From owner-freebsd-current  Fri Oct 25 20:13:56 2002
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id A45B237B401
	for <freebsd-current@freebsd.org>; Fri, 25 Oct 2002 20:13:54 -0700 (PDT)
Received: from canning.wemm.org (canning.wemm.org [192.203.228.65])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 9B53743E9E
	for <freebsd-current@freebsd.org>; Fri, 25 Oct 2002 20:13:46 -0700 (PDT)
	(envelope-from peter@wemm.org)
Received: from wemm.org (localhost [127.0.0.1])
	by canning.wemm.org (Postfix) with ESMTP
	id 419932A88D; Fri, 25 Oct 2002 20:13:41 -0700 (PDT)
	(envelope-from peter@wemm.org)
X-Mailer: exmh version 2.5 07/13/2001 with nmh-1.0.4
To: John De Boskey <jwd@bsdwins.com>
Cc: Current List <freebsd-current@freebsd.org>
Subject: Re: Local DNS lookup by sshd? 
In-Reply-To: <20021026021753.GA95524@BSDWins.Com> 
Date: Fri, 25 Oct 2002 20:13:41 -0700
From: Peter Wemm <peter@wemm.org>
Message-Id: <20021026031341.419932A88D@canning.wemm.org>
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-current.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-current>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-current>
X-Loop: FreeBSD.ORG

John De Boskey wrote:
> Hi,
> 
>    When logging into a current 5.0 system via ssh, I see the following
> written to the system console (the 'xxx's are my whiteout):
> 
> ... kernel: Connection attempt to UDP xxx.58.184.35:53 from xxx.58.184.35:492
    53
> ... kernel: Connection attempt to UDP xxx.58.184.35:53 from xxx.58.184.35:492
    54
> ... kernel: Connection attempt to UDP xxx.58.184.35:53 from xxx.58.184.35:492
    55
> ... kernel: Connection attempt to UDP xxx.58.184.35:53 from xxx.58.184.35:492
    56
> 
>    Basically, it looks like it is trying to talk to a DNS on the
> localhost. However, I do not have DNS running. I do not have localhost listed
> in /etc/resolv.conf.  /etc/nsswitch.conf lists 'hosts: files dns' and putting
> my ssh origination id in /etc/hosts has no effect.
> 
>    It appears to be related to code in canohost.c. Before I start debugging,
> I thought I'd ask if anyone knew if there is a reason for this behaviour,
> or where it might be coming from (specifically).

Are you using privsep?  If so, I think this is expected.  The unpriviliged
side runs in a chroot under /var/empty.  This means, that it cannot see any
/etc/nsswitch.conf and cannot see any /etc/resolv.conf or /etc/hosts.

And the resolver client library defaults querying on the first interface,
and in your case it used localhost.

Cheers,
-Peter
--
Peter Wemm - peter@wemm.org; peter@FreeBSD.org; peter@yahoo-inc.com
"All of this is for nothing if we don't go to the stars" - JMS/B5


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message