problem with DNS lookups on non-IPv4-only-mode?
Gert Doering
gert at greenie.muc.de
Thu Jun 10 18:35:53 EST 2004
Hi,
On Thu, Jun 10, 2004 at 02:55:22AM -0500, Kendell Welch wrote:
> I seems to me that the problem here is that some DNS servers don't respond
> to IPv6 DNS queries correctly (query type=aaaa)...
Yes. See the ietf-draft documents that I've mentioned.
> Now, I don't know how easy it would be to implement in a cross-platform
> mannar, but doesn't it seem reasonable that clients (aka. sshd servers)
> which are not configured for IPv6 addresses would have no need for looking
> up IPv6 addresses via DNS?
>
> Could sshd determine if the machine was configured with IPv6 addresses,
> and if not, simply not make IPv6 DNS requests??? Perhaps I'm ignorant of
> common (X)NIX programming (I'm a Windows API programmer,) but it seems to
> me that such a solution would avoid this problem.
Actually it will only help for servers that are IPv4-only - and on those,
you can just run "sshd -4".
The problem is worse for machines that have IPv4 and IPv6 connectivity
(most of our servers do, and company-internal SSH traffic is mostly IPv6
nowadays), because you will still run into those problems when port-
forwarding to hosts with broken DNS servers.
In that scenario, the only workable approach is to complain to the
people running the authoritative DNS servers for the "non-working"
DNS zones...
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
More information about the openssh-unix-dev
mailing list