address of one of the monitored machines
> in the DNS. I can confirm that this successfully propagated to the
> secondary DNS.
>
> However I still get e-mail alerts from sysmon stating "DNS CRITICAL - No
> response from server" and "Network is unreachable" on the two services
> that are monitored on that machine (dns and smtp). The e-mail shows it is
> trying to monitor the OLD ip address.

        Hmm. Is this machine running solaris?

> Interestingly, these services never appear on the sysmon status display,
> neither in the curses interface, java client nor html page. The only
> problem is the e-mail sent.
>
> I have killed sysmon repeatedly and restarted it. I have confirmed that a
> nslookup from that machine returns the correct address. There is nothing
> in /etc/hosts. I have tried setting the dnsexpire to 1.
>
> My only guess at this point is that sysmon has a DNS cache file hidden
> somewhere but I can't find anything like that.

        There is no such file.

> The only other noteworthy point is that this was previously a /24 network
> but it has now been subnetted, so the old address for this machine
> (x.x.x.16) is actually now a subnet address. I don't see how this would
> affect sysmon keeping the old IP address across a restart.

        i assume the netmasks on all the machines are
correct now also.

> Any ideas?

        if you are running solaris or any other operating system
that has "nscd" you may be running into a situation whereby
this caches information.

        here's how it works:

process->libc->nscd->dns query

        but nslookup just does

process->dns query

        does "ping" report the correct ip address? what about
telnet X ?

        these all use the libc gethostbyname function call to get
the remote systems ip instead of a direct dns query based off
of the first resolver in /etc/resolv.conf

        - jared

>
> Thanks.
>
> David
>
> --
> |> /+\ \| | |>
>
> David Croft
> Infotrek

-- 
Jared Mauch  | pgp key available via finger from jared@puck.nether.net
clue++;      | http://puck.nether.net/~jared/  My statements are only mine.

• Next message: David Croft: "Re: Changed IP - DNS strangely cached?"
• Previous message: David Croft: "Changed IP - DNS strangely cached?"
• In reply to: David Croft: "Changed IP - DNS strangely cached?"
• Next in thread: David Croft: "Re: Changed IP - DNS strangely cached?"
• Reply: David Croft: "Re: Changed IP - DNS strangely cached?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:14:07 EDT