Hello,
This bug is in SuSe, Debian, every version of Red Hat I tested.
tcpdump -nl -i any -s 2048 dst port 53
ssh user@host
14:53:30.239173 65.114.174.99.32778 > 205.171.3.65.domain: 64500+ AAAA? host.domain.com. (46) (DF)
14:53:30.267398 65.114.174.99.32778 > 205.171.3.65.domain: 64501+ AAAA? host. (26) (DF)
14:53:30.286020 65.114.174.99.32778 > 205.171.3.65.domain: 64502+ A? host.domain.com. (46) (DF)
That middle query is causing bogus root DNS server traffic every time someone sshs to an unqualified hostname within their LAN.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=131610
SSH people won't take responsibility for this bug. The Fedora people won't take responsibility for this bug. I'm sick of trying to report this bug, so here it is.
I figured the administrators of root DNS servers should know about this, which is why I copied to NANOG. Who knows how much bogus traffic this issue is causing. My guess is lots.
This bug is in SuSe, Debian, every version of Red Hat I tested.
Looks like the stub resolver in glibc. Permutation order should be
hostname over AFI, not AFI over hostname, agreed.
So the correct query sequence should be:
- AAAA host.domain.com.
- A host.domain.com.
- AAAA host.
- A host.
That middle query is causing bogus root DNS server traffic every time
someone sshs to an unqualified hostname within their LAN.
Nod.
SSH people won't take responsibility for this bug.
They are correct. It's not their fault.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=131610
The Fedora people won't take responsibility for this bug.
They do, did you test as Florian asked you?
Regards,
Daniel
They do, did you test as Florian asked you?
Regards,
Daniel
Looks like someone did:
------- Additional Comment #5 From Carlos Morgado on 2004-09-27
15:05 -------
A tcpdump on queries from FC3t2 gave me
AAAA host
AAAA host.subdomain
A host
A host.subdomain