Hi there,
First time posting here, I'm having questions/issues regarding DNS PTR resolution when running iftop. I'm asking this because "it used to work" and now it's not outputting what I expect, and I'd like to understand why and how to circumvent the problem.
I'm aware that my issue might very well be system-related, but I'm sure discussing this with you will enable me finding the culprit.
Here's the thing:
I have dynamic (public) IPs attached to a system (using Keepalived, everything works fine), and I monitor the traffic going on this public interface with iftop. These public IPs all have correct PTR records. eg.with dig :
;; ANSWER SECTION: 50.52.196.5.in-addr.arpa. 86369 IN PTR www.radiom.fr.
But when I use iftop to monitor this public interface, all I get as resolved hostname is my local hostname. It *used* to work, and I'm pretty sure it's due to a system upgrade, maybe a library that doesn't behave as I expect it to.
I checked my /etc/hosts file, but there are no entries linking public IPs and the local hostname.
So my question is: where should I look to get the correct info? Is iftop using something like gethostbyaddr() to get the hostname?
Thanks!
Hoggins!
Hi,
If you turn off name resolution (press "n") is it definitely showing you the public IP addresses that you're expecting?
iftop has a number of possible (compile time) resolver implementations, but gethostbyaddr() should be the default.
Paul
On 25/05/2022 17:41, Hoggins! wrote:
Hi there,
First time posting here, I'm having questions/issues regarding DNS PTR resolution when running iftop. I'm asking this because "it used to work" and now it's not outputting what I expect, and I'd like to understand why and how to circumvent the problem.
I'm aware that my issue might very well be system-related, but I'm sure discussing this with you will enable me finding the culprit.
Here's the thing:
I have dynamic (public) IPs attached to a system (using Keepalived, everything works fine), and I monitor the traffic going on this public interface with iftop. These public IPs all have correct PTR records. eg.with dig :
;; ANSWER SECTION: 50.52.196.5.in-addr.arpa. 86369 IN PTR www.radiom.fr.
But when I use iftop to monitor this public interface, all I get as resolved hostname is my local hostname. It *used* to work, and I'm pretty sure it's due to a system upgrade, maybe a library that doesn't behave as I expect it to.
I checked my /etc/hosts file, but there are no entries linking public IPs and the local hostname.
So my question is: where should I look to get the correct info? Is iftop using something like gethostbyaddr() to get the hostname?
Thanks!
Hoggins!
iftop-users mailing list iftop-users@lists.beasts.org http://lists.beasts.org/mailman/listinfo/iftop-users
I just checked my system with a tcpdump to catch all DNS messages and I find that the host never tries to resolve its own IP addresses when iftop is started (but of course I get a ot of DNS queries for the connected peers, and they are valid as public DNS PTR records). So I should definitely check on my system why it's not even trying to resolve these "considered local" IP addresses using DNS.
But I'm stuck because I'm not sure where I should look.
Le 25/05/2022 à 19:01, Hoggins! a écrit :
Hello Paul,
Yes, I have the correct IP addresses when I turn off resolution.
It was /etc/nsswitch.conf that contained new (odd) entries!
It's solved, I knew I had to share this to solve my issue.
Thanks for the conversation!
Hoggins!
Le 25/05/2022 à 19:06, Hoggins! a écrit :
I just checked my system with a tcpdump to catch all DNS messages and I find that the host never tries to resolve its own IP addresses when iftop is started (but of course I get a ot of DNS queries for the connected peers, and they are valid as public DNS PTR records). So I should definitely check on my system why it's not even trying to resolve these "considered local" IP addresses using DNS.
But I'm stuck because I'm not sure where I should look.
Le 25/05/2022 à 19:01, Hoggins! a écrit :
Hello Paul,
Yes, I have the correct IP addresses when I turn off resolution.
iftop-users mailing list iftop-users@lists.beasts.org http://lists.beasts.org/mailman/listinfo/iftop-users
-
Hoggins! -
Paul Warren