From owner-freebsd-hackers@FreeBSD.ORG Mon Sep 8 15:03:02 2003 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0DE3916A4BF; Mon, 8 Sep 2003 15:03:02 -0700 (PDT) Received: from lakemtao08.cox.net (lakemtao08.cox.net [68.1.17.113]) by mx1.FreeBSD.org (Postfix) with ESMTP id CE05243FBF; Mon, 8 Sep 2003 15:03:00 -0700 (PDT) (envelope-from mezz7@cox.net) Received: from mezz.mezzweb.com ([68.103.32.11]) by lakemtao08.cox.net (InterMail vM.5.01.06.04 201-253-122-130-104-20030726) with ESMTP id <20030908220258.MADJ19774.lakemtao08.cox.net@mezz.mezzweb.com>; Mon, 8 Sep 2003 18:02:58 -0400 Date: Mon, 08 Sep 2003 17:02:02 -0500 To: Andreas Klemm References: <3F589E94.1080508@xwave.com> <20030905154646.GA59881@rot13.obsecurity.org> <20030906213428.GF29217@spc.org> <3F5A8FDB.3050507@newsguy.com> <20030907015510.GG29217@spc.org> <20030908202727.GA49862@titan.klemm.apsfilter.org> <20030908211306.GA50616@titan.klemm.apsfilter.org> From: Jeremy Messenger Content-Type: text/plain; format=flowed; charset=utf-8 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-ID: In-Reply-To: <20030908211306.GA50616@titan.klemm.apsfilter.org> User-Agent: Opera7.20/Linux M2 build 459 cc: freebsd-hackers@freebsd.org Subject: Re: PUzzling sshd behaviour X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Sep 2003 22:03:02 -0000 On Mon, 8 Sep 2003 23:13:06 +0200, Andreas Klemm wrote: > On Mon, Sep 08, 2003 at 03:59:51PM -0500, Jeremy Messenger wrote: >> My solution is to install and setup dnscache to do the local DNS cache. > > DNS cache sounds like it caches DNS records after a successfull > DNS query, right ? > > The problem at my clients project was, that the DNS server > a) wasn't reachable from time to time because they played > around with a pix firewall in a cat6k > b) these particular OOB IPs and the sun's IPs were not in > DNS database > > So ... I assume a dns *cache* wouldn't have brought any better > functionality. We still would have needed a functionality in > sshd, to turn off reverse lookup entirely ... > The suns have already been secured by firewalls so no real need > for this reverse lookup feature. I use tinydns and dnscache to do the local DNS, so I don't have to touch the /etc/hosts anymore. The /etc/hosts is just pain in my ass. It solved all of my SSH and other reverse lookup problems. Current, I have the split horizon DNS[1] setup for the internal and external DNS queries separate. [1] http://www.fefe.de/djbdns/#splithorizon Great article about djbdns on FreeBSD can be found at http://ezine.daemonnews.org/200210/ezdjbdns.html .. Cheers, Mezz > Andreas /// -- bsdforums.org 's moderator, mezz.