Solved: Root can't ping targets in /etc/hosts

rbh · 2020-04-08 16:33:22

Hi!

I disovered recently that on one client, root can not ping local and remote hosts listed in /etc/hosts.
Regular user can ping!

Root gets the not so helpfull answer: "Name or service not known". But command "arp -a", list lan hosts name, ip and mac-adress...

I tested create a chroot environment with grml-debotstrap, and ping from there: same result there.
Booted a working BL from external hd, copied that roots $HOME. Roo is still unable to ping.

The problem lays in systemconfig. I can not figure out where. Have done som netserch, did not find my problem.

Anyone know how to aproach the problem?

Edit:
The solution was to edit the 650k long /etc/hosts. Somewhowe it had been malformed.
Why regular user could ping but not root, still seems mysteríos

Last edited by rbh (2020-04-09 09:18:34)

brontosaurusrex · 2020-04-08 16:51:25

Not being helpful, but testing

# test
127.0.0.1 sup

and user and root can ping 'sup'. p.s. I'd recheck the validity of hosts file, especially the ip first, name 2nd rule.

Last edited by brontosaurusrex (2020-04-08 17:41:22)

rbh · 2020-04-08 18:24:19

I have the same file on all hosts.

The first two entryn ar:

127.0.0.1	localhost
127.0.1.1	host1.vision-bbs.local	host1

# The following lines are desirable for IPv6 capable hosts
::1     localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

Then cames entryn for modem (another lan), router, server, printer, Dlink1/2 (usb wifi dongles), and some hosts.
[...]
8.8.8.8 dns # external dns

# Picked up from MX Linux 150'000 lines
# [General]
0.0.0.0 lb.usemaxserver.de
0.0.0.0 tracking.klickthru.com
[...]

The file should be valid, have used it 1-2 years.
This host (WT43) who is in focus, worked flawless a month ago.
And regular user could ping and get answer.

I copied the hostfiles, emptied original and pasted in down to the lines from MX Linux.

Now root can ping.

I forgot to look at last change date. I have not changed it...

I set it to solved, even if I am curious why regular user could get ping answer...

Thanks @brontosaurusrex for remindig me to check the hosts file. Never take anything for granted...

Last edited by rbh (2020-04-08 18:26:53)

rbh · 2020-04-08 22:02:13

Found a better source for malware adresses to /etc/hosts: https://github.com/mitchellkrogza/Ultim … .Blacklist

Sun For Miles · 2020-04-09 08:26:26

If you encounter performance issues with 650k lines in hosts file, here is the collection of hostname lists for various purposes that you can compile to your liking https://firebog.net/

I use these on my pi-hole server:

# cat /etc/pihole/adlists.list

https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
https://mirror1.malwaredomains.com/files/justdomains
http://sysctl.org/cameleon/hosts
https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt
https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt
https://hosts-file.net/ad_servers.txt
https://v.firebog.net/hosts/Easylist.txt
https://v.firebog.net/hosts/AdguardDNS.txt
https://raw.githubusercontent.com/anudeepND/blacklist/master/adservers.txt
https://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&showintro=0&mimetype=plaintext
https://www.github.developerdan.com/hosts/lists/ads-and-tracking-extended.txt
https://hostfiles.frogeye.fr/firstparty-trackers-hosts.txt
https://hostfiles.frogeye.fr/multiparty-trackers-hosts.txt
https://raw.githubusercontent.com/Perflyst/PiHoleBlocklist/master/android-tracking.txt
https://raw.githubusercontent.com/Perflyst/PiHoleBlocklist/master/SmartTV.txt
https://raw.githubusercontent.com/Perflyst/PiHoleBlocklist/master/AmazonFireTV.txt
https://v.firebog.net/hosts/Airelle-trc.txt

rbh · 2020-04-09 09:08:24

Sun For Miles wrote:

If you encounter performance issues with 650k lines in hosts file, here is the collection of hostname lists for various purposes that you can compile to your liking https://firebog.net/
I use these on my pi-hole server:

Good tip. But, I prefer to let the hardware-router handle dhcp/dns, so I can schedule nightly shutdown of the server, to prolong disklife. So, pi-hole server, is not for me at the moment.
I did not encounter performance issues, it was total failure for root user...

The last entry in long 650k line hosts file is zzzzzz.com.
Response time when i ping:

icmp_seq=1 ttl=64 time=0.078 ms
icmp_seq=2 ttl=64 time=0.084 ms
icmp_seq=3 ttl=64 time=0.086 ms

And if i use the short hostsfile with only 30 lines and add zzzzzz.com last:

icmp_seq=1 ttl=64 time=0.116 ms
icmp_seq=2 ttl=64 time=0.095 ms
icmp_seq=3 ttl=64 time=0.074 ms

Last edited by rbh (2020-04-09 09:32:05)

Sun For Miles · 2020-04-09 10:46:06

I understand. However, ping might not be a suitable test for DNS responsivity. I would suggest looking into dig, for example:

[root@argus]# dig bunsenlabs.org | grep 'Query time'
;; Query time: 37 msec
[root@argus]# dig fw.local | grep 'Query time'
;; Query time: 0 msec
[root@argus]# dig bunsenlabs.org | grep 'Query time'
;; Query time: 0 msec

You can clearly see the difference in the reponse times, queries are in this order:
- non-cached request
- hosts file entry
- cached request

Expected time for a reply from cached/local (hosts) file is 0ms (usually between 0.1 and 1ms, but rounding it up to 0).

Last edited by Sun For Miles (2020-04-09 10:57:56)

#1 2020-04-08 16:33:22

Solved: Root can't ping targets in /etc/hosts

#2 2020-04-08 16:51:25

Re: Solved: Root can't ping targets in /etc/hosts

#3 2020-04-08 18:24:19

Re: Solved: Root can't ping targets in /etc/hosts

#4 2020-04-08 22:02:13

Re: Solved: Root can't ping targets in /etc/hosts

#5 2020-04-09 08:26:26

Re: Solved: Root can't ping targets in /etc/hosts

#6 2020-04-09 09:08:24

Re: Solved: Root can't ping targets in /etc/hosts

#7 2020-04-09 10:46:06

Re: Solved: Root can't ping targets in /etc/hosts

Board footer