[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: Bogus Root DNS server Traffic.

From: Ken Snider <ksnider flarn com>
To: For testers of Fedora Core development releases <fedora-test-list redhat com>
Cc: nanog merit edu
Subject: Re: Bogus Root DNS server Traffic.
Date: Mon, 27 Sep 2004 14:53:44 -0400

Jason Giglio wrote:

Hello,

This bug is in SuSe, Debian, every version of Red Hat I tested.

tcpdump -nl -i any -s 2048 dst port 53

ssh user host

14:53:30.239173 65.114.174.99.32778 > 205.171.3.65.domain: 64500+ AAAA? host.domain.com. (46) (DF) 14:53:30.267398 65.114.174.99.32778 > 205.171.3.65.domain: 64501+ AAAA? host. (26) (DF) 14:53:30.286020 65.114.174.99.32778 > 205.171.3.65.domain: 64502+ A? host.domain.com. (46) (DF)

That middle query is causing bogus root DNS server traffic every time someone sshs to an unqualified hostname within their LAN.

Jason, copied from your RedHat bug (Which also appears to be copied from elsewhere):

"OpenSSH just uses the standard getaddrinfo() API, it doesn't do anything magical for DNS queries. Any complaints about getaddrinfo()'s behaviour on your system should be directed to your libc vendor."

This is a glibc issue, not openSSH, and as such likely affects a lot more than openssh (probably anything that uses glibc resolve code rather than libresolve).

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=131610

As he bug asks, is this still an issue in FC3t2?

For the record, this *is* still an issue in RHEL3U3.

--
Ken Snider

Follow-Ups:
- Re: Bogus Root DNS server Traffic.
  - From: Jason Giglio

References:
- Bogus Root DNS server Traffic.
  - From: Jason Giglio

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]