Could not resolve host 'hostname.domain.local'

pornin / TestSSLServer

MIT License

140 stars 50 forks source link

Could not resolve host 'hostname.domain.local' #5

Open rmavery opened 6 years ago

rmavery commented 6 years ago

Installed on Ubuntu 16.04 LTS. Just trying to run check against an internal web server.
Compiled without errors.
When I run the command ...

./TestSSLServer.exe hostname.domain.local 443, I get a lengthy error message that basically boils down to.. "Could not resolve host..."

I verified my DNS settings.
I can ping the host from the shell, so I'm not sure what else I need to do to help it resolve.

I replaced my actual server name below with 'hostname' and the domain name with 'domain' The rest is exactly as it returned.


System.Net.Sockets.SocketException: Could not resolve host 'hostname.domain.local'
  at System.Net.Dns.Error_11001 (System.String hostName) <0x4150c690 + 0x0006f> in <filename unknown>:0
  at System.Net.Dns.GetHostByName (System.String hostName) <0x414e3500 + 0x0005f> in <filename unknown>:0
  at System.Net.Dns.GetHostEntry (System.String hostNameOrAddress) <0x414e33e0 + 0x00093> in <filename unknown>:0
  at System.Net.Dns.GetHostAddresses (System.String hostNameOrAddress) <0x414e1a60 + 0x000c7> in <filename unknown>:0
  at System.Net.Sockets.TcpClient.Connect (System.String hostname, Int32 port) <0x414e1a10 + 0x0001b> in <filename unknown>:0
  at System.Net.Sockets.TcpClient..ctor (System.String hostname, Int32 port) <0x414e19e0 + 0x00017> in <filename unknown>:0
  at FullTest.OpenConnection () <0x414e1730 + 0x0007b> in <filename unknown>:0
  at FullTest.DoConnectV2 () <0x414e1510 + 0x0002f> in <filename unknown>:0
  at FullTest.Run () <0x414df4e0 + 0x0030f> in <filename unknown>:0
  at TestSSLServer.Process (System.String[] args) <0x414dbf00 + 0x0132f> in <filename unknown>:0
  at TestSSLServer.Main (System.String[] args) <0x414dbd50 + 0x0001f> in <filename unknown>:0

pornin commented 6 years ago

Apparently, Mono includes its own DNS resolver, and does funky things about it to speed up some cases of parallel name resolutions. A downside is that, in some cases, it will ignore some configuration files such as /etc/nsswitch.conf and thus diverge from what you get with C-based tools (such as ping). I also find some reports that it historically had some problems with nominally valid responses from the DNS.

You might want to try setting, or, conversely, unsetting the MONO_DNS environment variable:

MONO_DNS=1
export MONO_DNS

or:

unset MONO_DNS

to see if it changes something.

Another workaround is to invoke TestSSLServer with the target IP address instead of name, and adding the intended server name with the -sni option:

./TestSSLServer.exe 1.2.3.4 -sni theservername.domainname.tld

(assuming that the target server IP address is 1.2.3.4). This should result in exactly the same bytes sent to the target server, thus obtaining the same information.