Trailing dot is not removed from client hostname if HostbasedUsesNameFromPacketOnly is yes

Stephen Samuel samuel at bcgreen.com
Tue Sep 16 08:37:20 EST 2003


Normallly a machine is considered to be part of a domain.
Nameservers use this fact to allow for short name lookups.

eg: let's say that  my machine is part of bcgreen.com.

If I do a nslookup for server , dns will normally look for
the tld of 'server'. Then it will look for server.bcgreen.com

similarly, a hunt for www.mindrott.org (note the double 't')
would cause a look for www.mindrot.org and then for www.mindrot.org.bcgreen.com

This gets real nasty if you have a wildcard for your domain...
eg: if i have
*.bcgreen.com 	IN	A 10.11.12.13
then the search for www.mindrot.org.bcgreen.com will return 10.11.12.13

On the other hand, if I specify www.mindrott.org. (note the trailing dot),
DNS recognizes that trailing dot as an indicator that this is EXACTLY the
name I'm looking for and DO NOT look for www.mindrot.org.bcgreen.com.

I just got bit by this the other day, where I was checking to see if
directory names corresponded to domain names,  The easy choice was to
simply do a `ping -c2 $dirname`  but it turns out that the machine I
was on was in a domain that had a wildcard DNS entry (grr!) so the
ping would always succeeed as some.filename.c.mydomain.com

ping -c2 ${dirname}.

did the trick.

Carson Gaspar wrote:
> 
> 
> --On Saturday, September 13, 2003 5:34 PM +0200 Markus Friedl 
> <markus at openbsd.org> wrote:
> 
>> AFAIK HostbasedUsesNameFromPacketOnly means: use the _exact_
>> value from the packet.  This is why the dot is not
>> removed.  Moreover, HostbasedUsesNameFromPacketOnly is
>> not recommended and experimental.  The client
>> needs to be changed to have truly random names in
>> the hostbased packets.
> 
> 
> WTF? Why would you want random names?!
> 


-- 
Stephen Samuel +1(604)876-0426                samuel at bcgreen.com
		   http://www.bcgreen.com/~samuel/
    Powerful committed communication. Transformation touching
        the jewel within each person and bring it to life.




More information about the openssh-unix-dev mailing list