Package: ssh
Version: 2.9p2-6
I dont know if this is an ssh specific bug or not, so someone re-assign it
if you know where the bug actually is.
When I ssh into a machine by hostname, it first resolves the name to IP
address and then connects. Normally the /etc/host.conf file determines
whether to check the local hosts file, or the name server. I have my
system setup to check hosts then dns, however when I run ssh through
strace, I find that it reads the host.conf file then proceeds straight
into doing a DNS request.
This DNS request will fail due to a current problem with the hosts DNS
server. After this fails, it then reads the hosts file, finds the correct
address and continues normally.
Why is DNS used in preference to hosts file, even when the config file
says otherwise? I grabbed the source and compiled it to run through with
gdb, and my compiled version reads the hosts file first, and works
properly. Is there a known bug in the resolver, or is it a specific bug
in the debian precompiled version of ssh?
To explain what I mean, a little snippet of the strace is included below
(with some lines removed to make it tidy).
open("/etc/resolv.conf", O_RDONLY) = 3
read(3, "nameserver 192.168.15.129\n", 4096) = 26
read(3, "", 4096) = 0
close(3) = 0
open("/etc/host.conf", O_RDONLY) = 3
read(3, "order hosts,bind\nmulti on\n", 4096) = 26
read(3, "", 4096) = 0
close(3) = 0
open("/etc/hosts", O_RDONLY) = 3
[large hosts file edited down]
read(3,"127.0.0.1\tlocalhost\n192.168.15.129\tgrunge.hpy.hell\n
24.42.154.115 lo.doa.org\n\n", 4096) = 898
read(3, "", 4096) = 0
close(3) = 0
open("/etc/ld.so.cache", O_RDONLY) = 3
[mmap performed]
close(3) = 0
open("/lib/libnss_dns.so.2", O_RDONLY) = 3
[mmap performed]
close(3) = 0
open("/lib/libresolv.so.2", O_RDONLY) = 3
[mmap performed]
close(3) = 0
socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 3
connect(3, {sin_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("192.168.15.129")}}, 28) = 0
send(3, "\245V\1\0\0\1\0\0\0\0\0\0\2lo\3doa\3org\0\0\1\0\1", 28, 0) = 28
So you can see the flow of the program, it does indeed read the config
files and hosts file properly, but still tries to do DNS. Once the DNS
fails, it continues normally with the address in /etc/hosts.
ii ssh 2.9p2-6 Secure rlogin/rsh/rcp replacement (OpenSSH)
ii libc6 2.2.4-5 GNU C Library: Shared libraries and Timezone
ii libpam0g 0.72-31 Pluggable Authentication Modules library
ii libssl0.9.6 0.9.6b-1 SSL shared libraries
ii libwrap0 7.6-8.2 Wietse Venema's TCP wrappers library
ii zlib1g 1.1.3-15 compression library - runtime
ii libpam-modules 0.72-31 Pluggable Authentication Modules for PAM
ii libwrap0 7.6-8.2 Wietse Venema's TCP wrappers library
ii debconf 1.0.17 Debian configuration management system
ii dnsutils 9.1.3-1 Clients provided with BIND
Davey
Subject: Re: Bug#123373: ssh: Resolver doesnt work properly
Date: Thu, 10 Jan 2002 03:25:23 +1100 (EST)
On Sun, 6 Jan 2002, Greg Norris wrote:
> Is this problem still occurring? I was seeing the same issue before,
> but can't seem to reproduce it now (version 3.0.2p1-2 on unstable).
Yep it still happens here with 3.0.1p1-1.2 on unstable. apt-get update
doesnt show any newer version off ssh available, so I assume its the
latest.
Davey
Subject: Re: Bug#123373: ssh: Resolver doesnt work properly
Date: Wed, 9 Jan 2002 20:50:56 -0600
I think your non-US mirror is lagging a few days behind. According to
my changelog 3.0.2p1-1 was uploaded on 4 Jan, with 3.0.2p1-2 following
the next day.
On Thu, Jan 10, 2002 at 03:25:23AM +1100, David Murn wrote:
> Yep it still happens here with 3.0.1p1-1.2 on unstable. apt-get update
> doesnt show any newer version off ssh available, so I assume its the
> latest.
>
> Davey
>
Subject: Re: Bug#123373: ssh: Resolver doesnt work properly
Date: Thu, 10 Jan 2002 17:36:55 +1100 (EST)
On Wed, 9 Jan 2002, Greg Norris wrote:
> I think your non-US mirror is lagging a few days behind. According to
> my changelog 3.0.2p1-1 was uploaded on 4 Jan, with 3.0.2p1-2 following
> the next day.
Turns out I was upgrading off testing not unstable, put -2 on now and
still got the same problem. Will try downloading source and compiling to
see if I get the same result.
Davey
Subject: Re: Bug#123373: ssh: Resolver doesnt work properly
Date: Wed, 16 Jan 2002 11:20:54 +1100 (EST)
On Wed, 9 Jan 2002, Greg Norris wrote:
> I think your non-US mirror is lagging a few days behind. According to
> my changelog 3.0.2p1-1 was uploaded on 4 Jan, with 3.0.2p1-2 following
> the next day.
As it turns out, this bug has been reported numerous times against libc.
Ive started tracing the problem, it only occurs when getaddrinfo() is
used, gethostbyname() uses the correct procedure (using the host.conf
file).
This also explains why telnet takes twice as long as any other program to
connect, as its doing both a forward and reverse lookup on the address
(not using the hosts file either time).
Im tracing the problem further, will report more when Ive figured it out.
Davey
Debbugs is free software and licensed under the terms of the GNU General
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.