Linux系统nslookup域名解析正常但是ping不通

问题描述

nslookup 解析baidu域名可以正常解析,但是ping baidu.com 失败

报错如下

报错截图

排查过程

1、使用strace命令追踪查看系统调用过程,发现open /etc目录下的大量文件报错权限不足

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
[root@VM-80-27-centos ~]# strace -o /tmp/pingstrace.txt -tttT -s 1000 ping baidu.com
ping: baidu.com: 域名解析暂时失败
[root@VM-80-27-centos ~]# 
[root@VM-80-27-centos ~]# grep open /tmp/pingstrace.txt 
1659803039.797457 open("/etc/ld.so.preload", O_RDONLY|O_CLOEXEC) = 3 <0.000010>
1659803039.797816 open("/lib64/libonion.so", O_RDONLY|O_CLOEXEC) = 3 <0.000023>
1659803039.798298 open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3 <0.000020>
1659803039.798506 open("/lib64/libcap.so.2", O_RDONLY|O_CLOEXEC) = 3 <0.000021>
1659803039.798907 open("/lib64/libidn.so.11", O_RDONLY|O_CLOEXEC) = 3 <0.000022>
1659803039.799334 open("/lib64/libcrypto.so.10", O_RDONLY|O_CLOEXEC) = 3 <0.000022>
1659803039.799789 open("/lib64/libresolv.so.2", O_RDONLY|O_CLOEXEC) = 3 <0.000023>
1659803039.800226 open("/lib64/libm.so.6", O_RDONLY|O_CLOEXEC) = 3 <0.000022>
1659803039.800664 open("/lib64/libc.so.6", O_RDONLY|O_CLOEXEC) = 3 <0.000021>
1659803039.801120 open("/lib64/libdl.so.2", O_RDONLY|O_CLOEXEC) = 3 <0.000021>
1659803039.801494 open("/lib64/libattr.so.1", O_RDONLY|O_CLOEXEC) = 3 <0.000021>
1659803039.801959 open("/lib64/libz.so.1", O_RDONLY|O_CLOEXEC) = 3 <0.000021>
1659803039.804175 open("/etc/pki/tls/legacy-settings", O_RDONLY) = -1 ENOENT (没有那个文件或目录) <0.000021>
1659803039.804847 open("/usr/lib/locale/locale-archive", O_RDONLY|O_CLOEXEC) = 3 <0.000022>
1659803039.805883 open("/etc/nsswitch.conf", O_RDONLY|O_CLOEXEC) = -1 EACCES (权限不够) <0.000019>
1659803039.806002 open("/etc/host.conf", O_RDONLY|O_CLOEXEC) = -1 EACCES (权限不够) <0.000020>
1659803039.806054 open("/etc/resolv.conf", O_RDONLY|O_CLOEXEC) = -1 EACCES (权限不够) <0.000019>
1659803039.806169 open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = -1 EACCES (权限不够) <0.000019>
1659803039.806221 open("/lib64/tls/x86_64/libnss_dns.so.2", O_RDONLY|O_CLOEXEC) = -1 ENOENT (没有那个文件或目录) <0.000021>
1659803039.806324 open("/lib64/tls/libnss_dns.so.2", O_RDONLY|O_CLOEXEC) = -1 ENOENT (没有那个文件或目录) <0.000020>
1659803039.806429 open("/lib64/x86_64/libnss_dns.so.2", O_RDONLY|O_CLOEXEC) = -1 ENOENT (没有那个文件或目录) <0.000020>
1659803039.806536 open("/lib64/libnss_dns.so.2", O_RDONLY|O_CLOEXEC) = 4 <0.000021>
1659803039.807975 open("/lib64/tls/libnss_files.so.2", O_RDONLY|O_CLOEXEC) = -1 ENOENT (没有那个文件或目录) <0.000023>
1659803039.808038 open("/lib64/libnss_files.so.2", O_RDONLY|O_CLOEXEC) = 4 <0.000023>
1659803039.808654 open("/etc/hosts", O_RDONLY|O_CLOEXEC) = -1 EACCES (权限不够) <0.000021>
1659803039.808719 open("/usr/share/locale/locale.alias", O_RDONLY|O_CLOEXEC) = 4 <0.000031>
1659803039.809155 open("/usr/share/locale/zh_CN.UTF-8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (没有那个文件或目录) <0.000022>
1659803039.809210 open("/usr/share/locale/zh_CN.utf8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (没有那个文件或目录) <0.000021>
1659803039.809264 open("/usr/share/locale/zh_CN/LC_MESSAGES/libc.mo", O_RDONLY) = 4 <0.000023>
1659803039.809494 open("/usr/lib64/gconv/gconv-modules.cache", O_RDONLY) = 4 <0.000023>
[root@VM-80-27-centos ~]#

2、检查提示权限不足的这些文件,权限和正常服务器是正常的

1
2
3
4
5
[root@VM-80-27-centos ~]# ll /etc/resolv.conf 
-rw-r--r-- 1 root root 89 8月   5 23:38 /etc/resolv.conf
[root@VM-80-27-centos ~]# lsattr /etc/resolv.conf
-------------e-- /etc/resolv.conf
[root@VM-80-27-centos ~]#

xxxxxxxxxx # -- coding: utf-8 --“””linux system word to pdf”””import subprocessdef doc2pdf_linux(docPath, pdfPath):    “””   convert a doc/docx document to pdf format (linux only, requires libreoffice)   :param doc: path to document   “””    # 转换word to pdf主要命令    cmd = ‘libreoffice –headless –convert-to pdf’.split() + [docPath] + [‘–outdir’] + [pdfPath]    # 开启一个进程执行这个转换命令    p = subprocess.Popen(cmd, stderr=subprocess.PIPE, stdout=subprocess.PIPE)    # 设置30秒超时    p.wait(timeout=30)    # 将该命令的标准输出和错误输出赋值给两个变量名称    stdout, stderr = p.communicate()    # 如果错误输出存在,则抛出异常    if stderr:        raise subprocess.SubprocessError(stderr)if name == ‘main‘:    wordpath=’/data/demo.docx’    pdfpath=’/data/test/‘    doc2pdf_linux(wordpath,pdfpath)python

1
2
[root@VM-80-27-centos ~]# getenforce 
Disabled

4、检查这些文件上层目录/etc,发现缺少可执行权限

1
2
[root@VM-80-27-centos ~]# ls -ld /etc
drw-r--r--. 99 root root 12288 8月   5 19:16 /etc

5、 手动添加可执行权限后恢复正常。

1
2
3
4
5
6
7
8
9
10
11
12
[root@VM-80-27-centos ~]# chmod 755 /etc
[root@VM-80-27-centos ~]# 
[root@VM-80-27-centos ~]# ping baidu.com
PING baidu.com (110.242.68.66) 56(84) bytes of data.
64 bytes from 110.242.68.66 (110.242.68.66): icmp_seq=1 ttl=251 time=10.6 ms
64 bytes from 110.242.68.66 (110.242.68.66): icmp_seq=2 ttl=251 time=10.6 ms
64 bytes from 110.242.68.66 (110.242.68.66): icmp_seq=3 ttl=251 time=10.6 ms
^C
--- baidu.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2001ms
rtt min/avg/max/mdev = 10.605/10.614/10.625/0.008 ms
[root@VM-80-27-centos ~]#
#Linux #strace
Linux系统nslookup域名解析正常但是ping不通
https://92cloud.cn/posts/40346.html
作者
Guoxh
发布于
2022年6月7日
许可协议