Re: apparent change in hostnames on LAN without admin intervention
On Mon 16 Dec 2019 at 12:03:58 (+0530), tv.debian@googlemail.com wrote:
> I am not the OP, but questions seems directed to me, see inline answers.
Yes, it's interesting to see what people's configurations are when
they make suggestions, because that affects whether they apply in
other cases (including mine).
> On 16/12/2019 11:12, David Wright wrote:
> > On Sun 15 Dec 2019 at 11:49:55 (+0530), tv.debian@googlemail.com wrote:
> > > On 15/12/2019 00:35, Jape Person wrote:
> > > > On 12/14/19 3:56 AM, Andrei POPESCU wrote:
> > > > > On Vi, 13 dec 19, 19:33:51, Jape Person wrote:
> > > > > > Hi folks. Did I miss something?
> > > > > >
> > > > > > I've had 3 Sid/testing systems running on the same LAN behind the same
> > > > > > router for just shy of 3 years. Their static IP addresses
> > > > > > have always been
> > > > > > issued by the DHCP server on the router. Everything has
> > > > > > been copacetic among
> > > > > > the systems, with local and outside name resolution
> > > > > > working with no issue.
> > > > > >
> > > > > > A little over a week ago the systems stopped being able to
> > > > > > access each other
> > > > > > by name. No changes were made in the settings or firmware
> > > > > > of the router or
> > > > > > of the local network settings on the systems.
> > > > > >
> > > > > > I discovered that all of the hostnames had changed from xxxxxx.local to
> > > > > > xxxxxx. I've tried to determine the cause of this alteration in the
> > > > > > hostnames on the LAN.
> > > > >
> > > > > Please provide more info on this, specifically where / how are the
> > > > > hostnames configured and where / how did you discover they changed.
> > > > >
> > > > > Do note that .local is typically used by mDNS and in my understanding it
> > > > > should not be used with a DNS server.
> > > > >
> > > > > https://en.wikipedia.org/wiki/.local
> > > >
> > > > The hostnames and local domain name were used during installation.
> > > >
> > > > The static DHCP addresses are issued by a Luxul XWR-1750 router
> > > > which associates the hostnames with the MAC and IP addresses.
> > > >
> > > > Contents of /etc/resolv.conf:
> > > >
> > > > search local
> > > > nameserver 208.67.220.220
> > > >
> > > > I discovered the change a few days ago when I was doing my daily
> > > > check for updates by using SSH to connect to two of the systems. I
> > > > received the following response to the connection command:
> > > >
> > > > ssh: Could not resolve hostname chip-nuc.local: Name or service not known
> > > >
> > > > I checked to make sure I could connect to everything by IP
> > > > address, and I checked DNS on the outside world. Everything looked
> > > > okay.
> > > >
> > > > On a hunch I tried omitting the .local from the connection
> > > > command, and it work on each client.
> > > >
> > > > I figured any time the name of a client changes without deliberate
> > > > action on the part of the network admin (however incompetent he
> > > > may be), that could be a security issue. That's why I asked here.
> > >
> > > Hi, I am running a very similar setup, also on Sid/Testing (updated
> > > daily), and didn't notice any change. My local domain is not ".local"
> > > or ".home", it is custom.
> >
> > That might be a reason for no change to have occurred.
> >
> > Just out of curiosity, is your custom name registered or just made up?
>
> Made up, it exists only on my LAN.
OK. so that's the same as me.
> > > My resolv.conf looks like yours (modulo the domain name), I have an
> > > additional nameserver line for my router address. My router only
> > > resolves names for the local network, public DNS is resolved though a
> > > VPN.
> > >
> > > My hosts file is just standard :
> > >
> > > <IP> <hostname.domain> <hostname>
> > >
> > > one line per host on the network, the router has the same hosts file,
> > > the IP are reserved by the router DHCP and associated with (static
> > > spoofed) MAC addresses. Routers are running on Asuswrt-Merlin and
> > > openWRT (one is AP mode only).
> >
> > Again, curious, why do you maintain hosts files on each host? As you
> > resolve that other hosts on your network by DNS at the router, I
> > would have expected all your hosts files to look like:
> >
> > 127.0.0.1 localhost
> > 127.0.1.1 foo.custom foo
> >
> > for host foo.
> >
>
> One of the PC is serving various services to the LAN, some bypassing
> the router for load/performances reason,
Fair enough. (I do that between hosts using IPv6 over Cat5, and have
been scolded here for it.)
> this PC is carrying an up to
> date version of the hosts file.
But does it need to? If your router runs a DNS server (you say it
does), it can provide that (DNS) service to the PC that's providing
the various other services.
> It's not one hosts file on every
> machines on the network, it's one hosts file with every machines on
> the LAN registered in it on one of the node on the LAN.
… which just means there are two machines needing the up-to-date hosts
file: the server-PC that avoids disturbing the router, and the router
running a DNS server. Still one more than necessary?
> > > ssh here works with both hostnames short alias (no domain), full name or IP.
That works here too, though it's because all my hosts have a full list
of other hosts from which a script configures their /etc/hosts files.
But I never use the foo.corp name for ssh (only for intraLAN email)
because it's tedious setting up known_hosts for hostnames, IP addresses
*and* FQDNs.
> > > <nslookup> <hostname.domain> <router IP>
> > >
> > > works as expected and return the host IP.
That, of course, is impossible for me because the router doesn't have
a clue about domain names:
$ nslookup alum 192.168.1.1
Server: 192.168.1.1
Address: 192.168.1.1#53
** server can't find alum: NXDOMAIN
$
> > > Since we probably have the same packages versions let me know if you
> > > need me to check anything that could differ from your system.
> >
> Hope it satisfies your curiosity.
Yes, thanks. While I've been typing this (marooned by snow), the OP
has just posted a reply elsewhere in the thread. It makes me suspect
that they might not be running a DNS server in their router.
Cheers,
David.
Reply to: