Bogus Root DNS server Traffic.
Ken Snider
ksnider at flarn.com
Mon Sep 27 18:53:44 UTC 2004
Jason Giglio wrote:
> Hello,
>
> This bug is in SuSe, Debian, every version of Red Hat I tested.
>
> tcpdump -nl -i any -s 2048 dst port 53
>
> ssh user at host
>
> 14:53:30.239173 65.114.174.99.32778 > 205.171.3.65.domain: 64500+ AAAA?
> host.domain.com. (46) (DF)
> 14:53:30.267398 65.114.174.99.32778 > 205.171.3.65.domain: 64501+ AAAA?
> host. (26) (DF)
> 14:53:30.286020 65.114.174.99.32778 > 205.171.3.65.domain: 64502+ A?
> host.domain.com. (46) (DF)
>
> That middle query is causing bogus root DNS server traffic every time
> someone sshs to an unqualified hostname within their LAN.
Jason, copied from your RedHat bug (Which also appears to be copied from
elsewhere):
"OpenSSH just uses the standard getaddrinfo() API, it doesn't do anything
magical for DNS queries. Any complaints about getaddrinfo()'s behaviour on
your system should be directed to your libc vendor."
This is a glibc issue, not openSSH, and as such likely affects a lot more than
openssh (probably anything that uses glibc resolve code rather than libresolve).
> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=131610
As he bug asks, is this still an issue in FC3t2?
For the record, this *is* still an issue in RHEL3U3.
--
Ken Snider
More information about the fedora-test-list
mailing list