Hi, I found a problem with the DNS resolution in a Solaris 10 DomU. The Test Environment was: I installed the Xen bfu on top of Solaris snv43 and booted the Dom0 with Solaris. Then I installed and booted a Solaris 10 DomU. In the Solaris 10 Dom0 the DNS resolution works; in the Solaris 10 DomU the DNS resolution does not work as expected: Inside the Solaris 10 DomU I can''t use hostnames resolved by the DNS, e.g. bash-3.00# ping www.heise.de ping: unknown host www.heise.de The name resolution via /etc/hosts works: bash-3.00# tail -1 /etc/hosts 152.2.210.80 ibiblio.org bash-3.00# ping ibiblio.org ibiblio.org is alive nslookup works also: bash-3.00# nslookup www.heise.de Server: 192.168.178.1 Address: 192.168.178.1#53 Non-authoritative answer: Name: www.heise.de Address: 193.99.144.85 And I can ping the machine via it''s IP address: bash-3.00# ping 193.99.144.85 193.99.144.85 is alive The /etc/nsswitch.conf and /etc/resolv.conf are okay: bash-3.00# egrep "hosts|ipnodes" /etc/nsswitch.conf | grep -v "^#" hosts: files dns ipnodes: files dns bash-3.00# cat /etc/resolv.conf domain isbs.de nameserver 192.168.178.1 Because I can reach the machines via there IP address the IP and routing configuration is also okay. A truss on ping gives the following results: bash-3.00# truss ping www.heise.de execve("/usr/sbin/ping", 0x08047E84, 0x08047E90) argc = 2 resolvepath("/usr/lib/ld.so.1", "/lib/ld.so.1", 1023) = 12 resolvepath("/usr/sbin/ping", "/usr/sbin/ping", 1023) = 14 sysconfig(_CONFIG_PAGESIZE) = 4096 xstat(2, "/usr/sbin/ping", 0x08047C48) = 0 open("/var/ld/ld.config", O_RDONLY) Err#2 ENOENT xstat(2, "/lib/libxnet.so.1", 0x08047448) = 0 resolvepath("/lib/libxnet.so.1", "/lib/libxnet.so.1", 1023) = 17 open("/lib/libxnet.so.1", O_RDONLY) = 3 mmap(0x00010000, 4096, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_ALIGN, 3, 0) = 0xC6FC0000 mmap(0x00001000, 8192, PROT_NONE, MAP_PRIVATE|MAP_NORESERVE|MAP_ANON|MAP_ALIGN, -1, 0) = 0xC6FB0000 mmap(0xC6FB0000, 5292, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_TEXT, 3, 0) = 0xC6FB0000 mmap(0x00000000, 4096, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_ANON, -1, 0) = 0xC6FA0000 close(3) = 0 xstat(2, "/lib/libsocket.so.1", 0x08047448) = 0 resolvepath("/lib/libsocket.so.1", "/lib/libsocket.so.1", 1023) = 19 open("/lib/libsocket.so.1", O_RDONLY) = 3 mmap(0xC6FC0000, 4096, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 0) = 0xC6FC0000 mmap(0x00010000, 114688, PROT_NONE, MAP_PRIVATE|MAP_NORESERVE|MAP_ANON|MAP_ALIGN, -1, 0) = 0xC6F80000 mmap(0xC6F80000, 44258, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_TEXT, 3, 0) = 0xC6F80000 mmap(0xC6F9B000, 2613, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_INITDATA, 3, 45056) = 0xC6F9B000 munmap(0xC6F8B000, 65536) = 0 memcntl(0xC6F80000, 11716, MC_ADVISE, MADV_WILLNEED, 0, 0) = 0 close(3) = 0 xstat(2, "/lib/libnsl.so.1", 0x08047448) = 0 resolvepath("/lib/libnsl.so.1", "/lib/libnsl.so.1", 1023) = 16 open("/lib/libnsl.so.1", O_RDONLY) = 3 mmap(0xC6FC0000, 4096, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 0) = 0xC6FC0000 mmap(0x00010000, 643072, PROT_NONE, MAP_PRIVATE|MAP_NORESERVE|MAP_ANON|MAP_ALIGN, -1, 0) = 0xC6EE0000 mmap(0xC6EE0000, 529981, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_TEXT, 3, 0) = 0xC6EE0000 mmap(0xC6F72000, 20397, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_INITDATA, 3, 532480) = 0xC6F72000 mmap(0xC6F77000, 22816, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANON, -1, 0) = 0xC6F77000 munmap(0xC6F62000, 65536) = 0 memcntl(0xC6EE0000, 56996, MC_ADVISE, MADV_WILLNEED, 0, 0) = 0 close(3) = 0 xstat(2, "/lib/libm.so.2", 0x08047448) = 0 resolvepath("/lib/libm.so.2", "/lib/libm.so.2", 1023) = 14 open("/lib/libm.so.2", O_RDONLY) = 3 mmap(0xC6FC0000, 4096, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 0) = 0xC6FC0000 mmap(0x00010000, 364544, PROT_NONE, MAP_PRIVATE|MAP_NORESERVE|MAP_ANON|MAP_ALIGN, -1, 0) = 0xC6E80000 mmap(0xC6E80000, 284148, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_TEXT, 3, 0) = 0xC6E80000 mmap(0xC6ED5000, 14760, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_INITDATA, 3, 282624) = 0xC6ED5000 munmap(0xC6EC6000, 61440) = 0 memcntl(0xC6E80000, 22716, MC_ADVISE, MADV_WILLNEED, 0, 0) = 0 close(3) = 0 xstat(2, "/lib/libinetutil.so.1", 0x08047448) = 0 resolvepath("/lib/libinetutil.so.1", "/lib/libinetutil.so.1", 1023) = 21 open("/lib/libinetutil.so.1", O_RDONLY) = 3 mmap(0xC6FC0000, 4096, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 0) = 0xC6FC0000 mmap(0x00000000, 4096, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_ANON, -1, 0) = 0xC6E70000 mmap(0x00010000, 81920, PROT_NONE, MAP_PRIVATE|MAP_NORESERVE|MAP_ANON|MAP_ALIGN, -1, 0) = 0xC6E50000 mmap(0xC6E50000, 8963, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_TEXT, 3, 0) = 0xC6E50000 mmap(0xC6E63000, 372, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_INITDATA, 3, 12288) = 0xC6E63000 munmap(0xC6E53000, 65536) = 0 memcntl(0xC6E50000, 2760, MC_ADVISE, MADV_WILLNEED, 0, 0) = 0 close(3) = 0 xstat(2, "/lib/libc.so.1", 0x08047448) = 0 resolvepath("/lib/libc.so.1", "/lib/libc.so.1", 1023) = 14 open("/lib/libc.so.1", O_RDONLY) = 3 mmap(0xC6FC0000, 4096, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 0) = 0xC6FC0000 mmap(0x00010000, 897024, PROT_NONE, MAP_PRIVATE|MAP_NORESERVE|MAP_ANON|MAP_ALIGN, -1, 0) = 0xC6D70000 mmap(0xC6D70000, 794871, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_TEXT, 3, 0) = 0xC6D70000 mmap(0xC6E43000, 23778, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_INITDATA, 3, 798720) = 0xC6E43000 mmap(0xC6E49000, 5152, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANON, -1, 0) = 0xC6E49000 munmap(0xC6E33000, 65536) = 0 memcntl(0xC6D70000, 120792, MC_ADVISE, MADV_WILLNEED, 0, 0) = 0 close(3) = 0 mmap(0x00000000, 4096, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_ANON, -1, 0) = 0xC6D60000 munmap(0xC6FC0000, 4096) = 0 mmap(0x00010000, 24576, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_ANON|MAP_ALIGN, -1, 0) = 0xC6D50000 getcontext(0x080479F0) getrlimit(RLIMIT_STACK, 0x080479E8) = 0 getpid() = 103279 [103278] lwp_private(0, 1, 0xC6D52000) = 0x000001C3 setustack(0xC6D52060) sigfillset(0xC6E49578) = 0 sysi86(SI86FPSTART, 0xC6E49AEC, 0x0000133F, 0x00001F80) = 0x00000001 getuid() = 0 [0] getuid() = 0 [0] fstat64(1, 0x08047CF0) = 0 getpid() = 103279 [103278] sysconfig(_CONFIG_PAGESIZE) = 4096 open("/etc/netconfig", O_RDONLY) = 3 fstat64(3, 0x08047580) = 0 brk(0x0809BE78) = 0 brk(0x0809FE78) = 0 fstat64(3, 0x080474A0) = 0 ioctl(3, TCGETA, 0x0804754C) Err#25 ENOTTY read(3, " # C D D L H E A D E".., 8192) = 2150 read(3, 0x0809BE84, 8192) = 0 llseek(3, 0, SEEK_CUR) = 2150 llseek(3, 0, SEEK_SET) = 0 read(3, " # C D D L H E A D E".., 8192) = 2150 read(3, 0x0809BE84, 8192) = 0 llseek(3, 0, SEEK_CUR) = 2150 close(3) = 0 open("/dev/udp", O_RDONLY) = 3 ioctl(3, SIOCGLIFNUM, 0x08047A64) = 0 close(3) = 0 open("/dev/udp6", O_RDONLY) = 3 ioctl(3, SIOCGLIFNUM, 0x08047A84) = 0 close(3) = 0 open("/dev/udp", O_RDONLY) = 3 ioctl(3, SIOCGLIFNUM, 0x08047A84) = 0 close(3) = 0 brk(0x0809FE78) = 0 brk(0x080A1E78) = 0 open64("/var/run/name_service_door", O_RDONLY) = 3 fcntl(3, F_SETFD, 0x00000001) = 0 door_info(3, 0xC6E491F0) = 0 door_call(3, 0x080459F8) = 0 door_info(3, 0x080459C0) = 0 door_call(3, 0x080459F8) = 0 fstat64(2, 0x08046E20) = 0 pingwrite(2, " p i n g", 4) = 4 : unknownwrite(2, " : u n k n o w n", 9) = 9 host write(2, " h o s t ", 6) = 6 www.heise.dewrite(2, " w w w . h e i s e . d e", 12) = 12 write(2, "\n", 1) = 1 _exit(1) bash-3.00# While doing the "ping www.heise.de" I can not see any traffic between the DomU and the nameserver via snoop in the Dom0. It this a known bug? regards Bernd -- Bernd Schemmer, Frankfurt am Main, Germany http://home.arcor.de/bnsmb/index.html Más temprano que tarde el mundio cambiará Fidel Castro
On Tue, Aug 01, 2006 at 11:49:07PM +0000, Bernd Schemmer wrote:> bash-3.00# ping www.heise.de > ping: unknown host www.heise.de> nslookup works also:This is odd, but it''s not obvious how it can be Xen related. What does getent hosts www.heise.de say? Do you get anything interesting in nscd.log if you enable it (/etc/nscd.conf)? Does restarting nscd help at all? regards john
Bernd Schemmer
2006-Aug-03 00:02 UTC
Re: DNS resolutions is not working in a Solaris 10 DomU
Bernd Schemmer wrote: fyi: The problem also exists in a Solaris DomU created with minimal necessary number of packages. The problem does not exist in a Linux DomU. regards Bernd -- Bernd Schemmer, Frankfurt am Main, Germany http://home.arcor.de/bnsmb/index.html Más temprano que tarde el mundio cambiará Fidel Castro
Chris Brookes
2006-Aug-03 18:10 UTC
re: DNS resolutions is not working in a Solaris 10 DomU
>Very strange - now it works. I did not change anything since yesterday >-only shutdown the Laptop and rebooted it today.I''ve seen this sort of thing occur when there''s been TCP checksum offloading problems...
Bernd Schemmer
2006-Aug-03 18:57 UTC
Re: DNS resolutions is not working in a Solaris 10 DomU
John Levon wrote: John,>getent hosts www.heise.de say? > >bash-3.00# getent hosts www.heise.de 193.99.144.85 www.heise.de bash-3.00# ping www.heise.de www.heise.de is alive Very strange - now it works. I did not change anything since yesterday -only shutdown the Laptop and rebooted it today. Thanks Bernd -- Bernd Schemmer, Frankfurt am Main, Germany http://home.arcor.de/bnsmb/index.html Más temprano que tarde el mundio cambiará Fidel Castro
I''m seeing the same thing in a new install of Solaris build-81 with Solaris dom0 and domU. Pointing a Solaris domU to a known good DNS server (works from dom0) fails to resolve anything. Network connectivity seems OK; I can ping the DNS server, but I get timeouts resolving hostnames. This message posted from opensolaris.org
Bernd Schemmer
2008-Feb-02 16:55 UTC
Re: DNS resolutions is not working in a Solaris 10 DomU
Chris wrote:> I''m seeing the same thing in a new install of Solaris build-81 with Solaris dom0 and domU. Pointing a Solaris domU to a known good DNS server (works from dom0) fails to resolve anything. Network connectivity seems OK; I can ping the DNS server, but I get timeouts resolving hostnames. > > > This message posted from opensolaris.org > _______________________________________________ > xen-discuss mailing list > xen-discuss@opensolaris.org > >Did you set the /etc/system entry to disable the TCP checksum (shouldn''t be necessary anymore but who knows)? I did not install snv81 yet but will install it in one of the next days (in Dom0 and DomU) regards Bernd -- Bernd Schemmer, Frankfurt am Main, Germany http://home.arcor.de/bnsmb/index.html M s temprano que tarde el mundo cambiar . Fidel Castro
TCP checksum was indeed causing the problem. Adding this line to /etc/system in the domU solves the problem: set xnf:xnf_cksum_offload = 0 Thanks! This message posted from opensolaris.org
Hi,>>TCP checksum was indeed causing the problem. Adding this line to /etc/system in the domU solves the problem:>>set xnf:xnf_cksum_offload = 0Good, but strange in a Solaris snv_81 DomU running in a Solaris snv_78 Dom0 the name resolution works without the /etc/system entry. bash-3.2# getent hosts www.heise.de 193.99.144.85 www.heise.de regards Bernd Chris wrote:> TCP checksum was indeed causing the problem. Adding this line to /etc/system in the domU solves the problem: > > set xnf:xnf_cksum_offload = 0 > > Thanks! > > > This message posted from opensolaris.org > _______________________________________________ > xen-discuss mailing list > xen-discuss@opensolaris.org > >-- Bernd Schemmer, Frankfurt am Main, Germany http://home.arcor.de/bnsmb/index.html M s temprano que tarde el mundo cambiar . Fidel Castro
> I''m seeing the same thing in a new install of Solaris > build-81 with Solaris dom0 and domU. Pointing a > Solaris domU to a known good DNS server (works from > dom0) fails to resolve anything.The DNS server is external to dom0, that is, we have to go over a wire to reach the DNS server? Or is the DNS server running on the dom0? What kind of NIC is used on the opensolaris build81 dom0?> Network > connectivity seems OK; I can ping the DNS server, but > I get timeouts resolving hostnames....> TCP checksum was indeed causing the problem. > Adding this line to /etc/system in the domU solves the problem: > > set xnf:xnf_cksum_offload = 0Would it be possible that you run a "tcpdump -v -s 0" on the DNS server or some router between dom0 and the DNS server, to verify that there really is an issue with the dom0/domU sending out packes with bad UDP or TCP checksums? This message posted from opensolaris.org