[Nagiosplug-devel] RFC: gethostbyname instead of getaddrinfo

Ton Voon ton.voon at opsera.com
Wed Feb 11 00:00:50 CET 2009


On 10 Feb 2009, at 16:57, Holger Weiss wrote:

> You might be right that the difference is somehow related to  
> getaddrinfo
> vs. gethostbyname (dunno), but at least on Linux systems which use the
> getaddrinfo implementation from glibc, getaddrinfo usually queries  
> nscd
> (if it's running) just as gethostbyname does, so it shouldn't really
> make a difference with regard to caching.

Here's some debugging:

On a Debian Etch system. Running tcpdump -p -i eth4 host 192.168.24.2  
and port domain. nscd not running.

/etc/resolv.conf has:

search localdomain
nameserver 192.168.24.2


$ ./check_tcp  -H unknown.opsera.com -p 80
TCP CRITICAL - Invalid hostname, address or socket: unknown.opsera.com

06:02:06.731707 IP 192.168.24.134.4903 > 192.168.24.2.domain:  47794+  
AAAA? unknown.opsera.com. (36)
06:02:06.770626 IP 192.168.24.2.domain > 192.168.24.134.4903:  47794  
NXDomain* 0/1/0 (81)
06:02:06.771237 IP 192.168.24.134.4903 > 192.168.24.2.domain:  9183+  
AAAA? unknown.opsera.com.localdomain. (48)
06:02:06.885944 IP 192.168.24.2.domain > 192.168.24.134.4903:  9183  
NXDomain 0/1/0 (123)
06:02:06.887095 IP 192.168.24.134.4903 > 192.168.24.2.domain:  46148+  
A? unknown.opsera.com. (36)
06:02:06.945637 IP 192.168.24.2.domain > 192.168.24.134.4903:  46148  
NXDomain* 0/1/0 (81)
06:02:06.945884 IP 192.168.24.134.4903 > 192.168.24.2.domain:  20546+  
A? unknown.opsera.com.localdomain. (48)
06:02:06.982439 IP 192.168.24.2.domain > 192.168.24.134.4903:  20546  
NXDomain 0/1/0 (123)

(4 lookups)


$ ./check_tcp  -H unknown.opsera.com. -p 80
TCP CRITICAL - Invalid hostname, address or socket: unknown.opsera.com.

06:03:40.511098 IP 192.168.24.134.4903 > 192.168.24.2.domain:  23215+  
AAAA? unknown.opsera.com. (36)
06:03:40.540078 IP 192.168.24.2.domain > 192.168.24.134.4903:  23215  
NXDomain* 0/1/0 (81)
06:03:40.540623 IP 192.168.24.134.4903 > 192.168.24.2.domain:  31011+  
A? unknown.opsera.com. (36)
06:03:40.642049 IP 192.168.24.2.domain > 192.168.24.134.4903:  31011  
NXDomain* 0/1/0 (81)

(2 lookups - use period to stop domain searching)


./check_tcp  -4 -H unknown.opsera.com. -p 80
TCP CRITICAL - Invalid hostname, address or socket: unknown.opsera.com.

06:19:50.239827 IP 192.168.24.134.4903 > 192.168.24.2.domain:  15398+  
A? unknown.opsera.com. (36)
06:19:50.268181 IP 192.168.24.2.domain > 192.168.24.134.4903:  15398  
NXDomain* 0/1/0 (81)
06:19:50.268571 IP 192.168.24.134.4903 > 192.168.24.2.domain:  58971+  
A? unknown.opsera.com. (36)
06:19:50.322355 IP 192.168.24.2.domain > 192.168.24.134.4903:  58971  
NXDomain* 0/1/0 (81)

(2 lookups - would have expected only 1)


$ ./check_tcp  -H www.opsera.com -p 80
TCP OK - 0.120 second response time on port 80|time=0.119810s;;; 
0.000000;10.000000

06:02:59.952896 IP 192.168.24.134.4903 > 192.168.24.2.domain:  6846+  
AAAA? www.opsera.com. (32)
06:02:59.992078 IP 192.168.24.2.domain > 192.168.24.134.4903:  6846*  
1/1/0 CNAME[|domain]
06:02:59.992695 IP 192.168.24.134.4903 > 192.168.24.2.domain:  2265+  
A? www.opsera.com. (32)
06:03:00.084890 IP 192.168.24.2.domain > 192.168.24.134.4903:  2265*  
2/1/0 CNAME[|domain]
06:03:00.087557 IP 192.168.24.134.4903 > 192.168.24.2.domain:  61796+  
AAAA? www.opsera.com. (32)
06:03:00.135503 IP 192.168.24.2.domain > 192.168.24.134.4903:  61796*  
1/1/0 CNAME[|domain]
06:03:00.135780 IP 192.168.24.134.4903 > 192.168.24.2.domain:  55503+  
A? www.opsera.com. (32)
06:03:00.168262 IP 192.168.24.2.domain > 192.168.24.134.4903:  55503*  
2/1/0 CNAME[|domain]

(4 lookups - should only have 2)


$ ./check_tcp -4 -H www.opsera.com. -p 80
TCP OK - 0.175 second response time on port 80|time=0.175172s;;; 
0.000000;10.000000

06:27:10.974406 IP 192.168.24.134.4903 > 192.168.24.2.domain:  3335+  
A? www.opsera.com. (32)
06:27:11.051922 IP 192.168.24.2.domain > 192.168.24.134.4903:  3335*  
2/1/0 CNAME[|domain]
06:27:11.053219 IP 192.168.24.134.4903 > 192.168.24.2.domain:  6049+  
A? www.opsera.com. (32)
06:27:11.187309 IP 192.168.24.2.domain > 192.168.24.134.4903:  6049*  
2/1/0 CNAME[|domain]

(2 lookups - should only need 1)


$ ./check_icmp -H unknown.opsera.com
check_icmp: Failed to resolve unknown.opsera.com

06:05:44.357165 IP 192.168.24.134.4903 > 192.168.24.2.domain:  51656+  
A? unknown.opsera.com. (36)
06:05:44.520553 IP 192.168.24.2.domain > 192.168.24.134.4903:  51656  
NXDomain* 0/1/0 (81)
06:05:44.521194 IP 192.168.24.134.4903 > 192.168.24.2.domain:  60828+  
A? unknown.opsera.com.localdomain. (48)
06:05:44.560297 IP 192.168.24.2.domain > 192.168.24.134.4903:  60828  
NXDomain 0/1/0 (123)

(2 lookups)


$ ./check_icmp -H unknown.opsera.com.
check_icmp: Failed to resolve unknown.opsera.com.

06:06:07.744863 IP 192.168.24.134.4903 > 192.168.24.2.domain:  52311+  
A? unknown.opsera.com. (36)
06:06:07.788173 IP 192.168.24.2.domain > 192.168.24.134.4903:  52311  
NXDomain* 0/1/0 (81)

(1 lookup - optimal)


$ ./check_icmp -H www.opsera.com
OK - www.opsera.com: rta 48.374ms, lost 0%|rta=48.374ms; 
200.000;500.000;0; pl=0%;40;80;;

06:06:40.584761 IP 192.168.24.134.4903 > 192.168.24.2.domain:  32395+  
A? www.opsera.com. (32)
06:06:40.622979 IP 192.168.24.2.domain > 192.168.24.134.4903:  32395*  
2/1/0 CNAME[|domain]

(1 lookup - optimal)


$ dig +short -t AAAA -6 ipv6.whatismyv6.com
2001:4810::110

06:56:23.653750 IP 192.168.24.134.4911 > 192.168.24.2.domain:  51567+  
AAAA? ipv6.whatismyv6.com. (37)
06:56:23.712492 IP 192.168.24.2.domain > 192.168.24.134.4911:  51567  
1/13/12 AAAA[|domain]

(1 lookup)


With nscd running:

$ ./check_tcp  -H unknown6.opsera.com -p 80
TCP CRITICAL - Invalid hostname, address or socket: unknown6.opsera.com

06:10:20.738078 IP 192.168.24.134.4903 > 192.168.24.2.domain:  41386+  
AAAA? unknown6.opsera.com. (37)
06:10:20.809164 IP 192.168.24.2.domain > 192.168.24.134.4903:  41386  
NXDomain* 0/1/0 (82)
06:10:20.811389 IP 192.168.24.134.4903 > 192.168.24.2.domain:  40461+  
AAAA? unknown6.opsera.com.localdomain. (49)
06:10:20.904468 IP 192.168.24.2.domain > 192.168.24.134.4903:  40461  
NXDomain 0/1/0 (124)
06:10:20.904986 IP 192.168.24.134.4903 > 192.168.24.2.domain:  32605+  
A? unknown6.opsera.com. (37)
06:10:20.941123 IP 192.168.24.2.domain > 192.168.24.134.4903:  32605  
NXDomain* 0/1/0 (82)
06:10:20.941607 IP 192.168.24.134.4903 > 192.168.24.2.domain:  27988+  
A? unknown6.opsera.com.localdomain. (49)
06:10:21.006650 IP 192.168.24.2.domain > 192.168.24.134.4903:  27988  
NXDomain 0/1/0 (124)
06:10:21.009329 IP 192.168.24.134.4903 > 192.168.24.2.domain:  34372+  
AAAA? unknown6.opsera.com. (37)
06:10:21.048122 IP 192.168.24.2.domain > 192.168.24.134.4903:  34372  
NXDomain* 0/1/0 (82)
06:10:21.048527 IP 192.168.24.134.4903 > 192.168.24.2.domain:  48561+  
AAAA? unknown6.opsera.com.localdomain. (49)
06:10:21.149498 IP 192.168.24.2.domain > 192.168.24.134.4903:  48561  
NXDomain 0/1/0 (124)
06:10:21.149745 IP 192.168.24.134.4903 > 192.168.24.2.domain:  28714+  
A? unknown6.opsera.com. (37)
06:10:21.216563 IP 192.168.24.2.domain > 192.168.24.134.4903:  28714  
NXDomain* 0/1/0 (82)
06:10:21.216858 IP 192.168.24.134.4903 > 192.168.24.2.domain:  963+ A?  
unknown6.opsera.com.localdomain. (49)
06:10:21.303793 IP 192.168.24.2.domain > 192.168.24.134.4903:  963  
NXDomain 0/1/0 (124)

(8 lookups. Sometimes 4. Should only have 2)


$ ./check_tcp  -H unknown7.opsera.com. -p 80
TCP CRITICAL - Invalid hostname, address or socket: unknown7.opsera.com.

06:11:38.385293 IP 192.168.24.134.4903 > 192.168.24.2.domain:  20985+  
AAAA? unknown7.opsera.com. (37)
06:11:38.447443 IP 192.168.24.2.domain > 192.168.24.134.4903:  20985  
NXDomain* 0/1/0 (82)
06:11:38.447637 IP 192.168.24.134.4903 > 192.168.24.2.domain:  2305+  
A? unknown7.opsera.com. (37)
06:11:38.517352 IP 192.168.24.2.domain > 192.168.24.134.4903:  2305  
NXDomain* 0/1/0 (82)
06:11:38.522049 IP 192.168.24.134.4903 > 192.168.24.2.domain:  32239+  
AAAA? unknown7.opsera.com. (37)
06:11:38.582623 IP 192.168.24.2.domain > 192.168.24.134.4903:  32239  
NXDomain* 0/1/0 (82)
06:11:38.582904 IP 192.168.24.134.4903 > 192.168.24.2.domain:  45557+  
A? unknown7.opsera.com. (37)
06:11:38.629169 IP 192.168.24.2.domain > 192.168.24.134.4903:  45557  
NXDomain* 0/1/0 (82)

(4 lookups - should only have 2)


$ ./check_tcp  -H www.opsera.com. -p 80
TCP OK - 0.032 second response time on port 80|time=0.032437s;;; 
0.000000;10.000000

06:13:03.543908 IP 192.168.24.134.4903 > 192.168.24.2.domain:  53455+  
AAAA? www.opsera.com. (32)
06:13:03.581654 IP 192.168.24.2.domain > 192.168.24.134.4903:  53455*  
1/1/0 CNAME[|domain]
06:13:03.582241 IP 192.168.24.134.4903 > 192.168.24.2.domain:  19718+  
A? www.opsera.com. (32)
06:13:03.617672 IP 192.168.24.2.domain > 192.168.24.134.4903:  19718*  
2/1/0 CNAME[|domain]

(2 lookups)


$ ./check_tcp  -H www.opsera.com. -p 80
TCP OK - 0.036 second response time on port 80|time=0.036289s;;; 
0.000000;10.000000

No entries - used cache



$ ./check_icmp -H unknown11.opsera.com
check_icmp: Failed to resolve unknown11.opsera.com

06:13:50.621161 IP 192.168.24.134.4903 > 192.168.24.2.domain:  51168+  
A? unknown11.opsera.com. (38)
06:13:50.952406 IP 192.168.24.2.domain > 192.168.24.134.4903:  51168  
NXDomain* 0/1/0 (83)
06:13:50.952942 IP 192.168.24.134.4903 > 192.168.24.2.domain:  63433+  
A? unknown11.opsera.com.localdomain. (50)
06:13:51.025156 IP 192.168.24.2.domain > 192.168.24.134.4903:  63433  
NXDomain 0/1/0 (125)

(2 lookups - optimal)


$ ./check_icmp -H www.opsera.com
OK - www.opsera.com: rta 49.531ms, lost 0%|rta=49.531ms; 
200.000;500.000;0; pl=0%;40;80;;

06:15:25.003246 IP 192.168.24.134.4903 > 192.168.24.2.domain:  30329+  
A? www.opsera.com. (32)
06:15:25.040782 IP 192.168.24.2.domain > 192.168.24.134.4903:  30329*  
2/1/0 CNAME[|domain]

(1 lookup - optimal. I guess it didn't use the earlier www.opsera.com  
lookup because this is using gethostbyname() and thus different  
parameters)



$ ./check_icmp -H www.opsera.com
OK - www.opsera.com: rta 39.112ms, lost 0%|rta=39.112ms; 
200.000;500.000;0; pl=0%;40;80;;

No entries - used cache.


Conclusions:
   - nscd caches both gethostbyname() and getaddinfo()
   - use -4 if you want to avoid AAAA lookups (or compile without ipv6  
support)
   - reduce the number of lookups by using fully qualified domain  
names with a period at the end
   - use dig +short -t AAAA ipv6.whatismyv6.com to check IPv6 lookups  
against a nameserver
   - check_tcp does an additional lookup above check_icmp. I think  
this is part of the is_host function

Given that IPv6 support is desireable, you've convinced me that  
getaddrinfo() is the right call to use (NRPE and check_icmp do not  
support IPv6).

So I think the only thing that needs to be done in the plugins code is  
to reduce the use of is_host.

Ton





More information about the Devel mailing list