[Bug 1296] VerifyHostKeyDNS default domain

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Thu Apr 17 01:18:11 EST 2014


https://bugzilla.mindrot.org/show_bug.cgi?id=1296

Christoph Lechleitner <christoph.lechleitner at iteg.at> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |christoph.lechleitner at iteg.
                   |                            |at

--- Comment #7 from Christoph Lechleitner <christoph.lechleitner at iteg.at> ---
The workaround in comment #2 only works for one domain.

I have at least 3 domains in resolv.conf's search list: A site internal
domain, our main domain, and a helper domain with CNAMEs for several
parters' hosts.

We already implemented a tool to distribute SSHFP records over any
domain a host is listed in (i.e. World address, DMZ address) to solve
the multi-IP resp. multi-interface problem.

But in this state VerifyHostKeyDNS is useless for us ;-(

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list