On Thu, May 10, 2018 at 10:27:35AM +0000, VINEETHSIVARAMAN wrote: > My server is behind a firewall and a proxy, but when i give 2 "wget" in > command gives me a DNS resolution but not with the single wget ! > [...] > [~]$ nslookup google.com > > Non-authoritative answer: > Name: google.com > Address: 74.125.24.102 > Name: google.com > Address: 74.125.24.101 > Name: google.com > Address: 74.125.24.139 > Name: google.com > Address: 74.125.24.113 > Name: google.com > Address: 74.125.24.138 > Name: google.com > Address: 74.125.24.100 > > [~]$ wget google.com --no-proxy -d > DEBUG output created by Wget 1.14 on linux-gnu. > > URI encoding = ‘UTF-8’ > Converted file name 'index.html' (UTF-8) -> 'index.html' (UTF-8) > Converted file name 'index.html' (UTF-8) -> 'index.html' (UTF-8) > --2018-05-10 06:24:33-- http://google.com/ > Resolving google.com (google.com)... failed: Name or service not known.
nslookup bypasses system domain name resolver and querries DNS servers directly comparing to wget or most of the other programs. Do you experience the same issue with other programs that use system resolver? E.g. "getent host google.com"? Maybe one of your name servers misbehaves and only the second query to the second one succeeds. Maybe your system resolved validates DNSSEC signatures and your network or name servers block EDNS packets. What's your system resolver (/etc/nsswitch.conf), do you use nscd or sssd caching deamons? If you do, what does happen if you flush their caches (e.g. nscd --invalidate hosts). Capturing and studying network packets while experiencing the issue would also help. -- Petr
signature.asc
Description: PGP signature
