[lug] strange name resolving/ftp

[D. Stimits]

rm at mamma.varadinet.de wrote:
> 
> On Sat, Jun 09, 2001 at 07:28:38PM -0600, D. Stimits wrote:
> > I've been playing with ftp config on a RH 7.1 beta machine (isolated
> > from Internet, behind a firewall), and discovered something strange. I
> > can do "ftp localhost" and "ftp 127.0.0.1", and get quite different
> > results. The hosts file has both listed correctly, and ping is exactly
> > the same, regardless of pinging localhost or 127.0.0.1. The odd thing is
> > that I can ftp localhost and it works, but ftp 127.0.0.1 results in
> > 421 Service not available, remote server has closed connection
> >
> > I have experimented, and I can sometimes reverse this, where I can ftp
> > 127.0.0.1 and it now works, but then ftp localhost fails. I can't get it
> > to allow ftp with both forms at the same time. Does anyone have a
> > suggestion for this?
> 
> To help debugging, what's your name resolution setup?
> What does /etc/nsswitch say, does your resolver consult
> /etc/hosts before asking the DNS server (hosts: files dns)
> or does it first ask the server (hosts: dns files) ?
> What's the output of 'nslookup localhost' ?
> 
>  Ralf

I'm a bit ignorant of nsswitch.conf. For background, I do not run DNS or
bind on any machine. All machines point towards the ISP's DNS (and the
firewall blocks any DNS conversation with any machine other than those
of the ISP; I see lots of logged outside parties trying to reach my DNS
ports, probably for exploits). This machine has only an ethernet card,
and the machine it points to is not connected to the internet at the
time of test (it uses ppp dialup). But I think the relevant lines you'd
be interested in are:
hosts: files nisplus dns
ethers: files
netmasks: files
networks: files
protocols: files nisplus
rpc: files
services files nisplus
aliases: files nisplus

I've tried a lot of variations to both /etc/resolv.conf and /etc/hosts,
which is how I'm able to sometimes reverse whether it is 127.0.0.1 that
fails, or if it is localhost that fails (in all cases ping works to both
names and the output is identical). The current (with domain names
altered) resolv.conf is:
search my_isp.com localhost my_alternate_dns_server.com
nameserver a.b.c.d
nameserver e.f.g.h
nameserver i.j.k.l

The current hosts file is similar to:
127.0.0.1  localhost localhost.localdomain thishost
thishost.thisdomain.com
10.0.0.6   myotherhost.thisdomain.com myotherhost

What I'm looking at now that is making me wonder is my default route,
which points to the other machine with a 0.0.0.0 mask (the other machine
when connected with ppp masquerades for this one). What I'm thinking is
that maybe it is trying to send "localhost" over the default route (or
127.0.0.1 when I reverse things).

I know it must be something rather simple, but I've tried every
variation I can think of with no help.

D. Stimits, stimits at idcomm.com