0
I just set up a dhcp/dns server to manage my home network. After I got everything up and running (and maybe before - I wasn't paying close attention), I noticed that logging into ssh was slow. I started sshd in debug mode with /sbin/sshd -ddd
and fired up a second PuTTy instance.
Of course, the culprit was immediately obvious:
debug3: Trying to reverse map address 10.0.0.22.
reverse mapping checking getaddrinfo for mt.local [10.0.0.22] failed - POSSIBLE BREAK-IN ATTEMPT!
It couldn't reverse map my IP to my hostname. Which is peculiar, considering that the DNS records are all in order according to nslookup:
[root@media] # nslookup mt.local
Server: 10.0.0.2
Address: 10.0.0.2#53
Name: mt.local
Address: 10.0.0.22
[root@media] # nslookup 10.0.0.22
Server: 10.0.0.2
Address: 10.0.0.2#53
22.0.0.10.in-addr.arpa name = mt.local
host:
[root@media] # host mt.local
mt.local has address 10.0.0.22
[root@media] # host 10.0.0.22
22.0.0.10.in-addr.arpa domain name pointer mt.local.
and dig:
[root@media] # dig mt.local
; <<>> DiG 9.9.4-P2-RedHat-9.9.4-12.P2.fc20 <<>> mt.local
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12144
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;mt.local. IN A
;; ANSWER SECTION:
mt.local. 300 IN A 10.0.0.22
;; AUTHORITY SECTION:
local. 300 IN NS media.local.
;; ADDITIONAL SECTION:
media.local. 300 IN A 10.0.0.2
;; Query time: 0 msec
;; SERVER: 10.0.0.2#53(10.0.0.2)
;; WHEN: Tue Jul 15 23:02:34 EDT 2014
;; MSG SIZE rcvd: 89
[root@media] # dig -x 10.0.0.22
; <<>> DiG 9.9.4-P2-RedHat-9.9.4-12.P2.fc20 <<>> -x 10.0.0.22
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5476
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;22.0.0.10.in-addr.arpa. IN PTR
;; ANSWER SECTION:
22.0.0.10.in-addr.arpa. 300 IN PTR mt.local.
;; AUTHORITY SECTION:
0.0.10.in-addr.arpa. 300 IN NS media.local.
;; ADDITIONAL SECTION:
media.local. 300 IN A 10.0.0.2
;; Query time: 1 msec
;; SERVER: 10.0.0.2#53(10.0.0.2)
;; WHEN: Tue Jul 15 23:03:59 EDT 2014
;; MSG SIZE rcvd: 109
And, for the sake of verbosity, my /etc/resolv.conf
:
search local
nameserver 10.0.0.2
I can't find any reason that reverse mapping should fail. And I can't find any reason for it to hang so long before it does fail - the DNS server is only 0.5 ms away.
Yeah, I know I could just turn reverse mapping off, but that's not really the point. I appreciate any and all assistance!
I should probably note that this is on a 10.0.0.0/24 network; modem/gateway is at 10.0.0.1; dns/dhcp/the box I'm talking about (media) is at 10.0.0.2; and my desktop (mt) is at 10.0.0.22. Local domain is .local, and I have reverse DNS mapping tied to DHCP.
1
dig
,host
andnslookup
all check DNS, but nothing else and typically systems are configured to use the/etc/hosts
file first and may be configured in/etc/nsswitch.conf
to use other host databases (e.g. NIS, LDAP) in precedence to DNS as well. The checkgetent hosts 10.0.0.22
honors nsswitch.conf and matches what the system resolver andgetaddrinfo
will return. – HBruijn – 2014-07-16T08:35:40.717do you show resolv.conf of ssh client or ssh server machine? – None – 2014-07-16T14:01:39.937
@HBruijn Unfortunately, getent gives the same results: getent hosts 10.0.0.22 returns 10.0.0.22 mt.local. – Chris – 2014-07-16T15:57:11.207
@Bushmills That's the resolv.conf for the server. Client is cygwin/windows. – Chris – 2014-07-16T15:57:51.893
I'd partition problem domain, by running tcpdump or tshark, monitoring udp/53 dest traffic, to verify that actually your nameserver is queries when attempting to reverse resolve. Maybe you're logging those queries on nameserver so you could check logs instead. – None – 2014-07-16T17:13:10.680