Ubuntu name lookup: DNS vs NSS

Usually when I want to look up a domain name, I use the “dig” or “host” command. This issues a live DNS request to the configured DNS servers and you get a response from DNS. Sometimes I use “whois” on the domain first to find the domain authority, then do a “dig @server name” to find the actual live authoritative response, bypassing whatever cache my usual resolver (Google DNS) has.

But client programs on Ubuntu don’t issue DNS queries directly. They use NSS, the Name Service Switch, as configured in /etc/nsswitch.com. (In the long long ago a similar system was named YP, for Yellow Page). NSS often ends up using DNS to resolve a hostname. But it also uses local files like /etc/hosts. I’ve always had some fear it did its own caching too, although I don’t think my system does. There’s a daemon called nscd that would do caching, but I don’t have it installed.

Anyway, ordinary programs like “ssh” or “ping” don’t use DNS directly, they use NSS to look up IP addresses. So how do you query what NSS would do? The getent program.

$ getent ahosts google.com STREAM google.com DGRAM RAW
2607:f8b0:4000:80d::200e STREAM
2607:f8b0:4000:80d::200e DGRAM
2607:f8b0:4000:80d::200e RAW

That’s returning a lot of data! “getent hosts google.com” returns a single address, which is generally what you mean. But for Google that gives you an IPv6 address. The “ahosts” command prints all possible matches, which is useful for debugging.

I’m digging into all this because of a frustrating problem with a freedns dynamic DNS name I use for my home machine. Every six months they decide I’m inactive and change the address to some domain parking page. In theory they email me a warning but it never gets through. So it breaks scripts I have that use the name to access to my home network. And I dutifully log in an re-enable my account, but it takes awhile for the changes to propagate.

After I re-enabled my account, “host” and “dig” would show the right address but “ping” or “ssh” would use the wrong address. Turns out if a domain is disabled freedns sets its A records to both and, their parking web server. So that’s confusing. On top of that they set a TTL for one hour, which is kind of awful for something you’re trying to update. But I think my real problem was that one Google name server had cached the old bad address but another had cached the good new address, so queries were giving me random ones.

I’m going to just add a manual entry to /etc/hosts for now until that hour period is up.