From hoggins at wheres5.com Wed May 25 17:41:17 2022 From: hoggins at wheres5.com (Hoggins!) Date: Wed, 25 May 2022 18:41:17 +0200 Subject: [Iftop-users] iftop resolving IPs as local hostname instead of regular public PTR Message-ID: Hi there, First time posting here, I'm having questions/issues regarding DNS PTR resolution when running iftop. I'm asking this because "it used to work" and now it's not outputting what I expect, and I'd like to understand why and how to circumvent the problem. I'm aware that my issue might very well be system-related, but I'm sure discussing this with you will enable me finding the culprit. Here's the thing: I have dynamic (public) IPs attached to a system (using Keepalived, everything works fine), and I monitor the traffic going on this public interface with iftop. These public IPs all have correct PTR records. eg.with dig : ;; ANSWER SECTION: 50.52.196.5.in-addr.arpa. 86369??? IN??? PTR??? www.radiom.fr. But when I use iftop to monitor this public interface, all I get as resolved hostname is my local hostname. It *used* to work, and I'm pretty sure it's due to a system upgrade, maybe a library that doesn't behave as I expect it to. I checked my /etc/hosts file, but there are no entries linking public IPs and the local hostname. So my question is: where should I look to get the correct info? Is iftop using something like gethostbyaddr() to get the hostname? Thanks! ??? Hoggins! From pdw at ex-parrot.com Wed May 25 17:55:41 2022 From: pdw at ex-parrot.com (Paul Warren) Date: Wed, 25 May 2022 17:55:41 +0100 Subject: [Iftop-users] iftop resolving IPs as local hostname instead of regular public PTR In-Reply-To: References: Message-ID: <5b829196-8daf-38b5-bf7d-fb8f682f9dae@ex-parrot.com> Hi, If you turn off name resolution (press "n") is it definitely showing you the public IP addresses that you're expecting? iftop has a number of possible (compile time) resolver implementations, but gethostbyaddr() should be the default. Paul On 25/05/2022 17:41, Hoggins! wrote: > Hi there, > > First time posting here, I'm having questions/issues regarding DNS PTR > resolution when running iftop. > I'm asking this because "it used to work" and now it's not outputting > what I expect, and I'd like to understand why and how to circumvent > the problem. > > I'm aware that my issue might very well be system-related, but I'm > sure discussing this with you will enable me finding the culprit. > > Here's the thing: > > I have dynamic (public) IPs attached to a system (using Keepalived, > everything works fine), and I monitor the traffic going on this public > interface with iftop. These public IPs all have correct PTR records. > eg.with dig : > > ?? ;; ANSWER SECTION: > ?? 50.52.196.5.in-addr.arpa. 86369??? IN??? PTR??? www.radiom.fr. > > > But when I use iftop to monitor this public interface, all I get as > resolved hostname is my local hostname. > It *used* to work, and I'm pretty sure it's due to a system upgrade, > maybe a library that doesn't behave as I expect it to. > > I checked my /etc/hosts file, but there are no entries linking public > IPs and the local hostname. > > So my question is: where should I look to get the correct info? Is > iftop using something like gethostbyaddr() to get the hostname? > > Thanks! > > ??? Hoggins! > > _______________________________________________ > iftop-users mailing list > iftop-users at lists.beasts.org > http://lists.beasts.org/mailman/listinfo/iftop-users From hoggins at wheres5.com Wed May 25 18:01:20 2022 From: hoggins at wheres5.com (Hoggins!) Date: Wed, 25 May 2022 19:01:20 +0200 Subject: [Iftop-users] iftop resolving IPs as local hostname instead of regular public PTR In-Reply-To: <5b829196-8daf-38b5-bf7d-fb8f682f9dae@ex-parrot.com> References: <5b829196-8daf-38b5-bf7d-fb8f682f9dae@ex-parrot.com> Message-ID: Hello Paul, Yes, I have the correct IP addresses when I turn off resolution. Le 25/05/2022 ? 18:55, Paul Warren a ?crit?: > If you turn off name resolution (press "n") is it definitely showing > you the public IP addresses that you're expecting? -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_signature Type: application/pgp-signature Size: 203 bytes Desc: OpenPGP digital signature URL: From hoggins at wheres5.com Wed May 25 18:06:52 2022 From: hoggins at wheres5.com (Hoggins!) Date: Wed, 25 May 2022 19:06:52 +0200 Subject: [Iftop-users] iftop resolving IPs as local hostname instead of regular public PTR In-Reply-To: References: <5b829196-8daf-38b5-bf7d-fb8f682f9dae@ex-parrot.com> Message-ID: <733e3816-c58d-d5dd-ef26-1dd43383419a@wheres5.com> I just checked my system with a tcpdump to catch all DNS messages and I find that the host never tries to resolve its own IP addresses when iftop is started (but of course I get a ot of DNS queries for the connected peers, and they are valid as public DNS PTR records). So I should definitely check on my system why it's not even trying to resolve these "considered local" IP addresses using DNS. But I'm stuck because I'm not sure where I should look. Le 25/05/2022 ? 19:01, Hoggins! a ?crit?: > Hello Paul, > > Yes, I have the correct IP addresses when I turn off resolution. -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_signature Type: application/pgp-signature Size: 203 bytes Desc: OpenPGP digital signature URL: From hoggins at wheres5.com Wed May 25 18:12:21 2022 From: hoggins at wheres5.com (Hoggins!) Date: Wed, 25 May 2022 19:12:21 +0200 Subject: [Iftop-users] [SOLVED] Re: iftop resolving IPs as local hostname instead of regular public PTR In-Reply-To: <733e3816-c58d-d5dd-ef26-1dd43383419a@wheres5.com> References: <5b829196-8daf-38b5-bf7d-fb8f682f9dae@ex-parrot.com> <733e3816-c58d-d5dd-ef26-1dd43383419a@wheres5.com> Message-ID: <01e37b15-564f-344d-eac3-f01e4011aefb@wheres5.com> It was /etc/nsswitch.conf that contained new (odd) entries! It's solved, I knew I had to share this to solve my issue. Thanks for the conversation! ??? Hoggins! Le 25/05/2022 ? 19:06, Hoggins! a ?crit?: > I just checked my system with a tcpdump to catch all DNS messages and > I find that the host never tries to resolve its own IP addresses when > iftop is started (but of course I get a ot of DNS queries for the > connected peers, and they are valid as public DNS PTR records). > So I should definitely check on my system why it's not even trying to > resolve these "considered local" IP addresses using DNS. > > But I'm stuck because I'm not sure where I should look. > > Le 25/05/2022 ? 19:01, Hoggins! a ?crit?: >> Hello Paul, >> >> Yes, I have the correct IP addresses when I turn off resolution. > > > _______________________________________________ > iftop-users mailing list > iftop-users at lists.beasts.org > http://lists.beasts.org/mailman/listinfo/iftop-users -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_signature Type: application/pgp-signature Size: 203 bytes Desc: OpenPGP digital signature URL: