Re: Could not reverse map

From: Bill Moseley (moseley_at_hank.org)
Date: 05/14/03

  • Next message: Bill Campbell: "Re: sftp on OS390 mainframe" 
    Date: Wed, 14 May 2003 12:09:46 -0700
To: Ramin Dousti <ramin@cannon.eng.us.uu.net>

    On Wed, May 14, 2003 at 01:35:52PM -0400, Ramin Dousti wrote:
    > On Wed, May 14, 2003 at 09:40:34AM -0700, moseley@hank.org wrote:
    >
    > > SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1
    > >
    > > I'm seeing this error:
    > >
    > > moseley@mardy:~$ fgrep 'reverse' /var/log/auth.log | head -1
    > > May 11 16:53:42 mardy sshd[4870]: Could not reverse map address 192.168.1.2.
    > >
    > > I'm using "views" in Bind9 so that my internal (NAT'ed) LAN can lookup
    > > internal machines:
    > >
    > > moseley@mardy:~$ dig -x 192.168.1.2 @localhost | grep bumby
    >
    > You're explicitely asking dig to ask 127.0.0.1 to resolve.
    > sshd uses resolve.conf. What are the entries there?

    Sorry for leaving that out:

    moseley@mardy:~$ cat /etc/resolv.conf
    search hank.org
    nameserver 192.168.1.1

    192.168.1.1 is host "mardy".

    moseley@mardy:~$ dig -x 192.168.1.2 @192.168.1.1 | grep bumby
    2.1.168.192.in-addr.arpa. 604800 IN PTR bumby.

    "mardy" has two interfaces. So try setting the source address with -b:

    moseley@mardy:~$ dig -b 192.168.1.1 -x 192.168.1.2 @192.168.1.1 | grep bumby
    2.1.168.192.in-addr.arpa. 604800 IN PTR bumby.

    moseley@mardy:~$ dig -b 63.205.225.170 -x 192.168.1.2 @192.168.1.1 | grep bumby
    2.1.168.192.in-addr.arpa. 604800 IN PTR bumby.

    Here's my named setup:

      acl mylan { 127.0.0.0/8; 192.168.0.0/24; 192.168.1.0/24; 63.205.225.170; };

    view "internal" {
            match-clients { mylan; };
            recursion yes;
            notify no;
            include "/etc/bind/common_zones.inc";

            zone "hank.org" IN {
                    type master;
                    file "/etc/bind/hank.org.internal";
            };

            zone "1.168.192.in-addr.arpa" IN {
                    type master;
                    file "/etc/bind/db.192.168.1.x";
            };

    };
    view "external" {
            match-clients { any; };
            recursion no;
            allow-query { any; };
            notify yes;

            include "/etc/bind/common_zones.inc";

            zone "hank.org" IN {
                    type master;
                    file "/etc/bind/hank.org";
            };

    }; 

    -- 
Bill Moseley
moseley@hank.org
  • Next message: Bill Campbell: "Re: sftp on OS390 mainframe"