From owner-freebsd-hackers Sun Jan 5 4:55:32 2003 Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 57A2D37B401 for ; Sun, 5 Jan 2003 04:55:30 -0800 (PST) Received: from pip.lemonia.org (pc-80-192-57-7-az.blueyonder.co.uk [80.192.57.7]) by mx1.FreeBSD.org (Postfix) with SMTP id 8E07343EB2 for ; Sun, 5 Jan 2003 04:55:28 -0800 (PST) (envelope-from lemon@aldigital.co.uk) Received: (qmail 67292 invoked from network); 5 Jan 2003 12:55:33 -0000 Received: from unknown (HELO aldigital.co.uk) (192.168.1.3) by 192.168.1.4 with SMTP; 5 Jan 2003 12:55:33 -0000 Message-ID: <3E182B54.4090007@aldigital.co.uk> Date: Sun, 05 Jan 2003 12:55:48 +0000 From: lemon User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.1) Gecko/20021126 X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-hackers@freebsd.org Subject: getnameinfo contacting 'wrong' resolver for lookup Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG hi, i have a 4.7-STABLE box running two nameservers: a djbdns dnscache on 127.0.0.1 to serve local requests, and have recently added a djbdns tinydns on my external address to serve domains i host, viz: $ sockstat -4 | grep :53 dnscache dnscache 37679 3 udp4 127.0.0.1:53 *:* dnscache dnscache 37679 4 tcp4 127.0.0.1:53 *:* tinydns tinydns 37672 3 udp4 192.168.1.2:53 *:* the box's resolv.conf has a single nameserver entry for localhost. my problem: since adding the external tinydns listener, my openssh sessions take ages to log in. thinking a reverse lookup oddity i did some digging, and saw that the getnameinfo call in sshd appears to query the external listener (albeit thru loopback) first. this external listener can't reverse the connection's address since it only resolves domains hosted on the box itself. after a long timeout, the correct nameserver is contacted and the login succeeds. some tcpdumping reveals: # tcpdump -ni lo0 tcpdump: listening on lo0 [ 'wrong' listener being contacted ] 18:02:38.448117 192.168.1.2.1226 > 192.168.1.2.53: 24805+ PTR? 7.57.192.80.in-addr.arpa. (42) 18:02:43.452867 192.168.1.2.1227 > 192.168.1.2.53: 24805+ PTR? 7.57.192.80.in-addr.arpa. (42) 18:02:53.462937 192.168.1.2.1228 > 192.168.1.2.53: 24805+ PTR? 7.57.192.80.in-addr.arpa. (42) 18:03:13.473076 192.168.1.2.1229 > 192.168.1.2.53: 24805+ PTR? 7.57.192.80.in-addr.arpa. (42) [ long timeout, then the correct listener ] 18:03:53.485796 127.0.0.1.1230 > 127.0.0.1.53: 57265+ PTR? 7.57.192.80.in-addr.arpa. (42) 18:03:53.486280 127.0.0.1.53 > 127.0.0.1.1230: 57265 1/0/0 PTR[|domain] 18:03:53.743123 127.0.0.1.1231 > 127.0.0.1.53: 57266+ PTR? 7.57.192.80.in-addr.arpa. (42) 18:03:53.744654 127.0.0.1.53 > 127.0.0.1.1231: 57266 1/0/0 PTR[|domain] 18:03:53.745014 127.0.0.1.1232 > 127.0.0.1.53: 57267+ A? pc-80-192-57-7-az.blueyonder.co.uk. (52) 18:03:53.746016 127.0.0.1.53 > 127.0.0.1.1232: 57267 1/0/0 A[|domain] the code fragment in openssh responsible is this: /usr/src/crypto/openssh/canohost.c debug3("Trying to reverse map address %.100s.", ntop); /* Map the IP address to a host name. */ if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name), NULL, 0, NI_NAMEREQD) != 0) { /* Host name not found. Use ip address. */ log("Could not reverse map address %.100s.", ntop); return xstrdup(ntop); } i note that an old 3.4-RELEASE box i have, which has no native getnameinfo call and so uses the one in the portable openssh distribution doesn't behave the same - it correctly contacts 127.0.0.1:53 straight off. am i missing something or is this genuinely odd behaviour from a newish function? regards, l. FreeBSD rind.lemonia.org 4.7-STABLE FreeBSD 4.7-STABLE #0: Thu Dec 12 17:24:37 GMT 2002 root@rind.lemonia.org:/usr/obj/usr/src/sys/RIND i386 -- lemon@aldigital.co.uk +44 020 8742 0755 www.aldigital.co.uk system administrivia c6 h8 o7 www.thebunker.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message