Solaris 10 /etc/hosts gotcha

1 minute read

Often, when I’m setting up a test system or a demo, I’ll use bogus fully qualified domain names (FQDNs), adding entries to /etc/hosts (which is nowadays a symbolic link to /etc/inet/hosts). Today, I was setting up federation; my identity provider (IdP) is at amdemo.example.com and my service provider (SP) is at fmdemo.partner.com. I set up the IdP, appending amdemo.example.com to the line in /etc/hosts that said 192.168.1.31 amdemo and all was well - I could browse to amdemo.example.com and see Access Manager.

On to the SP. I do the same thing, appending fmdemo.partner.com to the line in /etc/hosts that contains fmdemo, browsing to fmdemo.partner.com and… I get some site on the internet. Hmmm. Check /etc/nsswitch.conf - it tells me that it will check files (i.e. /etc/hosts) before DNS. Hmmm. If I comment out the nameserver from /etc/resolv.conf, I can browse to fmdemo.partner.com and see Federation Manager. Strange.

After much man page reading, the answer is… /etc/inet/ipnodes. It turns out that, even if you don’t choose IPv6 support, Solaris 10 will read /etc/inet/ipnodes before /etc/hosts and, if there is no ipnodes value, then go to DNS. So, the answer is to copy the relevant line from /etc/hosts to /etc/inet/ipnodes. I do that and, hey presto, I can see Federation Manager at fmdemo.partner.com!

The key here is the comment in /etc/nsswitch.conf that says

# Note that IPv4 addresses are searched in all of the ipnodes databases
# before searching the hosts databases.

So, with these lines in /etc/nsswitch.conf:

hosts:      files dns
ipnodes:    files dns

The search order is: /etc/inet/ipnodes, DNS, /etc/inet/hosts then DNS again.

This has actually bitten me before. I’m blogging it this time to increase my chances of actually remembering it.

Twitter Facebook LinkedIn

Comments

Mike Gerdts

June 8, 2006 at 05:56 PM

or…

hosts: files dns
ipnodes: files

Should make it so that you can just maintain your localhost entry in /etc/inet/ipnodes (then forget it exists) while using /etc/hosts and DNS like you always have.

Superpat

June 8, 2006 at 11:18 PM

Thanks, Mike. Very cool.

Rohan Pinto

June 13, 2006 at 11:06 AM

It would be really nice to know is the same behaviour is seen on linux too… and if so what the workaround could be… I seem to have similar issues with the ldap server in certain instances failing to startup due to an error… “Failed to find route to host”.. and it looks like the reason is pretty close to yours when you saw errors during your demo setup of federation.

Superpat

June 13, 2006 at 01:46 PM

Hi Rohan - no, this is Solaris-specific. Linux puts IPv6 information in /etc/hosts.

I can't think of anything to help you with "Failed to find route to host" apart from the regular diagnostics - ping the hostname, ping the ip address, traceroute etc etc etc.

Andrew Robb

August 21, 2007 at 07:29 AM

I have found that the old gethostby???? calls ONLY use /etc/inet/hosts and that getaddrinfo ONLY uses /etc/inet/ipnodes

I make all changes to /etc/inet/ipnodes then

grep -v ':' /etc/inet/ipnodes > /etc/inet/hosts

Steve Edberg

November 16, 2007 at 06:41 PM

Thanks for the post; this was driving me crazy for the better part of a day when I started getting weird NFS 'permission denied' errors after editing /etc/inet/hosts. And evidently because of name service caching, I didn't notice anything was amiss immediately. After a 'cat ipnodes.old hosts > ipnodes' and deleting the duplicate lines, everything was hunky-dory. As I don't use IPv6, I'm wondering if there would be a downside to symlinking ipnodes to hosts? I can't try it now, maybe I will in the future.

Steve Laurie

March 4, 2009 at 05:06 AM

To make this easier on you when setting up a new system, in the /etc dir, you'll find a file called nsswitch.dns already configured correctly to set the system up as a DNS client. Simply "cp /etc/nsswitch.dns /etc/nsswitch.conf" and Bob's your Uncle!

Also, you'll find that the hosts file is really in /etc/inet. It's only linked into the /etc dir for BSD compatibility reasons.

Cheers,
Steve

Anne Onymous

October 23, 2020 at 11:00 AM

I just got caught by this (again). My solution is to use this line in /etc/nsswitch.conf:

ipnodes: files [NOTFOUND=return]

The problem is that I am using DHCP on my machine, and when it starts up, it hacks the /etc/nsswitch.conf file to append “dns” to the ends of the hosts and ipnodes entries, where there was no such directive to begin with:

hosts: files dns # Added by DHCP ipnodes: files [NOTFOUND=return] dns # Added by DHCP

If I don’t have the NOTFOUND directive there, DNS will be consulted before my /etc/inet/hosts file. Which means that when I use unqualified hostnames on my home network, Solaris will try to resolve such a name against some random host out on the Internet – not at all a good thing. By making the sequence “ipnodes file, hosts file, DNS”, I can maintain all of my in-home IPv4 addresses centralized in my /etc/inet/hosts file, and not have to worry about putting them in two separate files as my network evolves.

Your email address will not be published. Required fields are marked *

Solaris 10 /etc/hosts gotcha

Comments

Mike Gerdts

Superpat

Rohan Pinto

Superpat

Andrew Robb

Steve Edberg

Steve Laurie

Anne Onymous

Leave a Comment

You May Also Enjoy

Salesforce Mutual Authentication – Part 3: Java HTTP Clients

Salesforce Mutual Authentication - Part 2: Web Service Connector (WSC)

Salesforce Mutual Authentication - Part 1: the Basics

Uploading data to the Salesforce Wave Analytics Cloud