Linux Name Service Resolver

The Linux Name Service Resolver is a fundamental component of the Linux networking stack, responsible for resolving human-readable hostnames into machine-understandable IP addresses, and vice versa. This process is essential for facilitating network communication in a user-friendly manner, allowing users and applications to refer to network resources by names rather than numerical addresses. At the core of the name resolution process in Linux is the `/etc/nsswitch.conf` file, which dictates the order and sources for various name service lookups, including hostnames, passwords, and group information. For hostname resolution, the resolver consults this configuration to determine whether to query local files (such as `/etc/hosts`), DNS servers, or other name services like NIS (Network Information Service).
The actual resolution of domain names to IP addresses is predominantly handled by the GNU C Library (glibc) resolver functions, such as `getaddrinfo()` and `gethostbyname()`. These functions consult the configuration specified in `/etc/nsswitch.conf` and make use of the `/etc/resolv.conf` file to find the IP addresses of DNS servers and other resolver options. In practical terms, the Linux Name Service Resolver is used in almost every network operation that involves domain names. For example, when a user attempts to visit a website, the resolver translates the website's hostname into an IP address that the network stack can use to route the request. Similarly, when sending an email or connecting to a remote server via SSH, the resolver ensures that the domain names used in these operations are translated into the corresponding IP addresses.
For network administrators, understanding and configuring the Linux Name Service Resolver is crucial for maintaining efficient network operations and troubleshooting issues related to name resolution. This involves managing the `/etc/nsswitch.conf` and `/etc/resolv.conf` files, ensuring that the correct resolution order is specified, and that DNS servers are correctly listed and reachable. In summary, the Linux Name Service Resolver is an essential component for network operations in Linux environments, translating between human-readable hostnames and machine-readable IP addresses to facilitate network communication and resource access.

Examine the nsswitch.conf file, which the system uses to convert host names to IP addresses and back. Name service allows a system to convert host names to IP addresses and back. Name service comes into play, for example, when a user types telnet www.acmecorp.com to open a telnet^[1] connection. At this point, the telnet program makes a system call to the resolver library. The resolver library is a package of subroutines, usually implemented as a shared-object library, that convert host names to IP addresses. In our example, the resolver library converts www.acmecorp.com to a numeric IP address.

The nsswitch.conf file is a configuration file on Linux systems that specifies the order in which various name services are used to resolve different types of queries, such as user and group lookups, hostname resolution, and network information services. The name service switch (NSS) functionality is used by various system utilities and libraries to look up information about users, groups, hosts, and other system entities. The nsswitch.conf file defines the order in which these name services are consulted for each type of lookup, allowing administrators to customize the system's behavior to suit their needs. For example, the nsswitch.conf file might specify that user and group lookups should first be attempted using local files (such as /etc/passwd and /etc/group), and then fallback to querying a remote directory service (such as LDAP) if the local files do not contain the requested information.
The nsswitch.conf file is a critical component of the Linux system's name resolution infrastructure, and changes to this file can have significant impacts on the system's behavior. Administrators must exercise caution when making changes to this file and should thoroughly test any modifications before deploying them to production systems.

The nsswitch.conf file tells the resolver library^[2] which of the three possible methods to use to convert host names to IP addresses and back.
Here is a sample file, taken from a Linux machine:

#
# /etc/nsswitch.conf
# An example Name Service Switch config file.  
# This file should be sorted with the most-used  
# services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the  
# search for an entry should stop if the search  
# in the previous entry turned up nothing. Note  
# that if the search failed due to some other reason  
# (like no NIS server responding) then the search 
# continues with the next entry.
#
# Legal entries are:
#
# nisplus or nis+ Use NIS+ (NIS version 3)
# nis or yp Use NIS (NIS version 2), also called 
# YP dns Use DNS (Domain Name Service)
# files Use the local files
# [NOTFOUND=return] Stop searching if not found 
# so far

passwd: files nisplus nis
shadow: files nisplus nis
group: files nisplus nis
hosts: files nisplus nis dns
services: nisplus [NOTFOUND=return] files
networks: nisplus [NOTFOUND=return] files
protocols: nisplus [NOTFOUND=return] files
rpc: nisplus [NOTFOUND=return] files
ethers: nisplus [NOTFOUND=return] files
netmasks: nisplus [NOTFOUND=return] files
bootparams: nisplus [NOTFOUND=return] files
netgroup: nisplus
publickey: nisplus
automount: files nisplus
aliases: files nisplus

We will study this file in more detail later, but for now, focus on the line marked hosts:
hosts: files nisplus nis dns This line tells the resolver library to first look in the /etc/hosts file (files), then try to contact an NIS+ server (nisplus), then an NIS server (nis), and finally to try the Domain Name Service.

The resolver library may do this in one of three ways:

1. Look up the IP address using a local database file (/etc/hosts)
2. Look up the IP address using a local-network Network Information Database (NIS, NIS+) (The Network Information Database is covered in detail in the next course in this series, Linux/UNIX Network Administration II)
3. Look up the IP address using the Domain Name Service

The /usr/bin/getent command will display a list of entries, Get Entries. The entries are resolved by Name Service Switch Libraries, which are configured in the /etc/ nsswitch.conf file. This file has a list of databases and libraries that will be used to access those databases. For example, we could use the getent passwd command to display all users, or getent group to display all groups. We could extend this though to commands such as getent hosts to display host file entries and getent aliases to display user aliases on the system. The nsswitch.conf file will define the libraries used to access the passwd database. On a standard CentOS system, /etc/passwd is often the only local file, but an enterprise system could include Lightweight Directory Access Protocol (LDAP) modules. In the next chapter, we will learn more using directory services. We search the /etc/nsswitch file for the passwd database using grep:

# grep passwd /etc/nsswitch.conf

The getent command is a very useful way to quickly list users or groups on your system, and the output can be filtered or sorted as required with the grep and sort commands. For example, if we want to see all configured groups on our system that start with the letter u and have only one additional character in their names, we can use the following command:

# getent group | grep 'u.:' | sort

Click the Quiz link below to take a short multiple-choice quiz on TCP/IP configuration.
Name Service - Quiz

[1] Telnet: A TCP/IP application that is used for remote terminal access and can be used to administer a UNIX machine.

[2] Resolver library: The TCP/IP protocol library software that formats requests to be sent to the Domain Name Server for hostname to Internet address conversion.