[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#527969: openssh-server: The ssh -D SOCKS proxy does not cope with some odd DNS responses

Package: openssh-server
Version: 1:5.1p1-5+b1
Severity: normal

Hi, 

There seems to be a problem in the ssh -D SOCKS proxy which is triggered by some
eccentricity in login.facebook.com's DNS entry.

Below are three illustrations of how that DNS entry is behaving, taken from
different places on the net.  In each case a DNS query gives one valid A
record response before triggering an error condition.  I don't know what it is
about facebook's DNS servers that is causing this.

A regular web browser will cope with the error condition and connect to the IP
address in question.  A web browser talking SOCKS over ssh -D will fail to
connect to the IP address.

host login.facebook.com localhost
Using domain server:
Name: localhost
Address: 127.0.0.1#53
Aliases: 
--------------------

login.facebook.com has address 69.63.180.173
;; connection timed out; no servers could be reached

host login.facebook.com 192.168.1.1
Using domain server:
Name: 192.168.1.1
Address: 192.168.1.1#53
Aliases: 

login.facebook.com has address 69.63.176.138
Host login.facebook.com not found: 2(SERVFAIL)

--------------------
host login.facebook.com 64.127.100.11
Using domain server:
Name: 64.127.100.11
Address: 64.127.100.11#53
Aliases: 

login.facebook.com has address 69.63.180.174
;; connection timed out; no servers could be reached



-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.28-1-686 (SMP w/2 CPU cores)
Locale: LANG=en_AU, LC_CTYPE=en_AU (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/bash

Versions of packages openssh-server depends on:
ii  add 3.110                                add and remove users and groups
ii  deb 1.5.19                               Debian configuration management sy
ii  dpk 1.14.26                              Debian package management system
ii  lib 2.9-4                                GNU C Library: Shared libraries
ii  lib 1.39+1.40-WIP-2006.11.14+dfsg-2etch1 common error description library
ii  lib 1.6.dfsg.4~beta1-13                  MIT Kerberos runtime libraries - k
ii  lib 1.6.dfsg.4~beta1-13                  MIT Kerberos runtime libraries - C
ii  lib 1.6.dfsg.4~beta1-13                  MIT Kerberos runtime libraries
ii  lib 0.79-5                               Pluggable Authentication Modules f
ii  lib 0.79-5                               Runtime support for the PAM librar
ii  lib 0.99.7.1-5                           Pluggable Authentication Modules l
ii  lib 2.0.59-1                             SELinux shared libraries
ii  lib 0.9.8g-16                            SSL shared libraries
ii  lib 7.6.dbs-13                           Wietse Venema's TCP wrappers libra
ii  lsb 3.2-22                               Linux Standard Base 3.2 init scrip
ii  ope 0.1.0                                list of blacklisted OpenSSH RSA an
ii  ope 1:5.1p1-5+b1                         secure shell client, an rlogin/rsh
ii  pro 1:3.2.7-3                            /proc file system utilities
ii  zli 1:1.2.3.3.dfsg-13                    compression library - runtime

Versions of packages openssh-server recommends:
ii  openssh-blacklist-extra       0.4.1      list of non-default blacklisted Op
ii  xauth                         1:1.0.2-2  X authentication utility

-- debconf-show failed

-- 
Peter Eckersley                            pde@eff.org
Staff Technologist                Tel  +1 415 436 9333 x131
Electronic Frontier Foundation    Fax  +1 415 436 9993
Reply to: