On Wed, 01 Jun 2005 09:33:58 PDT, Jarrod Manzer said:
I had this same problem. I resolved it by logging by IP and then doing reverse DNS lookups with a script and creating symbolic links to those IP based directories. The end result was people who like to use IP or DNS were happy. Gotta make sure your reverse is set up properly though.
But I never did find out why syslog-ng couldn't resolve the same names that the host command on the same box could.
The most common cause for things like this is semi-borked DNS that *appears* to work, but in fact is subtly misconfigured. A few things to check: 1) Take the IP address, and look up the PTR, which should give you a hostname (this is where most 'host' commands stop). Then actually check that hostname in the DNS, and make sure the IP is listed in an A record (some resolvers do this additional sanity checking). 2) You may have a "lame delegation". Look at the SOA and NS entries for your DNS zones, both PTR and A, and double-check that all machines listed in NS are in fact serving up correct data for the zones (a quick double-check is if all the DNS servers show the correct zone serial number in the SOA). It often happens that if there are multiple NS records, a daemon will "lock in" on asking one NS first, and if it returns an authoritative NXDOMAIN because it's a lame delegation, the daemon won't ask other NS. However, when you use the 'host' command, it may check some *other* NS entry first and magically appear to work. 3) Double-check /etc/resolv.conf to make sure it points 'nameserver' entries at DNS servers that pass the sanity checks in (1) and (2)....