Section 41.5. DNS Errors

41.5. DNS Errors

DNS errors can often cause problems for seemingly unrelated services. This is because DNS is a foundational service; a problem with DNS will likely manifest itself in other services, often in seemingly strange and unpredictable ways.

For instance, a resolver (i.e., a DNS client) first conducts a reverse DNS lookup and then a forward lookup. If a conflict exists between a reverse and a forward lookup, the network connection may fail. SSH and Kerberos servers often rely on reverse DNS lookups as one of the ways to help verify that a system is exactly what it purports to be. Thus, an improper entry in the reverse DNS lookup zone can often cause an SSH connection to fail. The error returned by the SSH client may refer to an authentication problem, when the real problem is with DNS. The same problem has also been known to affect the performance of some TCP wrappers implementations.

Sometimes, a slow DNS server can cause similar authentication problems with SSH, Kerberos, and other daemons. If this is the case, investigate why the DNS response is slow. You may find a problem with the DNS server itself. Or the network connection between your network and the DNS server may be experiencing a problem.

In the case of a seemingly random DNS client problem, use the nslookup, dig, or host command to discover the DNS server and then compare this information in the /etc/resolv.conf file. If the lookup fails and you are sure that DNS is working properly, try using the search keyword in /etc/resolv.conf and specify the domain your system is in. Even though you have specified the correct DNS server, your system may think that it belongs to a different domain. If you place the correct search entry into /etc/resolv.conf, this might solve your connectivity issue.