How hostname to IP address Conversion or Name Resolution works in Linux ?
One of my favorite Linux Interview questions is about how to convert hostname to IP address in Linux? This questions not just test candidate's basic Linux command skills but also shows his understanding of how name resolution works in UNIX or Linux? Many developers, software engineers, and support professional don't really know how Linux converts an hostname into IP address or what happens when they type http://www.tesla-institute.com in their browser in UNIX? They are not really familiar with how the name tesla-institute.com is resolved to an IP address. Since network application only works with IP address and names are for us humans, who find it easier to remember a name than IP address, it makes sense to understand how this name resolution happens. Sometimes, this question also asks as for how nslookup or host command works, which are two of the popular command to convert hostname to IP address.
There are several key files which play role in name resolution but the journey starts from the file /etc/nsswitch.conf file or the /etc/host.conf in pre-glibc2 systems. When a user types http://www.tesla-institute.com in the address bar of the browser and presses the enter button, the system needs to resolve this hostname to an IP address to make the connection.
It first consults the /etc/nsswitch.conf file to determine which subsystems to ask and in what order to resolve this hostname. The file contains lookup order for many network related setup e.g. password, shadow passwords, groups, hosts, aliases etc.
The default entry for hosts in this file look like this:
hosts: files dns nis
Which means first use the local files e.g. /etc/hosts for name resolution and if not found use DNS (domain name resolution) and if not able to resolve there then finally use Network information server (NIS) in the same order. For small private network just file lookup is enough but for most of the medium to large networks, DNS and NIS is used to resolve the hostname to IP address.
Now, Linux will search for the hostname in /etc/hosts file and if found there it will return the IP address to make the connection. The /etc/hosts usually contain a couple of entries as shown below:
$ cat /etc/hosts
::1 localhost ip6-localhost ip6-loopback
If the hostname is not found in this file then Linux consults to DNS for name resolution.
In order to connect to DNS, it needs something called nameservers and for that it lookup on the /etc/resolve.conf file. This file contains a couple of nameservers for consultation e.g.
$ cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
A utility like nslookup will first consult to the primary DNS server, the first server in the /etc/resolv.conf file. A DNS request is made to the primary DNS server. If a response is received i.e. the IP address of hostname is received then the same address is used to make the HTTP request.
If no response is received, either because the DNS server did not have a mapping for the hostname or the DNS server is down or did not respond to the request, then the next nameserver listed in the /etc/resolv.conf is consulted. This process repeats until all name servers have been consulted.
How name resolution works in Linux
On a side note, the order is very important in /etc/resolv.conf. I remember one instance when we had the wrong hostname to IP address mapping in one name server but correct in other but because the faulty name server was the first listed in /etc/resolv.conf, it is the one which is consulted first, resulting in incorrect IP address resolution. The issue was solved tactically by just changing the order of server until mapping in faulty name server is corrected.
If name resolution failed at name servers then finally NIS is consulted and if there also Linux not able to find a corresponding IP address for a given hostname then the web browser will return an error. The same mechanism is used with any name resolution utility e.g. nslookup.
As a Programmer, Developer or Support professional, it's important to be familiar with fundamentals like this because they help a lot while troubleshooting. The importance of /etc/hosts cannot be ignored because usually it is the first file which is consulted and that's why you always found the localhost to IP address 127.0.0.1 mapping here. Never delete this file as many programs including Java ones check this file for localhost name resolution. Some systems e.g. pre-glibc2 the /etc/host.conf is consulted in place of /etc/nsswitch.conf file.