16

How to know the IP address of some host somename I can ssh to? If I do nslookup on this host it says "no answer". How can ssh resolve it's name then?

Neither /etc/hosts nor .ssh/config explanation worked.

EDIT

Sorry somename is fully qualified.

ssh somename.somedomain

works, while

ping somename.somedomain

and 

nslookup somename.somedomain

don't

Philip Couling
  • 17,591
  • 5
  • 42
  • 82
Dims
  • 3,181
  • 9
  • 49
  • 107
  • 12
    Is it listed in `/etc/hosts` or `~/.ssh/config`? – Stephen Kitt May 07 '19 at 10:14
  • 1
    The name could also be resolved using mDNS (Multicast DNS) or LLMNR (Link-Local Multicast Name Resolution). – Johan Myréen May 07 '19 at 10:26
  • It may have an entry in your .ssh/config file – Tagwint May 07 '19 at 10:31
  • @StephenKitt neither – Dims May 07 '19 at 15:07
  • @JohanMyréen how to check? – Dims May 07 '19 at 15:07
  • Try the command `host somename`. – JoshMc May 07 '19 at 15:37
  • @JoshMc The `host` command uses DNS so it is equivalent to `nslookup` in this regard. – Johan Myréen May 07 '19 at 15:49
  • 1
    @Dims You could try pinging `somename.local`. `.local` is a special domain reserved for mDNS. For LLMNR you could use [this](https://nmap.org/nsedoc/scripts/llmnr-resolve.html) NMAP script. – Johan Myréen May 07 '19 at 15:55
  • Neardupe https://unix.stackexchange.com/questions/212897/nslookup-dig-firefox-ignoring-etc-hosts- and cross https://serverfault.com/questions/303716/linux-command-line-utility-to-resolve-host-names- – dave_thompson_085 May 08 '19 at 00:31
  • @Stephen Kitt nslookup will find it in hosts. – mckenzm May 08 '19 at 00:32
  • 2
    @mckenzm no, it won’t. – Stephen Kitt May 08 '19 at 08:05
  • @Dims adding successive "didn't work..." statements to the question is unlikely to yield further answers at this stage. If `getent hosts somename.somedomain` does not resolve the hostname then this is almost certainly something specific to SSH and based on your configuration. You might have missed Jules's suggestion to test with `ssh somename -v`. Analysing the output from this is the next step. With so little information on your question we won't be able to guess. – Philip Couling May 08 '19 at 14:08
  • @Dims Of course the one file which hasn't been mentioned in all of this is `/etc/ssh/ssh_config`. This can provide similar options to `~/.ssh.config`. But if this is the case the output of `ssh -v somename` would make this clearer. – Philip Couling May 08 '19 at 14:17

3 Answers3

32

Nslookup is a program to query Internet domain name servers. Nslookup is very good for querying DNS servers but it does not give you the whole picture when it comes to name resolution.

On Linux name resolution is most commonly controlled by NSS which is configured by /etc/nsswitch.conf. Specifically, this configuration contains a hosts entry. For example:

hosts:          files dns

In the above entry you can see that the first thing to be queried is files followed by dns, meaning that /etc/hosts will be queried before DNS. Other options exist including LDAP, Multicast DNS and WINS.

Answering your question directly, SSH resolves the hostname to an IP address using NSS (pulling results from multiple sources) where nslookup only queries the DNS.

You can check to see which IP NSS resolves a hostname to using getent. For example to resolve somename:

getent hosts somename

Also In the case of SSH you can configure host specific information in /etc/ssh/ssh_config and ~/.ssh/config. This will even let you specify an IP address for a hostname, entirely skipping name resolution.:

The following tells SSH to use 192.168.1.25 for both dev and dev.example.com. SSH will use this address whether or not these names exist as DNS names for a different IP:

# contents of $HOME/.ssh/config
Host dev dev.example.com
    HostName 192.168.1.25
Philip Couling
  • 17,591
  • 5
  • 42
  • 82
10

How to know the IP address of some host somename I can ssh to?

Use the verbose flag (-v) of the ssh command:

ssh somename -v

The output should contain, among other things, a line that shows the resolved IP of the server you are connecting to:

debug1: Connecting to aur.archlinux.org [5.9.250.164] port 22.

If I do nslookup on this host it says "no answer". How can ssh resolve it's name then?

The most probable cause of ssh being able to resolve a hostname that nslookup cannot is that it is configured at the ssh level.

Per the ssh_config(5) manual page, there are three places where ssh looks at for config files:

  1. command-line options
  2. user's configuration file (~/.ssh/config)
  3. system-wide configuration file (/etc/ssh/ssh_config)

One of these files may contain your hostname somename (or a pattern that matches it) as an alias of another hostname or IP. For example:

# explicit alias of somename to 8.8.8.8 IP
Host somename
    HostName 8.8.8.8

# pattern alias (that obviously matches somename) to another hostname
# that is itself resolved via DNS (and that can be nslookup-ed).
Host *
    HostName anotherhostname

Please refer to the ssh_config(5) manual page explanations of Host and HostName directives and to the PATTERNS section for more information.

Jules Lamur
  • 205
  • 1
  • 6
  • This answer does not answer the question, which was how a host name is recognized, even if it is not server by a DNS server. – Johan Myréen May 07 '19 at 15:54
  • 1
    The answer correctly mentions very probable scenario where `ssh user@someserver` seems to "resolve" the `someserver` DNS name (even if this does not actually happen). If the `Host someserver` is configured in `.ssh/config` file, it is then possible to use the ssh command exactly as OP states even if the `someserver` is not in the DNS at all. – Fiisch May 07 '19 at 18:32
  • 2
    @JohanMyréen The output from `ssh -v somename` includes the IP address (regardless of any `ssh_config` entries). So it directly answers the question "How to know the IP address of some host somename I can ssh to?", as well as being a good first step towards answering "How can it be that ssh somename works...?". – JigglyNaga May 08 '19 at 11:20
4

Philip is almost there, but heads off down the .ssh/config rathole which it's unlikely you configured.

The commands...

getent hosts somename

...queries NSS using the hosts: lookup line in /etc/nsswitch.conf, rather than just DNS as nslookup does. It's likely your Unix environment is using more than one naming service; possibly some type of AD integration.

Rich
  • 783
  • 4
  • 22
  • 3
    I wouldn't say I headed off down that route. I added an "also" for completeness. – Philip Couling May 07 '19 at 19:42
  • @PhilipCouling Sure, but your "pre-also" is incomplete - you're not showing how to arbitrarily resolve a name when the question is about "$thing versus nsloookup". – Rich May 07 '19 at 20:22
  • 3
    As already commented on the Q, `host` is normally part of bind-utils (or equivalent) and like both `nslookup` and `dig` uses only DNS. OTOH `getent hosts` (or possibly `ahosts`) does what you describe. – dave_thompson_085 May 08 '19 at 00:24
  • @dave_thompson_085 Incorrect. `host` queries other name services. Agreed that `getent hosts` is the best unambiguous method to query "any configured name services". – Rich May 08 '19 at 16:07
  • 1
    `host` is DNS-only per the man pages and confirmed by testing on the systems I use (CentOS, Ubuntu, FreeBSD, Solaris) as well as [upstream](https://ftp.isc.org/isc/bind9/cur/9.13/doc/arm/man.host.html). Also see the (near)dupes I commented on the Q which also say this. – dave_thompson_085 May 10 '19 at 04:49
  • @dave_thompson Just my experience, Dave. – Rich May 10 '19 at 23:38
  • @Rich You must have a different `host` program, not the one that is included in "Bind Tools". `man host` says "NAME host - DNS lookup utility". – Johan Myréen May 11 '19 at 13:27
  • Well, whaddya know. My apologies. I'm getting this mixed up between the behavior of `host $X` and `ypmatch $X hosts`. If `$X` is in DNS but absent from NIS `hosts`, then `ypmatch` will go fetch a result from DNS. – Rich May 15 '19 at 00:49