#StackBounty: #centos #dns #hosts Device or resource busy – getaddrinfo

Bounty: 50

I’m on a CentOS 7 VM running PG, MariaDB, sidekiq and apache httpd. Sometimes my logs are spammed with errors such as:

unable to resolve address: System error

WARN: Mysql2::Error::ConnectionError: Unknown MySQL server host 'mariadb' (16)

WARN: PG::ConnectionBad: could not translate host name "postgres" to address: System error

WARN -- : Unable to record event with remote Sentry server (Errno::EBUSY - Failed to open TCP connection to o383708.ingest.sentry.io:443 (Device or resource busy - getaddrinfo)):

All these hosts (except the sentry service) are set to 127.0.0.1 in my /etc/hosts file.

Pinging the host names appears to work from the console, these errors pop up in various application logs during runtime.

lsof | wc -l => 700k (max 1.6M)

The VM is under no significant load (10% load average). No attacks or rootkits or anything like that.

My hosts file:

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

127.0.0.1 mariadb
127.0.0.1 postgres
127.0.0.1 mongodb
127.0.0.1 redis
127.0.0.1 memcached
127.0.0.1 socketcluster

Anyone know what’s going on? Why can’t getaddrinfo open the hosts file???

Adding a bounty to this question. Please no freeloading.


Get this bounty!!!

#StackBounty: #apache #dns Apache : www.fakedomain.com works not https://fakedomain.com

Bounty: 50

I have apache server serving fakedomain.com with following vhost conf.

<VirtualHost *:80>
    DocumentRoot /var/www/master/public_html
    ServerName www.fakedomain.com
    ServerAlias fakedomain.com
    ServerPath /var/www/master/public_html
    CustomLog /var/log/apache2/fakedomain/master-access.log combined
    ErrorLog /var/log/apache2/fakedomain/master-error.log
    #LogLevel debug

      <Directory /var/www/master/public_html>
            Options -Indexes +FollowSymLinks
            Order Allow,Deny
            Allow from All
      </Directory>
    RewriteEngine On
    RewriteRule ^(/www/.*) /www/fakedomain.com$1
    RewriteCond %{HTTPS} !=on
    RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
    RewriteCond %{HTTP:X-Forwarded-Proto} =http
    RewriteRule .* https://%{HTTP:Host}%{REQUEST_URI} [L,R=permanent]
    RewriteCond %{HTTP_ACCEPT} image/webp
    RewriteCond %{REQUEST_URI}  (?i)(.*)(.jpe?g|.png)$
    RewriteCond %{DOCUMENT_ROOT}%1.webp -f
    RewriteRule (?i)(.*)(.jpe?g|.png)$ %1.webp [L,T=image/webp,R]
</VirtualHost>

<VirtualHost *:443>
    DocumentRoot /var/www/master/public_html
    ServerName www.fakedomain.com
    ServerAlias fakedomain.com
    ServerPath /var/www/master/public_html
    CustomLog /var/log/apache2/fakedomain/master-access.log combined
    ErrorLog /var/log/apache2/fakedomain/master-error.log

    <Directory /var/www/master/public_html>
        Options -Indexes +FollowSymLinks
            Order Allow,Deny
            Allow from All
    </Directory>

    RewriteEngine On
    RewriteRule ^(/www/.*) /www/fakedomain.com$1
    RewriteCond %{HTTPS} !=on
    RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
    RewriteCond %{HTTP_ACCEPT} image/webp
    RewriteCond %{REQUEST_URI}  (?i)(.*)(.jpe?g|.png)$
    RewriteCond %{DOCUMENT_ROOT}%1.webp -f
    RewriteRule (?i)(.*)(.jpe?g|.png)$ %1.webp [L,T=image/webp,R]
    SSLEngine On
    ServerSignature On
    SSLCertificateFile /etc/ssl/certs/star_fakedomain_com_05_2020.crt
    SSLCertificateKeyFile /etc/ssl/private/star_fakedomain_com.key
    SSLCertificateChainFIle /etc/ssl/certs/DigiCertCA.crt
</VirtualHost>

I am able to access www.fakedomain.com but not https://fakedomain.com and gets ERR_CONNECTION_TIMED_OUT error

This apache running on ec2 and behind classic ELB. www.fakedomain.com & fakedomain.com are A record in DYN dns.

Everything works fine when DNS directly pointed to
I have DNS record for www.fakedomain.com & fakedomain.com. Also tried to swap ServerName & ServerAlias, but no luck. Anyone point out whats wrong here ?


Get this bounty!!!

#StackBounty: #networking #dns #openvpn How to remove nameservers from resolv.conf after vpn disconnect?

Bounty: 50

I have this resolv.conf even after disconnecting from VPN server (connection was established using openvpn --config <path>.ovpn):

# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
# 127.0.0.53 is the systemd-resolved stub resolver.
# run "systemd-resolve --status" to see details about the actual nameservers
nameserver 10.4.X.X
nameserver 10.4.Y.Y
nameserver 127.0.0.53
search Z.ac.in

I want to get rid of search Z.ac.in and the 10.4 ns. However, I can’t find them in /etc/resolvconf/resolv.conf.d/{head,base,tail}. I even did grep 10.4.X.X inside the /etc/resolvconf directory with no result. Similarly, my /etc/network/interfaces file is mostly empty:

# interfaces(5) file used by ifup(8) and ifdown(8)
auto lo
iface lo inet loopback

For now I have just been restarting my pc to remove them. But how to remove them properly from the resolv.conf file?


Get this bounty!!!

#StackBounty: #networking #windows-10 #dns Multiple websites timing out only on my device and not others, can only be connected to via …

Bounty: 100

This happened all of a sudden. I first noticed when packages wouldn’t load in Visual Studio’s NuGet Package Manager.

Upon further investigation (and, ironically, due to it) I’ve noticed a lot of sites are refusing to connect. Examples being:

Doing an nslookup I get this result:

nslookup developercommunity.visualstudio.com
Server:  UnKnown
Address:  192.168.42.129

Non-authoritative answer:
Name:    vsf-prod.westus.cloudapp.azure.com
Address:  138.91.249.18
Aliases:  developercommunity.visualstudio.com

Ping:

ping https://developercommunity.visualstudio.com/
Ping request could not find host https://developercommunity.visualstudio.com/. Please check the name and try again.

Pathping:

pathping developercommunity.visualstudio.com

Tracing route to vsf-prod.westus.cloudapp.azure.com [138.91.249.18]
over a maximum of 30 hops:
  0  DESKTOP-MDKBS3O [192.168.42.182]
  1  192.168.42.129
  2  Linksys05191 [10.40.161.215]
  3  192.168.1.1
  4  172.30.96.51
  5  172.30.96.1
  6     *        *        *
Computing statistics for 125 seconds...
            Source to Here   This Node/Link
Hop  RTT    Lost/Sent = Pct  Lost/Sent = Pct  Address
  0                                           DESKTOP-MDKBS3O [192.168.42.182]
                                0/ 100 =  0%   |
  1    0ms     0/ 100 =  0%     0/ 100 =  0%  192.168.42.129
                                0/ 100 =  0%   |
  2   11ms     0/ 100 =  0%     0/ 100 =  0%  Linksys05191 [10.40.161.215]
                                0/ 100 =  0%   |
  3   11ms     0/ 100 =  0%     0/ 100 =  0%  192.168.1.1
                                0/ 100 =  0%   |
  4   20ms     0/ 100 =  0%     0/ 100 =  0%  172.30.96.51
                                0/ 100 =  0%   |
  5   23ms     0/ 100 =  0%     0/ 100 =  0%  172.30.96.1

Trace complete.

Disabling anti-virus and firewall doesn’t help.

After doing an in-place Windows 10 install, the issue was fixed for 5 days. The sites stopped working again today, and upon trying the in-place install again, nothing happened. Only difference was that last time the install caused an update as I was on 1903.

Using a VPN fixes the problem. However, it is not my ISP blocking the sites as they work fine on other devices even without a VPN.


Get this bounty!!!

#StackBounty: #google-cloud-platform #dns GCP – HTTPS and subdomains in different environments

Bounty: 500

I currently have a GKE cluster and service set up at app.companyname.com. It lives in the prod GCP “project”. I am now spinning up a dev project, and it’s all good, except I don’t know what to do with the domain name and certificate settings. I want the app available at dev.companyname.com

  1. Do I have a public DNS zone per project, or should I have one, in the prod enviromment that dev accesses somehow? Do they share nameserver settings? Does the prod project forward to the dev project?

  2. Do I have a separate SSL certificates, one per environment? Or one in prod environment that dev accesses.

What is the general overview on how this should be set up with GCP?

enter image description here


Get this bounty!!!

#StackBounty: #networking #18.04 #server #dns Ubuntu 18.04 DNS resolution fails after a while

Bounty: 50

When I ping google.com on my Ubuntu 18.04, it gives me

ping: google.com: Temporary failure in name resolution

I would then proceed to run

sudo service systemd-resolved start

My /etc/resolv.conf has a symbolic link as shown

/etc/resolv.conf -> /run/systemd/resolve/stub-resolv.conf

The content is as follow

# This file is managed by man:systemd-resolved(8). Do not edit.
#
# This is a dynamic resolv.conf file for connecting local clients to the
# internal DNS stub resolver of systemd-resolved. This file lists all
# configured search domains.
#
# Run "systemd-resolve --status" to see details about the uplink DNS servers
# currently in use.
#
# Third party programs must not access this file directly, but only through the
# symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way,
# replace this symlink by a static file or a different symlink.
#
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.

nameserver 127.0.0.53
options edns0

My question is after running sudo service systemd-resolved start, it would work for a while (Maybe couple of hours), then when i ping google.com again, it would give the name resolution error. How can I permanently enable my system to resolve name resolution? I believe it is something to do with the systemd-resolved? Have been experiencing this over a couple of days. Thanks


Get this bounty!!!

#StackBounty: #python #dns #twisted Mock DNS server using Twisted

Bounty: 100

I’m trying to write a Twisted-based mock DNS server to do some tests.

Taking inspiration from this guide I wrote a very simple server that just resolves everything to 127.0.0.1:

from twisted.internet import defer, reactor
from twisted.names import dns, error, server


class MockDNSResolver:

    def _doDynamicResponse(self, query):
        name = query.name.name
        record = dns.Record_A(address=b"127.0.0.1")
        answer = dns.RRHeader(name=name, payload=record)
        authority = []
        additional = []
        return , authority, additional

    def query(self, query, timeout=None):
        print("Incoming query for:", query.name)
        if query.type == dns.A:
            return defer.succeed(self._doDynamicResponse(query))
        else:
            return defer.fail(error.DomainError())


if __name__ == "__main__":
    clients = [MockDNSResolver()]
    factory = server.DNSServerFactory(clients=clients)
    protocol = dns.DNSDatagramProtocol(controller=factory)
    reactor.listenUDP(10053, protocol)
    reactor.listenTCP(10053, factory)
    reactor.run()

The above is working just fine with dig and nslookup (from a different terminal):

$ dig -p 10053 @localhost something.example.org A +short
127.0.0.1

$ nslookup something.else.example.org 127.0.0.1 -port=10053
Server:     127.0.0.1
Address:    127.0.0.1#10053

Non-authoritative answer:
Name:   something.else.example.org
Address: 127.0.0.1

I’m also getting the corresponding hits on the terminal that’s running the server:

Incoming query for: something.example.org
Incoming query for: something.else.example.org

Then, I wrote the following piece of code, based on this section about making requests and this section about installing a custom resolver:

from twisted.internet import reactor
from twisted.names.client import createResolver
from twisted.web.client import Agent


d = Agent(reactor).request(b'GET', b'http://does.not.exist')
reactor.installResolver(createResolver(servers=[('127.0.0.1', 10053)]))


def callback(result):
    print('Result:', result)


d.addBoth(callback)
d.addBoth(lambda _: reactor.stop())

reactor.run()

But this fails (and I get no lines in the server terminal). It appears as if the queries are not going to the mock server, but to the system-defined server:

Result: [Failure instance: Traceback: <class 'twisted.internet.error.DNSLookupError'>: DNS lookup failed: no results for hostname lookup: does.not.exist.
/.../venv/lib/python3.6/site-packages/twisted/internet/_resolver.py:137:deliverResults
/.../venv/lib/python3.6/site-packages/twisted/internet/endpoints.py:921:resolutionComplete
/.../venv/lib/python3.6/site-packages/twisted/internet/defer.py:460:callback
/.../venv/lib/python3.6/site-packages/twisted/internet/defer.py:568:_startRunCallbacks
--- <exception caught here> ---
/.../venv/lib/python3.6/site-packages/twisted/internet/defer.py:654:_runCallbacks
/.../venv/lib/python3.6/site-packages/twisted/internet/endpoints.py:975:startConnectionAttempts
]

I’m using:

  • macOS 10.14.6 Python 3.6.6, Twisted 18.9.0
  • Linux Mint 19.1, Python 3.6.9, Twisted 19.7.0

I appreciate any help, please let me know if additional information is required.

Thanks!


Get this bounty!!!

#StackBounty: #android #dns #github-pages #nslookup #dig My users get "net::err_name_not_resolved"

Bounty: 50

I did get messages from android phone users that my website is not loading.

When an android phone clicks on a link to go to my website it gets the error: net::err_name_not_resolved

On computers and iPhones, I don’t get the error.
When the android user copies the link and pastes it into the browser the website loads correctly.

Link to my website:
https://www.losangelestorrevieja.com

I have custom resource records from google:

  • Name: *
  • type:CNAME
  • Info:www.losangelestorrevieja.com.

.

  • Name: wwww
  • type:CNAME
  • Info:enzotrompeneers.github.io.

if I nslookup www.losangelestorrevieja.com I don’t receive an IP address


Get this bounty!!!

#StackBounty: #networking #macos #dns #mdns Multicast DNS really slow to respond in macOS Mojave

Bounty: 100

I have a Macbook Air running 10.14 Mojave, and an iPhone with a certain app that needs to sync via WebDAV with the Mac from time to time. The way I configured it is to add in the app’s settings http://my-macbook-air.local as the WebDAV server. Both devices are connected to the same local subnet, using 192.168.1.X as the IP range, etc.

Anyway, this didn’t happen when the Mac was running 10.13, but ever since I upgraded to Mojave, most of the time the iPhone takes forever to find the Mac via multicast DNS. I try to sync and it says that it can’t find http://my-macbook-air.local for about 5 minutes… until it finally resolves. I have also checked using a Ping app in my iPhone: I tell it to ping my-macbook-air.local and it doesn’t find the host for minutes… until it finally finds it.

What’s going on?


Get this bounty!!!

#StackBounty: #pi-2 #dns #raspbian-buster #pi-hole PiHole not resolving local DNS entries

Bounty: 50

I have a piHole set up on my network with address 192.168.2.10
My router is 192.168.2.1 and the DNS settings on the router point to 192.168.2.10 meaning all traffic that goes via the router (which is everything) uses the local pihole for DNS. The router’s firmware is DD-WRT v3.0-r33413 mini (09/27/17)

This is working great and ads are being blocked as expected, however, I want to add some local network DNS entries.

As an example, I want to be able to type http://router in a web browser and have that resolve to http://192.168.2.1

I have followed this tutorial but had no luck (I even restarted the pi)
When I try to ping router or ping router.local from my Windows machine, I get a could not find host error. However, I can ping router from the pi but I can’t ping router.local

My etc/pihole/lan.list looks like this

192.168.2.1 router.local router

I have also tried adding the same entry as above to the /etc/hosts file again with no luck.

What am I missing here?


Get this bounty!!!