Tuesday, August 23, 2022

How hostname to IP address Conversion works in Linux? nslookup Example

One of my favorite Linux Interview questions is about how to convert hostname to IP address in Linux? These questions not just test the candidate's basic Linux command skills but also shows his understanding of how name resolution works in UNIX or Linux? Many developers, software engineers, and support professionals don't really know how Linux converts a hostname into IP address or what happens when they type http://www.amazon.com in their browser in UNIX? They are not really familiar with how the name amazon.com is resolved to an IP address.

Since network application only works with IP address and names are for us humans, who find it easier to remember a name than IP address, it makes sense to understand how this name resolution happens.

By the way, if you are new to Linux then I also suggest you go through a comprehensive Linux course to learn some basics commands and fundamentals like Linux file system, permissions, and other basic things.

If you need an online course, I highly recommend these best Linux courses from Coursera and Udemy. It's a very practical and hands-on resource to learn Linux fundamentals in a quick time. 




How nslookup or host command works in UNIX

Sometimes, this question also asks for how nslookup or host command works, which are two of the popular command to convert hostname to IP address.

There are several key files that play role in name resolution but the journey starts from the file /etc/nsswitch.conf file or the /etc/host.conf in pre-glibc2 systems. When a user types http://www.amazon.com in the address bar of the browser and presses the enter button, the system needs to resolve this hostname to an IP address to make the connection.

It first consults the /etc/nsswitch.conf file to determine which subsystems to ask and in what order to resolve this hostname. The file contains lookup order for many network related setups like passwords, shadow passwords, groups, hosts, aliases, etc.

The default entry for hosts in this file looks like this:

hosts: files dns nis

This means first to use the local files like /etc/hosts for name resolution and if not found use DNS (domain name resolution) and if not able to resolve there then finally use Network information server (NIS) in the same order. For the small private network, just file lookup is enough but for most of the medium to large networks, DNS and NIS is used to resolve the hostname to IP address.

Now, Linux will search for the hostname in /etc/hosts file and if found there it will return the IP address to make the connection. The /etc/hosts usually contain a couple of entries as shown below:

$ cat /etc/hosts
127.0.0.1       localhost
::1     localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.17.1.43     63d51553371a

If the hostname is not found in this file then Linux consults to DNS for name resolution.



In order to connect to DNS, it needs something called nameservers and for that it lookup on the /etc/resolve.conf file. This file contains a couple of nameservers for consultation e.g.

$ cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 10.0.0.2
nameserver 192.168.10.15
nameserver 192.168.250.20

A utility like nslookup will first consult to the primary DNS server, the first server in the /etc/resolv.conf file. A DNS request is made to the primary DNS server. If a response is received i.e. the IP address of hostname is received then the same address is used to make the HTTP request.

If no response is received, either because the DNS server did not have a mapping for the hostname or the DNS server is down or did not respond to the request, then the next nameserver listed in the /etc/resolv.conf is consulted. This process repeats until all name servers have been consulted.

How name resolution works in Linux


On a side note, the order is very important in /etc/resolv.conf. I remember one instance when we had the wrong hostname to IP address mapping in one name server but correct in other but because the faulty name server was the first listed in /etc/resolv.conf, it is the one which is consulted first, resulting in incorrect IP address resolution. The issue was solved tactically by just changing the order of the server until mapping in the faulty name server is corrected.

If name resolution failed at name servers then finally NIS is consulted and if they're also Linux not able to find a corresponding IP address for a given hostname then the web browser will return an error. The same mechanism is used with any name resolution utility like nslookup.

As a Programmer, Developer, or Support professional, it's important to be familiar with fundamentals like this because they help a lot while troubleshooting. The importance of /etc/hosts cannot be ignored because usually it is the first file that is consulted and that's why you always found the localhost to IP address 127.0.0.1 mapping here.

Never delete this file as many programs including Java ones check this file for localhost name resolution. Some systems e.g. pre-glibc2 the /etc/host.conf is consulted in place of /etc/nsswitch.conf file.


So, now you know how the hostname is resolved to IP address in Linux. This whole process is also known as name resolution and it is one of the important concepts to learn from the Linux Interview point of view. If you are interested in learning Linus fundamentals like this I suggest you read How Linux works, it's full of such important details which make a simple Linux user to a Super User :-)



Other Linux books and articles you may like:

Thank you for reading this article, if you really like this article then please share with your friends and colleagues and if you have any suggestions or feedback then please share with us by dropping comments. If you just want to learn more about Linux fundamentals, just go and read, How Linux works. 

6 comments :

Anonymous said...

HI,

I am using Centos6 OS

I have one information need, In my Data center I have connected PDU(Power distribution unit) in Servers

Is there any open source software or tool is available in power calculation like each PDU how much power consumption

blogtest said...

"...first use the local files e.g. /etc/hosts for name resolution and if not found use DNS.."
Put so could leave room for misunderstanding. What is not found, the file or the domain name?
Maybe "...if a match is not found..."

Anonymous said...

You forgot the local DNS cache. It is always asked first!

Anonymous said...

The order of nameservers in the resolv.conf file should not matter other than you might want to put the electrically closest one first. Each nameserver in the list should be recursive and capable of resolving any name. If a name exists anywhere and cannot be resolved by each nameserver, something is broken or misconfigured.

If the queried server doesn't have or can't get the answer, it must respond with a NOTFOUND and no further queries should occur. NOTFOUND means the name does not exist anywhere, not just on that server.

The client should only progress to the next listed nameserver if the queried server is unresponsive.

There are other errors and oversimplifications in your write-up, so suffice to say this should be considered as a vague explanation, not a guide.

javin paul said...

@Anonymous, yes local DNS cache is checked first.

Anonymous said...

Not a word on link-local name resolution? mDNS and LLMNR (Link-Local Multicast Name Resolution).

Post a Comment