[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#457472: openssh-client: ssh resolves some hosts to 1.0.0.0



On Mon, Dec 24, 2007 at 03:07:51PM +0100, Vincent Lefevre wrote:
> On 2007-12-24 10:49:32 +0000, Colin Watson wrote:
> > I can't tell for sure from your strace (in future, use -s 1024 so that
> > buffers passed to system calls aren't truncated to quite such a short
> > length), but your diagnosis sounds right, and it doesn't sound like
> > OpenSSH is the appropriate place for a deployed workaround. Reassigning
> > to glibc where the resolver is implemented.
> 
> OK, I didn't know what OpenSSH used for DNS resolving. As different
> software behaves differently, this is rather confusing. After more
> tests, it seems that Iceweasel has the same problem, though other
> users (as seen in discussions on web forums) reported that Firefox
> worked (but perhaps they have disabled IPv6 in Firefox or somewhere
> else). Some users reported the same problem with apt-get with Debian
> and Ubuntu[*]. So, this probably comes from glibc (I suppose that
> not all software does IPv6 DNS requests).

Indeed, OpenSSH just uses getaddrinfo, which is the newer generation of
library support for name resolution. I imagine, though, that the
relevant fact is that it does an AAAA query and gets garbage back.

> > However, in your particular case, setting 'AddressFamily inet' in
> > /etc/ssh/ssh_config should work around the problem just for ssh.
> 
> The solution I chose was to disable the DNS forwarding service of
> the D-Link router; but this meant I had to fill the /etc/resolv.conf
> manually (I thought the router would provide the DNS servers of the
> ISP instead of the local 192.168.1.1, but after running "pump", the
> /etc/resolv.conf file is left unchanged). However, the consequence
> is that Windows machines (which don't support IPv6, thus are not
> affected by the bug of the router) can no longer use the router's
> DNS service either.

Have you considered asking your router vendor for a firmware upgrade? It
sounds like a straightforward bug in their DNS implementation.

Thanks,

-- 
Colin Watson                                       [cjwatson@debian.org]



Reply to: