Re: apparent change in hostnames on LAN without admin intervention

["tv.debian@googlemail.com" <tv.debian@googlemail.com>]

On 15/12/2019 00:35, Jape Person wrote:
> On 12/14/19 3:56 AM, Andrei POPESCU wrote:
> > On Vi, 13 dec 19, 19:33:51, Jape Person wrote:
> > > Hi folks. Did I miss something?
> > >
> > > I've had 3 Sid/testing systems running on the same LAN behind the same
> > > router for just shy of 3 years. Their static IP addresses have always 
> > > been
> > > issued by the DHCP server on the router. Everything has been 
> > > copacetic among
> > > the systems, with local and outside name resolution working with no 
> > > issue.
> > >
> > > A little over a week ago the systems stopped being able to access 
> > > each other
> > > by name. No changes were made in the settings or firmware of the 
> > > router or
> > > of the local network settings on the systems.
> > >
> > > I discovered that all of the hostnames had changed from xxxxxx.local to
> > > xxxxxx. I've tried to determine the cause of this alteration in the
> > > hostnames on the LAN.
> >
> > Please provide more info on this, specifically where / how are the
> > hostnames configured and where / how did you discover they changed.
> >
> > Do note that .local is typically used by mDNS and in my understanding it
> > should not be used with a DNS server.
> >
> > https://en.wikipedia.org/wiki/.local
> >
> > Kind regards,
> > Andrei
> Hi, Andrei.
>
> The hostnames and local domain name were used during installation.
>
> The static DHCP addresses are issued by a Luxul XWR-1750 router which 
> associates the hostnames with the MAC and IP addresses.
>
> Contents of /etc/resolv.conf:
>
> search local
> nameserver 208.67.220.220
>
> I discovered the change a few days ago when I was doing my daily check 
> for updates by using SSH to connect to two of the systems. I received 
> the following response to the connection command:
>
> ssh: Could not resolve hostname chip-nuc.local: Name or service not known
>
> I checked to make sure I could connect to everything by IP address, and 
> I checked DNS on the outside world. Everything looked okay.
>
> On a hunch I tried omitting the .local from the connection command, and 
> it work on each client.
>
> I figured any time the name of a client changes without deliberate 
> action on the part of the network admin (however incompetent he may be), 
> that could be a security issue. That's why I asked here.
>
> Thanks,
> JP

Hi, I am running a very similar setup, also on Sid/Testing (updated 
daily), and didn't notice any change. My local domain is not ".local" or 
".home", it is custom.

My resolv.conf looks like yours (modulo the domain name), I have an 
additional nameserver line for my router address. My router only 
resolves names for the local network, public DNS is resolved though a VPN.

My hosts file is just standard :

<IP>	<hostname.domain>	<hostname>

one line per host on the network, the router has the same hosts file, 
the IP are reserved by the router DHCP and associated with (static 
spoofed) MAC addresses. Routers are running on Asuswrt-Merlin and 
openWRT (one is AP mode only).

ssh here works with both hostnames short alias (no domain), full name or IP.

<nslookup>	<hostname.domain>	<router IP>

works as expected and return the host IP.

Since we probably have the same packages versions let me know if you 
need me to check anything that could differ from your system.