7

Intro

In the attempt to debug a networking issue local to our intranet, it became apparent that curl host nslookup and dig behave differently. Where dig and host returns the IP address of the URL in question, curl and nslookup return:

 curl: (6) Could not resolve host: internal.site.company.com

and 

 nslookup: can't resolve 'internal.site.company.com`

Context

While this should not matter, in the essence of giving more context to the problem, this issue is occurring on and behind a docker-machine (tested using a docker-machine on both virtualbox and parallels to be exact). The docker-machine and containers it hosts all have the correct IP address of the desired internal DNS server in their /etc/resolv.conf. The IP address of the desired URL is also reachable from the machines which cannot resolve the name. As touched on above, the address is an internal site and our DNS server is also internal. The site is reachable and resolvable from the computer where docker-machine is installed.

Questions

Which brings me to the questions...

1) Under the hood, what are dig and host doing differently than both cURL and nslookup?

2) What could possibly be preventing a browser or curl from resolving the URL the way both host and dig are successfully resolving the name?

Setup

dig -v: DiG 9.11.1

host -v: host 9.11.1

curl -V: curl 7.49.1

docker version: Version 17.06.0-ce-mac19 (18663) Channel: stable

 Boot2Docker version 17.06.0-ce, build HEAD : 0672754
DanCat
  • 225
  • 1
  • 7

1 Answers1

11

I would expect curl to us the resolver library which will use the name service providers listed in the /etc/nsswitch.conf hosts specification in order. If this does not include DNS, DNS resolution will not occur. nslookup is not documented to use this file, but from your experience it appears it may. Often this data is cached by a name service caching daemon. If the daemon, is failing you may get this kind of issue even if the other configurations are correct.

host and dig are pure DNS lookup programs. They both resolve names only via DNS. They will not resolve names using files or other non-DNS providers. I would expect them to use the information in /etc/resolv.conf directly.

BillThor
  • 27,354
  • 3
  • 35
  • 69