bugzilla-daemon at mindrot.org
2012-Aug-27 18:06 UTC
[Bug 2037] New: sshd Causing DNS Queries on ListenAddress when binding to IPV4 and IPV6 addresses on AIX
https://bugzilla.mindrot.org/show_bug.cgi?id=2037
Priority: P5
Bug ID: 2037
Assignee: unassigned-bugs at mindrot.org
Summary: sshd Causing DNS Queries on ListenAddress when binding
to IPV4 and IPV6 addresses on AIX
Severity: normal
Classification: Unclassified
OS: AIX
Reporter: caleblloyd at gmail.com
Hardware: PPC
Status: NEW
Version: -current
Component: sshd
Product: Portable OpenSSH
On AIX 7.1, sshd is causing a an AAAA DNS Query to occur on "0.0.0.0"
and an A DNS Query to occur on "::" when trying to listen on all IPV4
and IPV6 addresses. If DNS is not configured, OpenSSH will take a long
time to try to resolve this DNS query on startup and on receiving a
client connection until the DNS query eventually times out.
ListenAddresses from /etc/ssh/sshd_config:
ListenAddress 0.0.0.0
ListenAddress ::
When a listener address is added to the server, the POSIX function
"getaddrinfo" is called from servconf.c
sshd application calls:
getaddrinfo("0.0.0.0") and
getaddrinfo("::"), with hints to be NULL for these 2 calls.
---------------------------------------------------------------------------
For getaddrinfo("0.0.0.0, ...") call,
Internally, it will call these 2 APIs to collect information for both
IPv4 and IPv6 addresses since hint is NULL:
gethostbyname2("0.0.0.0", AF_INET6)
gethostbyname2("0.0.0.0", AF_INET)
In gethostbyname2 ("0.0.0.0", AF_INET6);
It's asking for an IPv6 address mapping.
"0.0.0.0" itself is NOT an IPv6 address, so resolver treats it as a
hostname.
You will see an AAAA query for hostname "0.0.0.0".
In gethostbyname2 ("0.0.0.0", AF_INET);
It's asking for an IPv4 address mapping.
"0.0.0.0" is an IPv4 address, so resolver will NOT go out to DNS
server
for answer.
---------------------------------------------------------------------------
For getaddrinfo("::",...) call:
Internally, it will call these 2 APIs to collect information for both
IPv4 and IPv6 addresses since hint is NULL:
gethostbyname2("::", AF_INET6)
gethostbyname2("::", AF_INET)
In gethostbyname2("::", AF_INET6);
It is asking for an IPv6 address mapping. "::" itself is an IPv6
address.
So it won't do DNS query.
In gethostbyname2("::", AF_INET);
It is asking for an IPv4 address mapping. "::" is NOT an IPv4 address.
"::" itself is NOT an IPv4 address, so resolver treats it as a
hostname.
You will see an A query for hostname "::".
---------------------------------------------------------------------------
The solution would be to define an AddressFamily for each ListenAddress
in /etc/ssh/sshd_config like so:
AddressFamily inet
ListenAddress 0.0.0.0
AddressFamily inet6
ListenAddress ::
Another solution would be to create a configuration option that would
let AI_NUMERICHOST be passed to the POSIX getaddrinfo() function.
--
You are receiving this mail because:
You are watching the assignee of the bug.
Reasonably Related Threads
- [patch] net/rsync: problems in client name lookup code
- [Bug 86] Port should not depend on ListenAddress
- [Bug 86] Port should not depend on ListenAddress
- [Bug 1457] X11 Forwarding doesn't work anymore on a solaris 10 host where ipv6 has not been enabled
- Call for testing: OpenSSH 6.9
Wisdom of the Ancients
