bugzilla-daemon at bugzilla.mindrot.org
2015-Nov-13 03:59 UTC
[Bug 1860] UseDNS option ignored
https://bugzilla.mindrot.org/show_bug.cgi?id=1860
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |WORKSFORME
Status|NEW |RESOLVED
--- Comment #6 from Damien Miller <djm at mindrot.org> ---
The bit leading up to this is:
20538: xgetsockaddr(UW71|XPG4, REMOTENAME, 3, 0x08047ADC, 0x08047B60)
= 0
20538: gettimeofday(0x08047070, 0xBFF5A870) = 0
20538: getpid() = 20538 [
20271 ]
20538: open("/etc/resolv.conf", O_RDONLY, 0666) = 4
20538: ioctl(4, TCGETS, 0x08046F64) Err#25 ENOTTY
Which makes me think this is canohost.c:get_remote_hostname(). It does
a getpeername() call that is probably the xgetscoaddr call above. It
then does a:
if (getnameinfo((struct sockaddr *)&from, fromlen, ntop, sizeof(ntop),
NULL, 0, NI_NUMERICHOST) != 0)
call. This should not result in any DNS traffic though - it's
requesting a numeric hostname.
IMO the only way for it to end up in the DNS here is if the OS
getnameinfo() is buggy. This is further supported by what it does next:
20538: open("/etc/services", O_RDONLY, 0666) = 4
20538: ioctl(4, TCGETS, 0x08047894) Err#25 ENOTTY
20538: fxstat(2, 4, 0x080478D4) = 0
20538: read(4, " # i d e n t\t " @ ( # )".., 8192) = 4260
20538: read(4, 0x0814A090, 8192)
It's not looking at /etc/hosts - it's looking for a port number to
service name lookup and it's doing so in spite of the getnameinfo()
call above not requesting a service name lookup.
So, I think your system has been configured to do service lookups by
DNS *and* your libc/resolver getnameinfo() is broken. There isn't much
we can do in sshd to mitigate this. If it is still failing for you then
I suggest disabling service lookups via DNS and/or contacting your OS
vendor.
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
Seemingly Similar Threads
Wisdom of the Ancients
