also sprach Nico Kadel-Garcia <nkadel at gmail.com> [2014-12-22 14:43 +0100]:> The problem, I think, isn't that you have an entry in all three. It's > that you have a *shortened* hostname that is identical in all 3 DNS > domains. If your DNS admins have gracefully set the local environments > to each be on their own subdomain, and that subdomain is *first* in > DHCP configured DNS, you should be golden.No, because the problem is that the short name always resolves to the IP the machine would have in the local network, and hence this is the IP that OpenSSH tries. However, if the machine is not in the local network, then I'd like OpenSSH to ask for the same hostname in the next CanonicalDomain and try it there. Does this make sense? -- @martinkrafft | http://madduck.net/ | http://two.sentenc.es/ "politicians and diapers should be changed often, and for the same reason." -- mark twain spamtraps: madduck.bogus at madduck.net -------------- next part -------------- A non-text attachment was scrubbed... Name: digital_signature_gpg.asc Type: application/pgp-signature Size: 1107 bytes Desc: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current) URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20141222/1cc80a5c/attachment.bin>
On Mon, Dec 22, 2014 at 3:41 PM, martin f krafft <madduck at madduck.net> wrote:> also sprach Nico Kadel-Garcia <nkadel at gmail.com> [2014-12-22 14:43 +0100]: >> The problem, I think, isn't that you have an entry in all three. It's >> that you have a *shortened* hostname that is identical in all 3 DNS >> domains. If your DNS admins have gracefully set the local environments >> to each be on their own subdomain, and that subdomain is *first* in >> DHCP configured DNS, you should be golden. > > No, because the problem is that the short name always resolves to > the IP the machine would have in the local network, and hence this > is the IP that OpenSSH tries. > > However, if the machine is not in the local network, then I'd like > OpenSSH to ask for the same hostname in the next CanonicalDomain and > try it there. Does this make sense?If it's not "in the local network", then it shouldn't get the subdomain of the internal network, and you've got a DNS "views" or DHCP configuration issue. I'm now assuming that you now have fully qualified hostnames that differ in each environment?
also sprach Nico Kadel-Garcia <nkadel at gmail.com> [2014-12-23 07:50 +0100]:> If it's not "in the local network", then it shouldn't get the > subdomain of the internal network, and you've got a DNS "views" or > DHCP configuration issue.While the machine is not at the office, other machines can resolve fishbowl.office to a valid IP? that's the same as resolving the hostname of a machine that's turned off.> I'm now assuming that you now have fully qualified hostnames that > differ in each environment?fishbowl.office ? 192.168.17.33 fishbowl.home ? 192.168.14.33 fishbowl.lab ? 192.168.15.33 The three /24 networks are connected via a VPN. All three names resolve to the appropriate IP, and obviously when at the office, a request for "fishbowl" will yield 192.168.17.33 while it would yield 192.168.14.33 at home (due to DNS search). I'd kinda like OpenSSH to connect to all three IPs at once, since only one will ever be answered at any one time. Or it should try them in quick succession. I realise that this is not really an OpenSSH question anymore and I am sorry about that. The dynamic DNS solution is probably the cleanest solution anyway. But the topic seems to have struck some interest? -- @martinkrafft | http://madduck.net/ | http://two.sentenc.es/ "the sick do not ask if the hand that smoothes their pillow is pure, nor the dying care if the lips that touch their brow have known the kiss of sin." -- oscar wilde spamtraps: madduck.bogus at madduck.net -------------- next part -------------- A non-text attachment was scrubbed... Name: digital_signature_gpg.asc Type: application/pgp-signature Size: 1107 bytes Desc: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current) URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20141223/bbbddaee/attachment-0001.bin>