Re: System Calls that do DNS
On 3 June 2013, at 22:21, Doug Hardie wrote: > > On 3 June 2013, at 20:39, staticsafe wrote: > >> On Mon, Jun 03, 2013 at 07:57:07PM -0700, Doug Hardie wrote: >>> I have an unusual situation. A program is doing a DNS lookup and often the >>> IP address has no reverse DNS entries. As a result the program hangs for >>> several timeouts. The call is not being made directly in its code, but is >>> occurring in a system call. There are no specific calls to DNS, its >>> something else doing it. I have been trying to track down which system >>> call is doing it, but without success so far. I have tried syslog calls >>> around each of the system calls I thought might be the culprit, but my >>> guessing is not very good. How can I identify the system call that is >>> calling DNS? If I can find it, I hopefully can find another way to do >>> whatever it does that does not involve a reverse DNS lookup. >>> >>> >> >> Use truss: >> http://www.freebsd.org/cgi/man.cgi?query=truss >> >> The truss utility traces the system calls called by the specified >> process or program. >> -- >> staticsafe >> O< ascii ribbon campaign - stop html mail - www.asciiribbon.org >> Please don't top post - http://goo.gl/YrmAb >> Don't CC me! I'm subscribed to whatever list I just posted on. >> > > Unfortunately truss does not show anything more than ktrace. I know what is > going out on the internet connection. Its a plain old reverse DNS request. > The question is what library module (probably not a system call now that I > think about it) is making that request. Interestingly enough, adding the IP > address with a dummy name in /etc/hosts causes the reverse request to succeed > and there are no time delays. So whatever module it is, is not using bind. > Bind doesn't check the hosts files as far as I can tell. > ___ After considering all the advice I received, the method I found that worked was to start the process and when it entered the reverse DNS timeout, quickly find the process ID and do a gdb on that process. Then a where command showed the entire stack which included all the module calls. I had to rebuild the process with debugging first. The IPv6 API when getting the client information will also do a reverse DNS lookup unless you specifically tell it not to do so. Changing that eliminated the lookup and the timeouts. Thanks to all. -- Doug ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: System Calls that do DNS
On Mon, 03 Jun 2013 21:57:07 -0500, Doug Hardie wrote: I have an unusual situation. A program is doing a DNS lookup and often the IP address has no reverse DNS entries. As a result the program hangs for several timeouts. The call is not being made directly in its code, but is occurring in a system call. There are no specific calls to DNS, its something else doing it. I have been trying to track down which system call is doing it, but without success so far. I have tried syslog calls around each of the system calls I thought might be the culprit, but my guessing is not very good. How can I identify the system call that is calling DNS? If I can find it, I hopefully can find another way to do whatever it does that does not involve a reverse DNS lookup. The system DNS lookups are handled by libc. Probably somewhere in the code here: http://svnweb.freebsd.org/base/head/lib/libc/nameser/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: System Calls that do DNS
On 4 June 2013, at 22:19, Enno Davids wrote: > See if whois can tell you who owns the block the IP is in. That may give > you some insight into what is asking for the reverse. Its AT&T. Its probably at least a state's worth of DSL addresses. I am physically at one of them for a couple more days. After that I have no way to test this. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: System Calls that do DNS
See if whois can tell you who owns the block the IP is in. That may give you some insight into what is asking for the reverse. E. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: System Calls that do DNS
On Tue, Jun 4, 2013 at 12:21 AM, Doug Hardie wrote: > Unfortunately truss does not show anything more than ktrace. Normally most people use truss first, then fall back to ktrace ;) > Bind doesn't check the hosts files as far as I can tell. System requests obey nsswitch.conf(5) -- Adam Vande More ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: System Calls that do DNS
On Jun 3, 2013 10:22 PM, "Doug Hardie" wrote: > > > On 3 June 2013, at 20:39, staticsafe wrote: > > > On Mon, Jun 03, 2013 at 07:57:07PM -0700, Doug Hardie wrote: > >> I have an unusual situation. A program is doing a DNS lookup and often the IP address has no reverse DNS entries. As a result the program hangs for several timeouts. The call is not being made directly in its code, but is occurring in a system call. There are no specific calls to DNS, its something else doing it. I have been trying to track down which system call is doing it, but without success so far. I have tried syslog calls around each of the system calls I thought might be the culprit, but my guessing is not very good. How can I identify the system call that is calling DNS? If I can find it, I hopefully can find another way to do whatever it does that does not involve a reverse DNS lookup. > >> > >> > > > > Use truss: > > http://www.freebsd.org/cgi/man.cgi?query=truss > > > > The truss utility traces the system calls called by the specified > > process or program. > > -- > > staticsafe > > O< ascii ribbon campaign - stop html mail - www.asciiribbon.org > > Please don't top post - http://goo.gl/YrmAb > > Don't CC me! I'm subscribed to whatever list I just posted on. > > > > Unfortunately truss does not show anything more than ktrace. I know what is going out on the internet connection. Its a plain old reverse DNS request. The question is what library module (probably not a system call now that I think about it) is making that request. Interestingly enough, adding the IP address with a dummy name in /etc/hosts causes the reverse request to succeed and there are no time delays. So whatever module it is, is not using bind. Bind doesn't check the hosts files as far as I can tell. > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " freebsd-questions-unsubscr...@freebsd.org" maybe try ldd and see if it is linked to a library like c-ares? or try running it in gdb to see whats going on? some ideas. Waitman Gobble San Jose California USA ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: System Calls that do DNS
On 3 June 2013, at 20:39, staticsafe wrote: > On Mon, Jun 03, 2013 at 07:57:07PM -0700, Doug Hardie wrote: >> I have an unusual situation. A program is doing a DNS lookup and often the >> IP address has no reverse DNS entries. As a result the program hangs for >> several timeouts. The call is not being made directly in its code, but is >> occurring in a system call. There are no specific calls to DNS, its >> something else doing it. I have been trying to track down which system call >> is doing it, but without success so far. I have tried syslog calls around >> each of the system calls I thought might be the culprit, but my guessing is >> not very good. How can I identify the system call that is calling DNS? If >> I can find it, I hopefully can find another way to do whatever it does that >> does not involve a reverse DNS lookup. >> >> > > Use truss: > http://www.freebsd.org/cgi/man.cgi?query=truss > > The truss utility traces the system calls called by the specified > process or program. > -- > staticsafe > O< ascii ribbon campaign - stop html mail - www.asciiribbon.org > Please don't top post - http://goo.gl/YrmAb > Don't CC me! I'm subscribed to whatever list I just posted on. > Unfortunately truss does not show anything more than ktrace. I know what is going out on the internet connection. Its a plain old reverse DNS request. The question is what library module (probably not a system call now that I think about it) is making that request. Interestingly enough, adding the IP address with a dummy name in /etc/hosts causes the reverse request to succeed and there are no time delays. So whatever module it is, is not using bind. Bind doesn't check the hosts files as far as I can tell. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: System Calls that do DNS
On Mon, Jun 03, 2013 at 07:57:07PM -0700, Doug Hardie wrote: > I have an unusual situation. A program is doing a DNS lookup and often the > IP address has no reverse DNS entries. As a result the program hangs for > several timeouts. The call is not being made directly in its code, but is > occurring in a system call. There are no specific calls to DNS, its > something else doing it. I have been trying to track down which system call > is doing it, but without success so far. I have tried syslog calls around > each of the system calls I thought might be the culprit, but my guessing is > not very good. How can I identify the system call that is calling DNS? If I > can find it, I hopefully can find another way to do whatever it does that > does not involve a reverse DNS lookup. > > Use truss: http://www.freebsd.org/cgi/man.cgi?query=truss The truss utility traces the system calls called by the specified process or program. -- staticsafe O< ascii ribbon campaign - stop html mail - www.asciiribbon.org Please don't top post - http://goo.gl/YrmAb Don't CC me! I'm subscribed to whatever list I just posted on. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
System Calls that do DNS
I have an unusual situation. A program is doing a DNS lookup and often the IP address has no reverse DNS entries. As a result the program hangs for several timeouts. The call is not being made directly in its code, but is occurring in a system call. There are no specific calls to DNS, its something else doing it. I have been trying to track down which system call is doing it, but without success so far. I have tried syslog calls around each of the system calls I thought might be the culprit, but my guessing is not very good. How can I identify the system call that is calling DNS? If I can find it, I hopefully can find another way to do whatever it does that does not involve a reverse DNS lookup. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
