03-29-2017 09:14 PM - edited 03-12-2019 06:20 AM
Dear All,
I have perform Schedule Rule Updates in FMC but I can't update now. I found I can't ping or traceroute the hostname. I can nslookup the domain but can't ping. Is there any setting missing now ? Thanks All.
System Support> ping www.yahoo.com
ping: unknown host www.yahoo.com
System Support> nslookup www.yahoo.com
Server: 10.0.232.20
Address: 10.0.232.20#53
Non-authoritative answer:
www.yahoo.com canonical name = fd-fp3.wg1.b.yahoo.com.
Name: fd-fp3.wg1.b.yahoo.com
Address: 116.214.12.74
Kurt
Solved! Go to Solution.
04-01-2017 11:08 AM
On the FMC console, see whether you have the correct nameservers. For this, run:
cat /etc/resolv.conf
You should have an least one entry, like:
nameserver your_dns_server_ip
03-30-2017 12:37 AM
That prompt looks like if might be from an FTD sensor's clish interface.
The FMC command line should look more a straight Linux bash shell.
03-30-2017 10:13 PM
Sorry Marvin. I mixed up FMC and firepower module. My problem is FirePower Module.
Actually, I can't in Linux mode and system support mode. I confirmed I have configured correct DNS and nslookup works fine. Really can't figure out what's the actual problem.
admin@firepower:~$ ping www.yahoo.com
ping: unknown host www.yahoo.com
System Support> ping www.yahoo.com
ping: unknown host www.yahoo.com
System Support>
03-31-2017 01:35 AM
Are you running an FTD image? If so, try using "ping system <hostname>".
04-01-2017 11:08 AM
On the FMC console, see whether you have the correct nameservers. For this, run:
cat /etc/resolv.conf
You should have an least one entry, like:
nameserver your_dns_server_ip
04-04-2017 08:36 PM
Finally, the problem solved by "Waiting". It is strange that the ping works after days.
I thought I got sthg wrong but I try in another Firepower module is the same symptom. I configured same DNS server but didn't work at that moment. However, it works suddenly on the next day.
04-05-2017 12:04 AM
Kurt,
I asked about the correct nameserver as there's a Linux behavior that you encountered.
First you started with no nameservers or nameservers that didn't answer for your requests.
Then, you added the correct nameservers. However, there's a Linux process which helps glibc and caches the requests. This process is nscd (name service caching daemon).
Even if you add the correct nameservers, negative caches are still in memory and they are returned to the glibc uses those values.
The best thing to do, when you change the nameservers is to, in case of the Firepower gear and the issue occurs, restart the nscd daemon with:
/etc/rc.d/init.d/nscd restart
08-21-2018 06:11 AM
05-24-2019 11:23 AM
Thanks Kurt
I added the nameservers in FMC but I still couldnt ping the hostname. After I followed your advice and restarted the DNS services it worked for me like magic
/etc/rc.d/init.d/nscd restart
Thanks Again
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide