ssh / bind help?
Bill Davidsen
davidsen at tmr.com
Mon Aug 4 01:54:10 UTC 2008
Ed Greshko wrote:
> William Murray wrote:
>> Hello guys,
>> I have 5 machines in a home network, all running F9,
>> with named/bind providing local DNS.
>> A couple of weeks ago a problem appeared: ssh hangs for internal
>> connections. No doubt
>> I had misconfigured the thing years ago, as bind mystifies me, but an
>> update must have triggered it.
>>
>> The problem is that reverse lookups hang forever; here is the end of
>> "ssh -vvv XXX"
>> debug1: Next authentication method: gssapi-with-mic
>> debug3: Trying to reverse map address 168.254.0.251.
>> Note the 'dot' at the end.
>> If I try nslookup 168.254.0.251 it works fine, but 168.254.0.251. does
>> not.
>
> Just curious.... Why do you want to use "168.254.0.251." If you were
> to use a trailing . on IP addresses outside of your maps you'd find they
> wouldn't get resolved either.
>
> $ host 64.236.24.12
> 12.24.236.64.in-addr.arpa domain name pointer www3.cnn.com.
> $ host 64.236.24.12.
> Host 64.236.24.12 not found: 3(NXDOMAIN)
> $ host 64.236.24.12
> 12.24.236.64.in-addr.arpa domain name pointer www3.cnn.com.
>
> So, just don't know what value adding the trailing . has for you or what
> you are expecting.
>
Adding the trailing dot, for names, prevents the value of the 'search'
field in /etc/resolve.com from being used. So
host fubar.bazfaz.net
could resolve to fubar.bazfaz.net.your.domain, if your DNS has a
wildcard MX record (like *.your.domain) would return a pointer to the
mail server for any address in your domain. If you add a trailing dot
that doesn't happen.
The value on an IP reverse lookup is unknown to me, there may be none.
--
Bill Davidsen <davidsen at tmr.com>
"We have more to fear from the bungling of the incompetent than from
the machinations of the wicked." - from Slashdot
More information about the fedora-list
mailing list