Resolv. conf file configuration Cases

 

Introduction

The content in the/etc/resolv. conf configuration file in the operating system is generally blank. If the file is incorrectly configured, the SSH, route, and netstat commands will slow down in response.

Adding error content in/etc/resolv. conf leads to slow response to commands related to domain name resolution, which is a common problem in maintenance.

 

Cases

Symptom:Using SSH from other machines to connect to a machine is slow. It takes more than 10 seconds to receive a prompt for a password.

 

Solution:

The/etc/resolv. conf file of the connected machine contains the following content:

XXXXX:~ # cat /etc/resolv.confnameserver 202.102.152.3search XXX

Because the/etc/resolv. conf file is configured, the machine becomes the DNS client, and the DNS server is the machine corresponding to the IP address 202.102.152.3.

 

When executing SSH, the host will perform domain name resolution based on the above configuration. Because the IP address of this host is not reachable, the host will try domain name resolution multiple times until the timeout is reached.

 

Route/netstat command output is slow

When you execute the route and netstat commands, domain name resolution is also performed. incorrectly configuring the/etc/resolv. conf file as above will also lead to slow output of the route and netstat commands.

 

When you execute route-N and netstat-N, there will be no slow issue. Because the-n option is added, XXX will be output during command execution. xxx. xxx. the IP address in decimal format at XXX. domain name resolution is not performed.

 

Strace tracking and analysis

This article introduces the usage of strace in the self-help Linux problem diagnosis tool strace, such as the slow or wrong execution of such commands, it is no longer appropriate to use strace for problem analysis.

Next we will clear the brain and "forget" the above content to learn how to use strace to analyze the problem of slow SSH login.

 

First, use the strace command on the machine that uses SSH:

linux198 /root# strace -o ssh.strace -fT ssh 10.71.171.140

 

As you can see, in the output file ssh. strace, the SSH command blocks a select call at the underlying layer for 15 s:

……23452 write(3, "\325/S\265\223\246H\241nG\237\4,\2201\23\235]<\5] 7ke\200"..., 912) = 912 <0.000010>23452 select(4, [3], NULL, NULL, NULL)  = 1 (in [3]) <15.098772>……

Although the Select system call itself is non-blocking, ssh still waits for the return of the SELECT statement before executing it. No other useful information is obtained.

 

In this case, we will log on to a slow and problematic machine by Using SSH. Follow the sshd process to find the PID of the sshd process:

slot10-sles10sp2:~ # ps aux | grep sshd | grep -v greproot      5352  0.0  0.0  26068  1432 ?        Ss   12:27   0:00 /usr/sbin/sshd -o PidFile=/var/run/sshd.init.pidroot      7761  0.0  0.0  40792  2912 ?        Ss   14:55   0:00 sshd: root@pts/0     

 

Use the-P option to trace running processes using strace:

slot10-sles10sp2:~ # strace -o sshd.strace -fT -p 5352Process 5352 attached - interrupt to quit

The above command will be suspended during execution, waiting for the arrival of the SSH connection. In this case, we use the SSH 10.71.171.140 command on another machine to connect to the machine.

 

After successful SSH Login, CTRL + C stops the strace command. We can see the following output in the sshd. strace file:

16894 open("/etc/resolv.conf", O_RDONLY) = 4 <0.000026>16894 fstat(4, {st_mode=S_IFREG|0644, st_size=40, ...}) = 0 <0.000023>16894 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2b0eb8dbf000 <0.000024>16894 read(4, "nameserver 202.102.152.3\nsearch "..., 4096) = 40 <0.000028>16894 read(4, "", 4096)                 = 0 <0.000023>16894 close(4)                          = 0 <0.000024>16894 munmap(0x2b0eb8dbf000, 4096)      = 0 <0.000026>16894 socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 4 <0.000027>16894 connect(4, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("202.102.152.3")}, 28) = 0 <0.000025>16894 fcntl(4, F_GETFL)                 = 0x2 (flags O_RDWR) <0.000024>16894 fcntl(4, F_SETFL, O_RDWR|O_NONBLOCK) = 0 <0.000023>16894 poll([{fd=4, events=POLLOUT, revents=POLLOUT}], 1, 0) = 1 <0.000024>16894 sendto(4, "\313\367\1\0\0\1\0\0\0\0\0\0\003198\003172\00271\00210"..., 44, 0, NULL, 0) = 44 <0.000117>16894 poll([{fd=4, events=POLLIN}], 1, 5000) = 0 <5.000046>16894 poll([{fd=4, events=POLLOUT, revents=POLLOUT}], 1, 0) = 1 <0.000024>16894 sendto(4, "\313\367\1\0\0\1\0\0\0\0\0\0\003198\003172\00271\00210"..., 44, 0, NULL, 0) = 44 <0.000035>16894 poll([{fd=4, events=POLLIN}], 1, 5000) = 0 <4.999760>16894 close(4)                          = 0 <0.000028>

 

The above output shows that when a connection arrives, the sshd process will open and read/etc/resolv. the content of the conf file, establish a socket for the DNS nameserver, and then call the poll function. Each poll will return timeout after 5 seconds.

 

For more information, see the functions of the/etc/resolv. conf file and check the configuration of the/etc/resolv. conf file to solve the problem.

 

Summary

This article discusses/etc/resolv. CONF file configuration error, resulting in slow SSH Login (including slow jump from other machines, slow login using putty and other software), slow reoute/netstat command execution.

 

Through the recurrence of the problem and the use of strace for problem analysis, we also tried it and became familiar with the use of strace.

 

 

Reference: http://www.cnblogs.com/bangerlee/articles/2460619.html