resolver broken on feisty? (was Re: sshd complains: POSSIBLE BREAK-IN ATTEMPT)

Josef Wolf jw at raven.inka.de
Sun Sep 16 10:13:26 UTC 2007 

On Sun, Sep 16, 2007 at 11:57:38AM +1000, Karl Auer wrote:
> On Sun, 2007-09-16 at 03:10 +0200, Josef Wolf wrote:

Thanks for your answer, Karl!

> > >    reverse mapping checking getaddrinfo for raven.wolf.local failed - POSSIBLE BREAK-IN ATTEMPT!
> > > 
> > > "dig raven.wolf.local" correctly resolves the given host to 192.168.1.12
> > > and "dig -x 192.168.1.12" correctly gives raven.wolf.local.
> 
> Did you do those digs on the target box (i.e., the box you are ssh-ing
> *to*)?

yes.

> What happens with "ping raven.wolf.local" on the target box?

Ough, it says "unknown host".  Strange.  Why does ping say "unknown host"
while dig can actually resolve the address?  Why does ping ignore
resolv.conf?

> What are the contents of /etc/resolv.conf on the target box?

  $ ssh ubuntu.wolf.local cat /etc/resolv.conf
  search wolf.local
  nameserver 192.168.1.1

> What are the IP addresses of the two boxes involved (and which is
> which)?

192.168.1.12  raven.wolf.local (source)
192.168.1.130 ubuntu.wolf.local (target)

> What exact command are you using on the local box (i.e., the box you are
> ssh-ing *from*)?

Below is all the information in full detail.  Especially interesting are
the last two commands: ping from ubuntu(target) to raven says "unknown host"
but dig can actually resolve the address.

jw at raven:/m/b/home/jw> lsb_release -a
LSB Version:    core-2.0-noarch:core-3.0-noarch:core-2.0-ia32:core-3.0-ia32:graphics-2.0-ia32:graphics-2.0-noarch:graphics-3.0-ia32:graphics-3.0-noarch
Distributor ID: SUSE LINUX
Description:    SUSE LINUX 10.0 (i586)
Release:        10.0
Codename:       n/a
jw at raven:~> cat /etc/resolv.conf
nameserver 192.168.1.1
search wolf.local
jw at raven:~> cat /etc/hosts
127.0.0.1 localhost.localdomain localhost

# special IPv6 addresses
::1             localhost ipv6-localhost ipv6-loopback

fe00::0         ipv6-localnet

ff00::0         ipv6-mcastprefix
ff02::1         ipv6-allnodes
ff02::2         ipv6-allrouters
ff02::3         ipv6-allhosts
192.168.1.12 raven.wolf.local
jw at raven:~> dig raven.wolf.local

; <<>> DiG 9.3.2 <<>> raven.wolf.local
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45212
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;raven.wolf.local.              IN      A

;; ANSWER SECTION:
raven.wolf.local.       0       IN      A       192.168.1.12

;; Query time: 3 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Sun Sep 16 11:43:26 2007
;; MSG SIZE  rcvd: 50

jw at raven:~> dig -x 192.168.1.12

; <<>> DiG 9.3.2 <<>> -x 192.168.1.12
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27299
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;12.1.168.192.in-addr.arpa.     IN      PTR

;; ANSWER SECTION:
12.1.168.192.in-addr.arpa. 0    IN      PTR     raven.wolf.local.

;; Query time: 3 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Sun Sep 16 11:43:42 2007
;; MSG SIZE  rcvd: 73

jw at raven:~> ping -c1 ubuntu.wolf.local
PING ubuntu.wolf.local (192.168.1.130) 56(84) bytes of data.
64 bytes from ubuntu.wolf.local (192.168.1.130): icmp_seq=1 ttl=64 time=0.203 ms

--- ubuntu.wolf.local ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.203/0.203/0.203/0.000 ms
jw at raven:~> ssh ubuntu.wolf.local lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 7.04
Release:        7.04
Codename:       feisty
jw at raven:~> ssh ubuntu.wolf.local cat /etc/resolv.conf
search wolf.local
nameserver 192.168.1.1
jw at raven:~> ssh ubuntu.wolf.local cat /etc/host.conf
# The "order" line is only used by old versions of the C library.
order hosts,bind
multi on
jw at raven:~> ssh ubuntu.wolf.local cat /etc/hosts
127.0.0.1 localhost.localdomain localhost
127.0.1.1       ubuntu.wolf.local       ubuntu

# The following lines are desirable for IPv6 capable hosts
::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
jw at raven:~> ssh ubuntu.wolf.local dig -x 192.168.1.12

; <<>> DiG 9.3.4 <<>> -x 192.168.1.12
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19330
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;12.1.168.192.in-addr.arpa.     IN      PTR

;; ANSWER SECTION:
12.1.168.192.in-addr.arpa. 0    IN      PTR     raven.wolf.local.

;; Query time: 2 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Sun Sep 16 11:33:06 2007
;; MSG SIZE  rcvd: 73

jw at raven:~> ssh ubuntu.wolf.local dig raven.wolf.local

; <<>> DiG 9.3.4 <<>> raven.wolf.local
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49091
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;raven.wolf.local.              IN      A

;; ANSWER SECTION:
raven.wolf.local.       0       IN      A       192.168.1.12

;; Query time: 2 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Sun Sep 16 11:32:51 2007
;; MSG SIZE  rcvd: 50

jw at raven:~> ssh ubuntu.wolf.local ping -c1 raven.wolf.local
ping: unknown host raven.wolf.local
jw at raven:~>

More information about the ubuntu-users mailing list