problem with DNS lookups on non-IPv4-only-mode?

Gert Doering gert at greenie.muc.de
Thu Jun 10 18:35:53 EST 2004


Hi,

On Thu, Jun 10, 2004 at 02:55:22AM -0500, Kendell Welch wrote:
> I seems to me that the problem here is that some DNS servers don't respond
> to IPv6 DNS queries correctly (query type=aaaa)...

Yes.  See the ietf-draft documents that I've mentioned.

> Now, I don't know how easy it would be to implement in a cross-platform
> mannar, but doesn't it seem reasonable that clients (aka. sshd servers)
> which are not configured for IPv6 addresses would have no need for looking
> up IPv6 addresses via DNS?
> 
> Could sshd determine if the machine was configured with IPv6 addresses,
> and if not, simply not make IPv6 DNS requests???  Perhaps I'm ignorant of
> common (X)NIX programming (I'm a Windows API programmer,) but it seems to
> me that such a solution would avoid this problem.

Actually it will only help for servers that are IPv4-only - and on those,
you can just run "sshd -4".

The problem is worse for machines that have IPv4 and IPv6 connectivity 
(most of our servers do, and company-internal SSH traffic is mostly IPv6
nowadays), because you will still run into those problems when port-
forwarding to hosts with broken DNS servers.

In that scenario, the only workable approach is to complain to the
people running the authoritative DNS servers for the "non-working"
DNS zones...

gert
-- 
USENET is *not* the non-clickable part of WWW!
                                                           //www.muc.de/~gert/
Gert Doering - Munich, Germany                             gert at greenie.muc.de
fax: +49-89-35655025                        gert at net.informatik.tu-muenchen.de




More information about the openssh-unix-dev mailing list