Name Resolving bug in Open SSH 3.0.2
Pekka Savola
pekkas at netcore.fi
Sat Dec 8 23:27:22 EST 2001
On Sat, 8 Dec 2001, Gil Disatnik wrote:
> Hello there,
> In OpenSSH 3.0.2p1 there is a strange name resolving bug:
>
> /etc/nsswitch.conf shows:
>
> hosts: files dns
>
> When I am trying to connect to a host that is in /etc/hosts using the
> hostname, ssh tries to first resolve this name using the dns, regardless to
> the resolve order in /etc/nsswitch.conf, if the dns is timeout or the
> machine is not connected to the Internet at this time - this causes a delay
> of 10 seconds before connecting to a neighbor machine... that's bad.
> REMOVING dns from /etc/nsswitch.conf solves this problem, however...
> /etc/nsswitch is there to tell which mechanism to go to first...
I believe you're using Linux.
If so, this is an issue in glibc:
http://sources.redhat.com/ml/libc-alpha/2001-11/msg00125.html
(this was brought up a year ago too).
The problem is that getaddrinfo tries to look up AAAA record for the entry
in /etc/hosts via DNS first unless there is an IPv6 address for the name
in /etc/hosts too.
You can work around this in OpenSSH by compiling --with-ipv4-default.
--
Pekka Savola "Tell me of difficulties surmounted,
Netcore Oy not those you stumble over and fall"
Systems. Networks. Security. -- Robert Jordan: A Crown of Swords
More information about the openssh-unix-dev
mailing list