Re: apparent change in hostnames on LAN without admin intervention
On Sun 15 Dec 2019 at 11:49:55 (+0530), tv.debian@googlemail.com wrote:
> On 15/12/2019 00:35, Jape Person wrote:
> > On 12/14/19 3:56 AM, Andrei POPESCU wrote:
> > > On Vi, 13 dec 19, 19:33:51, Jape Person wrote:
> > > > Hi folks. Did I miss something?
> > > >
> > > > I've had 3 Sid/testing systems running on the same LAN behind the same
> > > > router for just shy of 3 years. Their static IP addresses
> > > > have always been
> > > > issued by the DHCP server on the router. Everything has
> > > > been copacetic among
> > > > the systems, with local and outside name resolution
> > > > working with no issue.
> > > >
> > > > A little over a week ago the systems stopped being able to
> > > > access each other
> > > > by name. No changes were made in the settings or firmware
> > > > of the router or
> > > > of the local network settings on the systems.
> > > >
> > > > I discovered that all of the hostnames had changed from xxxxxx.local to
> > > > xxxxxx. I've tried to determine the cause of this alteration in the
> > > > hostnames on the LAN.
> > >
> > > Please provide more info on this, specifically where / how are the
> > > hostnames configured and where / how did you discover they changed.
> > >
> > > Do note that .local is typically used by mDNS and in my understanding it
> > > should not be used with a DNS server.
> > >
> > > https://en.wikipedia.org/wiki/.local
> >
> > The hostnames and local domain name were used during installation.
> >
> > The static DHCP addresses are issued by a Luxul XWR-1750 router
> > which associates the hostnames with the MAC and IP addresses.
> >
> > Contents of /etc/resolv.conf:
> >
> > search local
> > nameserver 208.67.220.220
> >
> > I discovered the change a few days ago when I was doing my daily
> > check for updates by using SSH to connect to two of the systems. I
> > received the following response to the connection command:
> >
> > ssh: Could not resolve hostname chip-nuc.local: Name or service not known
> >
> > I checked to make sure I could connect to everything by IP
> > address, and I checked DNS on the outside world. Everything looked
> > okay.
> >
> > On a hunch I tried omitting the .local from the connection
> > command, and it work on each client.
> >
> > I figured any time the name of a client changes without deliberate
> > action on the part of the network admin (however incompetent he
> > may be), that could be a security issue. That's why I asked here.
>
> Hi, I am running a very similar setup, also on Sid/Testing (updated
> daily), and didn't notice any change. My local domain is not ".local"
> or ".home", it is custom.
That might be a reason for no change to have occurred.
Just out of curiosity, is your custom name registered or just made up?
> My resolv.conf looks like yours (modulo the domain name), I have an
> additional nameserver line for my router address. My router only
> resolves names for the local network, public DNS is resolved though a
> VPN.
>
> My hosts file is just standard :
>
> <IP> <hostname.domain> <hostname>
>
> one line per host on the network, the router has the same hosts file,
> the IP are reserved by the router DHCP and associated with (static
> spoofed) MAC addresses. Routers are running on Asuswrt-Merlin and
> openWRT (one is AP mode only).
Again, curious, why do you maintain hosts files on each host? As you
resolve that other hosts on your network by DNS at the router, I
would have expected all your hosts files to look like:
127.0.0.1 localhost
127.0.1.1 foo.custom foo
for host foo.
> ssh here works with both hostnames short alias (no domain), full name or IP.
>
> <nslookup> <hostname.domain> <router IP>
>
> works as expected and return the host IP.
>
> Since we probably have the same packages versions let me know if you
> need me to check anything that could differ from your system.
Cheers,
David.
Reply to: