Bug 131610
Summary: | SSH causing invalid DNS queries to root servers. | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Gigs <jgiglio> |
Component: | glibc | Assignee: | Nalin Dahyabhai <nalin> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | medium | ||
Version: | 1 | CC: | drepper, j |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2004-09-28 22:59:42 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Gigs
2004-09-02 17:48:14 UTC
Stuff I forgot: Using ssh -4 is a workaround for this. Thanks to Skapere on #dns on irc.freenode.net for helping me disgnose this bug. Also entered as: http://bugzilla.mindrot.org/show_bug.cgi?id=924 ------- Additional Comments From djm 2004-09-04 08:28 ------- OpenSSH just uses the standard getaddrinfo() API, it doesn't do anything magical for DNS queries. Any complaints about getaddrinfo()'s behaviour on your system should be directed to your libc vendor. BTW, you can turn off IPv6 lookups by setting "AddressFamily inet" in your ssh_config. Many fixes have gone into our newest Fedora Core 3 test2 release, please re-test with that and open a requests if you find further problems. Thanks, Florian La Roche A tcpdump on queries from FC3t2 gave me AAAA host AAAA host.subdomain A host A host.subdomain The output from #5 is certainly correct. I'm closing the bug. Why is that "certainly correct"? Can you give any reference to any standard which mandates this behaviour? From what I see, the new order is even worse. Sending AAAA host. (fail because there's no TLD named host) AAAA host.sumdomain. (fail because most people don't run IPv6) A host. (fail because there's no TLD named host) A host.subdomain (probably success) So this new scenario actually creates twice as much bogus traffic for the root name servers! If someone queries a non-dotted (or with few dots, see the ndots option in resolv.conf) the DNS server is always queried for a short name since it might know about CNAMEs matching this. This is how it always has been. And the order of the results returned by getaddrinfo() is determined according to the rules in RFC 3494. If you don't want IPv6 addresses to be returned, make sure you use AI_ADDRCONFIG and remove all IPv6 addresses from all your interfaces. The behavior is correct, I have not seen anything to the contrary. Provide up-to-date and detailed information about what you think is wrong. >>determined according to the rules in RFC 3494.
What does the version history of LDAP have to do with anything?
The default for ndots is 1. If I "ssh sysadm@host" there are exactly
zero dots in my request. Yet the resolver still tries to resolve an
absolute name, the TLD "host.", causing root name server traffic for
absolutely no valid reason.
It's RFC 3484, typo. Fine, if you all want to refuse to acknowdge this bug so bad, I don't care anymore. I'm not going to argue about something that is so obviously broken to everyone who doesn't have an email that ends with @redhat.com. This bug was silently fixed. It is no longer present in FC3. |