can't verify hostname: getaddrinfo...
Ryan Golhar
golharam at umdnj.edu
Thu Aug 3 17:37:06 UTC 2006
Interesting. If I do
'dig host-1.1.1.1.abc.net', I get:
--BEGIN--
; <<>> DiG 9.2.4 <<>> host-1-1-1-1.abc.net
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 4560
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;host-1-1-1-1.abc.net. IN A
--END
However, if I use another entry from a user that works I get an Answer
section. So I suspect something with abc.net's DNS is causing this.
If I use your rdig.pl script, I get a valid ANSWER section:
;; ANSWER SECTION:
101.173.149.24.in-addr.arpa. 26292 IN PTR host-1-1-1-1.abc.net
If I use another ISP entry (mine for instance), I get a similar answer
section, so I don't see a different with rdig.
-----Original Message-----
From: David Tonhofer [mailto:d.tonhofer at m-plify.com]
Sent: Thursday, August 03, 2006 1:18 PM
To: golharam at umdnj.edu; General Red Hat Linux discussion list
Subject: Re: can't verify hostname: getaddrinfo...
Ryan Golhar wrote:
> I have a group of machines that are only accessible by users from
> certain ISPs. One of those ISPs, we'll call abc.net. The example IP
> address I will use is 1.1.1.1
>
> In my /etc/hosts.allow, I have:
>
> sshd: LOCAL, .abc.net
>
> This was working for some time, but somewhere along the last few weeks
> or months stopped working, and I don't know why.
>
> /var/log/secure reports the following:
>
> sshd[7693]: warning: /etc/hosts.allow, line 10: can't verify hostname:
> getaddrinfo(host-1-1-1-1.abc.net, AF_INET) failed
>
> sshd[7693]: refused connect from 1.1.1.1 (1.1.1.1)
>
> The users are real and were able to get access to these machines.
> I've verified that I can get access to the machines from a different
> ISP, in fact, most of the users can. It just seems to be this 1
> provider that these 2 users have. Any ideas where I can start looking
> to find the cause of this problem?
>
> Ryan
>
On a hunch, this seems to be a DNS problem, I don't know whether this is
correct but does
the lookup "IP address" -> "reverse address" -> "IP address" seems to
fail, probably because
the ISP has a messily configured DNS?
1) Try this on the command line (the 'rdig.pl' program is just a reverse
lookup perl program that uses 'dig',
see the attached program; use that or just execute 'dig
1.2.3.4.in-addr.arpa. PTR' instead of 'rdig.pl 4.3.2.1'
"rdig.pl 1.1.1.1" should give "host-1-1-1-1.abc.net" - if not, your
setup won't work
"dig host-1-1-1-1.abc.net" should give "1.1.1.1" - if not, your setup
SHOULD not work
2) See "man getaddrinfo"
Best regards,
-- David
----------8<-----------------rdig--------------------
#!/usr/bin/perl -w
if (!defined $ARGV[0]) {
print STDERR "You have to pass an IP address to reverse-resolve\n";
exit 1;
}
if ($ARGV[0] =~ /^(\d+)\.(\d+)\.(\d+)\.(\d+)$/) {
$reverse="$4.$3.$2.$1.in-addr.arpa";
open(PIPE,"/usr/bin/dig $reverse PTR|") or die "Could not open pipe:
$!\n";
@lines = <PIPE>;
close(PIPE) or die "Could not close pipe: $!\n";
foreach $line (@lines) {
print $line;
}
exit 0;
}
else {
print STDERR "The passed argument $ARGV[0] is not an IP address\n";
exit 1;
}
More information about the redhat-list
mailing list