Re: OpenSSH and hostname resolution issues on Solaris

From: Per Hedeland (per@hedeland.org)
Date: 11/09/02 

From: per@hedeland.org (Per Hedeland)
Date: Sat, 9 Nov 2002 11:35:06 +0000 (UTC)

In article <aqh83i$rat$1@mozo.cc.purdue.edu> abe@cc.purdue.edu (Vic
Abell) writes:
>per@hedeland.org (Per Hedeland) writes:
>
>>Why would sshd do forward lookups? What names would it have to do
>>forward lookups on? How could anyone think that it would do forward
>>lookups? (All assuming that it hasn't *first* done a reverse lookup, but
>>since it says "prevent sshd from making DNS requests", it obviously
>>hasn't.) If you invest a fraction of a second of thought, it should be
>>obvious that the section above is talking primarily about reverse
>>lookups.
>
>I believe the OP said that sshd was compiled with TCP wrappers.
>If that is true, then I believe the libwrap functions do a forward
>lookup on the name acquired during the reverse lookup of the IP
>address to make sure the name maps to the starting IP address.

I believe so too - and without checking, I believe sshd does such a
forward lookup too *if* it does reverse lookup - after all, the name
obtained trough reverse lookup is pretty useless unless it is verified
by a forward lookup.

The section you quote, however, was only a rebuttal of Nico's claim that
the OpenSSH documentation didn't say that -u0 prevented sshd itself from
doing reverse lookups, including pointing out the obvious fact that
without a preceding reverse lookup, there is nothing to do a forward
lookup *on*.

--Per Hedeland
per@hedeland.org