From owner-freebsd-current  Sat Jan 18  6: 5:57 2003
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 7126A37B401
	for <freebsd-current@FreeBSD.ORG>; Sat, 18 Jan 2003 06:05:56 -0800 (PST)
Received: from fledge.watson.org (fledge.watson.org [204.156.12.50])
	by mx1.FreeBSD.org (Postfix) with ESMTP id D498B43ED8
	for <freebsd-current@FreeBSD.ORG>; Sat, 18 Jan 2003 06:05:55 -0800 (PST)
	(envelope-from robert@fledge.watson.org)
Received: from fledge.watson.org (fledge.pr.watson.org [192.0.2.3])
	by fledge.watson.org (8.12.6/8.12.5) with SMTP id h0IE5oP4081121;
	Sat, 18 Jan 2003 09:05:51 -0500 (EST)
	(envelope-from robert@fledge.watson.org)
Date: Sat, 18 Jan 2003 09:05:49 -0500 (EST)
From: Robert Watson <rwatson@FreeBSD.ORG>
X-Sender: robert@fledge.watson.org
To: Andy Farkas <andyf@speednet.com.au>
Cc: freebsd-current@FreeBSD.ORG
Subject: Re: some 5.0 oddities
In-Reply-To: <20030118124305.L44035-100000@hewey.af.speednet.com.au>
Message-ID: <Pine.NEB.3.96L.1030118090335.67385D-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-current.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-current>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-current>
X-Loop: FreeBSD.ORG


On Sat, 18 Jan 2003, Andy Farkas wrote:

> Some of observations of 5.0-RELEASE: 
> 
> 1/ Everytime I ssh to the box there are 4 connection attempts to UDP
> port 53 from itself. ie: 
> 
> Jan 18 12:45:17 <kern.info> team2 kernel: Connection attempt to UDP 172.22.2.12:53 from 172.22.2.12:49205
> Jan 18 12:45:17 <kern.info> team2 kernel: Connection attempt to UDP 172.22.2.12:53 from 172.22.2.12:49206
> Jan 18 12:45:17 <kern.info> team2 kernel: Connection attempt to UDP 172.22.2.12:53 from 172.22.2.12:49207
> Jan 18 12:45:17 <kern.info> team2 kernel: Connection attempt to UDP 172.22.2.12:53 from 172.22.2.12:49208
> 
> I have log_in_vain="1" and /etc/resolv.conf points to 172.22.2.1 only. 

This occurs because there appear to be DNS lookups in the wrong "bit" of
sshd due to privilege separation.  Since the contained bit of sshd runs in
/var/empty, and there's not resolv.conf.  The work-arounds are to turn off
login_in_vain, turn off privilege-separation, to put a resolv.conf in
/var/empty/etc, or to ignore it.  Not sure what the fix is.  :-)

Robert N M Watson             FreeBSD Core Team, TrustedBSD Projects
robert@fledge.watson.org      Network Associates Laboratories


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message