Re: OpenSSH and hostname resolution issues on Solaris

From: Per Hedeland (per@hedeland.org)
Date: 11/08/02


From: per@hedeland.org (Per Hedeland)
Date: Fri, 8 Nov 2002 20:20:36 +0000 (UTC)

In article <J0Gy9.49784$7W2.47287@nwrddc01.gnilink.net> "Nico
Kadel-Garcia" <nkadel@bellatlantic.net> writes:
>"Per Hedeland" <per@hedeland.org> wrote in message
>news:aqf0t0$8i7$1@hedeland.org...
>> In article <6NCy9.17349$Wf5.8203@nwrddc04.gnilink.net> "Nico
>> Kadel-Garcia" <nkadel@bellatlantic.net> writes:
>> >
>> >That was it! "-u0"! The documentation mentions nowhere that this prevents
>> >reverse DNS lookups from being done.
>>
>> Sure it does - from the 3.4p1 sshd(8) man page:
>>
>> Specifying -u0
>> indicates that only dotted decimal addresses should be put into
>> the utmp file. -u0 is also be used to prevent sshd from making
>> DNS requests unless the authentication mechanism or configuration
>> requires it.
>>
>> (It could use some proof-reading though.:-)
>
>It's the *REVERSE* hostname lookups that are the classic problem, not the
>forward name lookups.

Why would sshd do forward lookups? What names would it have to do
forward lookups on? How could anyone think that it would do forward
lookups? (All assuming that it hasn't *first* done a reverse lookup, but
since it says "prevent sshd from making DNS requests", it obviously
hasn't.) If you invest a fraction of a second of thought, it should be
obvious that the section above is talking primarily about reverse
lookups.

> It really does need proofreading, it's a huge FAQ.

I was only referring to the "is also be used" part. Yes, FAQs are often
the result of people not finding their answer in the documentation.
Claiming that it isn't there when it obviously is doesn't really help.

--Per Hedeland
per@hedeland.org



Relevant Pages

  • Re: Cannot find domain controller
    ... PTR records have no effect on "name resolution". ... You do not need to setup or configure reverse lookup zones for forward ... Wer're not talking about Forward Lookups. ... We're talking about a reverse PTR ...
    (microsoft.public.windows.server.active_directory)
  • Re: SMTP Reverse DNS incoming option and external Email
    ... With that option "on" we only do a reverse lookup with no other action. ... > that the reverse DNS was missing for our Exchange server, ... > reverse DNS lookups on incoming Email. ...
    (microsoft.public.exchange2000.connectivity)
  • Re: remote reverse lookup failures
    ... >all lookups for A when using A's DNS work fine. ... > reverse DNS lookups for spam control). ... > specifying A or B DNS servers in a hostcommand. ...
    (comp.unix.bsd.freebsd.misc)
  • Re: SSH1 - Slow Enternal and Fast Internal Authentication
    ... AM> authentication for ssh. ... One thing might be reverse name lookups on client addresses ...
    (comp.security.ssh)
  • Re: ssh to IP literal
    ... the library canonicalizes through a forward and reverse name lookup. ... that some daemons (e.g. sshd) don't look at `hostname` but use a PTR ... reverse DNS, then a bummer, you can't use GSSAPI to ssh to the host. ... Stock OpenSSH calls gethostbyname. ...
    (comp.protocols.kerberos)