Date: Mon, 6 Jan 2003 12:15:05 +0200 From: Peter Pentchev <roam@ringlet.net> To: lemon <lemon@aldigital.co.uk> Cc: freebsd-hackers@freebsd.org Subject: Re: getnameinfo contacting 'wrong' resolver for lookup Message-ID: <20030106101505.GC382@straylight.oblivion.bg> In-Reply-To: <3E182B54.4090007@aldigital.co.uk> References: <3E182B54.4090007@aldigital.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
--sHrvAb52M6C8blB9 Content-Type: text/plain; charset=windows-1251 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Jan 05, 2003 at 12:55:48PM +0000, lemon wrote: > hi, >=20 > i have a 4.7-STABLE box running two nameservers: a djbdns dnscache on > 127.0.0.1 to serve local requests, and have recently added a djbdns > tinydns on my external address to serve domains i host, viz: >=20 > $ sockstat -4 | grep :53 > dnscache dnscache 37679 3 udp4 127.0.0.1:53 *:* > dnscache dnscache 37679 4 tcp4 127.0.0.1:53 *:* > tinydns tinydns 37672 3 udp4 192.168.1.2:53 *:* >=20 > the box's resolv.conf has a single nameserver entry for localhost. >=20 > my problem: since adding the external tinydns listener, my openssh > sessions take ages to log in. thinking a reverse lookup oddity i did > some digging, and saw that the getnameinfo call in sshd appears to query > the external listener (albeit thru loopback) first. this external > listener can't reverse the connection's address since it only resolves > domains hosted on the box itself. after a long timeout, the correct > nameserver is contacted and the login succeeds. some tcpdumping reveals: >=20 > # tcpdump -ni lo0 > tcpdump: listening on lo0 >=20 > [ 'wrong' listener being contacted ] >=20 > 18:02:38.448117 192.168.1.2.1226 > 192.168.1.2.53: > 24805+ PTR? 7.57.192.80.in-addr.arpa. (42) > 18:02:43.452867 192.168.1.2.1227 > 192.168.1.2.53: > 24805+ PTR? 7.57.192.80.in-addr.arpa. (42) > 18:02:53.462937 192.168.1.2.1228 > 192.168.1.2.53: > 24805+ PTR? 7.57.192.80.in-addr.arpa. (42) > 18:03:13.473076 192.168.1.2.1229 > 192.168.1.2.53: > 24805+ PTR? 7.57.192.80.in-addr.arpa. (42) Are you sure those connections are from the SSH daemon, and not from the dnscache itself? Can you post the full configuration of the tinydns and dnscache services, e.g. using Jonathan de Boyne Pollard's tinydns-showctl and dnscache-showctl utilities, available from http://homepages.tesco.net/~J.deBoynePollard/Softwares/djbdns.html Also, it would be very useful to see the full logfiles generated by dnscache and tinydns around the time of the unsuccessful lookups, and the exact contents of your /etc/resolv.conf file. This might turn out to be a trivial misconfiguration problem, or it might be a real getnameinfo(3) bug, but it would be much easier to find out with more information :) G'luck, Peter --=20 Peter Pentchev roam@ringlet.net roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 This sentence no verb. --sHrvAb52M6C8blB9 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+GVcp7Ri2jRYZRVMRApppAJ99yi1bJBR/mJHfisbdw7phNEyHqQCdF0r1 Lvdwo0Tec0KErBRwR0t3vHk= =uWrE -----END PGP SIGNATURE----- --sHrvAb52M6C8blB9-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030106101505.GC382>