Weird problem. We have a collection of servers running CentOS 5 on EC2. The setup includes two DNS servers and two LDAP servers. DNS has a CNAME pointing at the primary LDAP server.

One machine (and only one machine) is giving me problems. I can ssh into the server using LDAP authentication. But once I'm on the machine, ping won't resolve the LDAP host even though DNS seems to work fine.

Here's ping:

$ ping ldap.mycompany.ec2
ping: unknown host ldap.mycompany.ec2

Here's the output of dig:

$ dig ldap.mycompany.ec2
; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_5.3 <<>> ldap.studyblue.ec2
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2893
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;ldap.mycompany.ec2.            IN      A

;; ANSWER SECTION:
ldap.mycompany.ec2.     3600    IN      CNAME   ec2-hostname.compute-1.amazonaws.com.
ec2-hostname.compute-1.amazonaws.com. 55 IN A aaa.bbb.ccc.ddd

;; Query time: 12 msec
;; SERVER: 10.32.159.xxx#53(10.32.159.xxx)
;; WHEN: Tue May 31 11:16:30 2011
;; MSG SIZE  rcvd: 107

And here is resolv.conf:

$ cat /etc/resolv.conf
search mycompany.ec2
nameserver 10.32.159.xxx
nameserver 10.244.19.yyy

And here is my hosts file:

$ cat /etc/hosts
10.122.15.zzz bamboo4 bamboo4.mycompany.ec2
127.0.0.1 localhost localhost.localdomain

And here's nsswitch.conf

$ cat /etc/nsswitch.conf
passwd:     files ldap
shadow:     files ldap
group:      files ldap

sudoers:    ldap files

hosts:      files dns

bootparams: nisplus [NOTFOUND=return] files

ethers:     files
netmasks:   files
networks:   files
protocols:  files
rpc:        files
services:   files

netgroup:   files ldap

publickey:  nisplus

automount:  files ldap
aliases:    files nisplus

So DNS works the way I would expect. And I can ping the ldap server by ip address. And I can even access the box with SSH using LDAP authentication.

Any suggestions?