Wednesday, April 12, 2017

How hostname to IP address Conversion or Name Resolution works in Linux?

One of my favorite Linux Interview questions is about how to convert hostname to IP address in Linux? This questions not just test candidate's basic Linux command skills but also shows his understanding of how name resolution works in UNIX or Linux? Many developers, software engineers, and support professional don't really know how Linux converts an hostname into IP address or what happens when they type http://www.amazon.com in their browser in UNIX? They are not really familiar with how the name amazon.com is resolved to an IP address. Since network application only works with IP address and names are for us humans, who find it easier to remember a name than IP address, it makes sense to understand how this name resolution happens. Sometimes, this question also asks as for how nslookup or host command works, which are two of the popular command to convert hostname to IP address.

There are several key files which play role in name resolution but the journey starts from the file /etc/nsswitch.conf file or the /etc/host.conf in pre-glibc2 systems. When a user types http://www.amazon.com in the address bar of the browser and presses the enter button, the system needs to resolve this hostname to an IP address to make the connection.

It first consults the /etc/nsswitch.conf file to determine which subsystems to ask and in what order to resolve this hostname. The file contains lookup order for many network related setup e.g. password, shadow passwords, groups, hosts, aliases etc.



The default entry for hosts in this file look like this:

hosts: files dns nis

Which means first use the local files e.g. /etc/hosts for name resolution and if not found use DNS (domain name resolution) and if not able to resolve there then finally use Network information server (NIS) in the same order. For small private network just file lookup is enough but for most of the medium to large networks, DNS and NIS is used to resolve the hostname to IP address.

Now, Linux will search for the hostname in /etc/hosts file and if found there it will return the IP address to make the connection. The /etc/hosts usually contain a couple of entries as shown below:

$ cat /etc/hosts
127.0.0.1       localhost
::1     localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.17.1.43     63d51553371a

If the hostname is not found in this file then Linux consults to DNS for name resolution.



In order to connect to DNS, it needs something called nameservers and for that it lookup on the /etc/resolve.conf file. This file contains a couple of nameservers for consultation e.g.

$ cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 10.0.0.2
nameserver 192.168.10.15
nameserver 192.168.250.20

A utility like nslookup will first consult to the primary DNS server, the first server in the /etc/resolv.conf file. A DNS request is made to the primary DNS server. If a response is received i.e. the IP address of hostname is received then the same address is used to make the HTTP request.

If no response is received, either because the DNS server did not have a mapping for the hostname or the DNS server is down or did not respond to the request, then the next nameserver listed in the /etc/resolv.conf is consulted. This process repeats until all name servers have been consulted.

How name resolution works in Linux


On a side note, the order is very important in /etc/resolv.conf. I remember one instance when we had the wrong hostname to IP address mapping in one name server but correct in other but because the faulty name server was the first listed in /etc/resolv.conf, it is the one which is consulted first, resulting in incorrect IP address resolution. The issue was solved tactically by just changing the order of server until mapping in faulty name server is corrected.

If name resolution failed at name servers then finally NIS is consulted and if there also Linux not able to find a corresponding IP address for a given hostname then the web browser will return an error. The same mechanism is used with any name resolution utility e.g. nslookup.

As a Programmer, Developer or Support professional, it's important to be familiar with fundamentals like this because they help a lot while troubleshooting. The importance of /etc/hosts cannot be ignored because usually it is the first file which is consulted and that's why you always found the localhost to IP address 127.0.0.1 mapping here. Never delete this file as many programs including Java ones check this file for localhost name resolution. Some systems e.g. pre-glibc2 the /etc/host.conf is consulted in place of /etc/nsswitch.conf file.


So, now you know how hostname is resolved to IP address in Linux. This whole process is also known as name resolution and it is one of the important concepts to learn from Linux Interview point of view. If you are interested in learning Linus fundamentals like this I suggest you reading How Linux works, it's full of such important details which make a simple Linux user to a Super User :-)

How hostname to IP address Conversion or Name Resolution works in Linux?


Further Learning
Linux Command Line Interface (CLI) Fundamentals
Linux System Administration Fundamentals

Other Linux books and articles you may like:

Thank you for reading this article, if you really like this article then please share with your friends and collegues and if you have any suggestion or feedback then please share with us by dropping comments. If you just want to learn more about Linux fundamentals, just go and read, How Linux works

2 comments :

Anonymous said...

HI,

I am using Centos6 OS

I have one information need, In my Data center I have connected PDU(Power distribution unit) in Servers

Is there any open source software or tool is available in power calculation like each PDU how much power consumption

blogtest said...

"...first use the local files e.g. /etc/hosts for name resolution and if not found use DNS.."
Put so could leave room for misunderstanding. What is not found, the file or the domain name?
Maybe "...if a match is not found..."

Post a Comment