FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora User

 
 
LinkBack Thread Tools
 
Old 08-03-2008, 09:42 PM
William Murray
 
Default ssh / bind help?

Hello guys,
I have 5 machines in a home network, all running F9, with
named/bind providing local DNS.
A couple of weeks ago a problem appeared: ssh hangs for internal
connections. No doubt
I had misconfigured the thing years ago, as bind mystifies me, but an
update must have triggered it.


The problem is that reverse lookups hang forever; here is the end of
"ssh -vvv XXX"

debug1: Next authentication method: gssapi-with-mic
debug3: Trying to reverse map address 168.254.0.251.
Note the 'dot' at the end.
If I try nslookup 168.254.0.251 it works fine, but 168.254.0.251. does not.

Can anyone suggest what I am doing wrong? Here is named.conf, in case
that helps.

Thank you!

acl ashenden {
168.254.0.0/24;
};

options {
allow-query {
168.254.0.0/24;
localhost;
};

listen-on port 53 {
127.0.0.1;
ashenden;
};
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";

recursion yes;

};

logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};

zone "0.254.168.in-addr.arpa." IN {
type master;
file "168.254.0_0.db";
};
zone "ashenden." IN {
type master;
file "ashenden_0.db";
};
zone "." IN {
type hint;
file "named.ca";
};

include "/etc/named.rfc1912.zones";

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 08-03-2008, 10:21 PM
Ed Greshko
 
Default ssh / bind help?

William Murray wrote:

Hello guys,
I have 5 machines in a home network, all running F9, with
named/bind providing local DNS.
A couple of weeks ago a problem appeared: ssh hangs for internal
connections. No doubt
I had misconfigured the thing years ago, as bind mystifies me, but an
update must have triggered it.


The problem is that reverse lookups hang forever; here is the end of
"ssh -vvv XXX"

debug1: Next authentication method: gssapi-with-mic
debug3: Trying to reverse map address 168.254.0.251.
Note the 'dot' at the end.
If I try nslookup 168.254.0.251 it works fine, but 168.254.0.251. does not.


Just curious.... Why do you want to use "168.254.0.251." If you were to
use a trailing . on IP addresses outside of your maps you'd find they
wouldn't get resolved either.


$ host 64.236.24.12
12.24.236.64.in-addr.arpa domain name pointer www3.cnn.com.
$ host 64.236.24.12.
Host 64.236.24.12 not found: 3(NXDOMAIN)
$ host 64.236.24.12
12.24.236.64.in-addr.arpa domain name pointer www3.cnn.com.

So, just don't know what value adding the trailing . has for you or what you
are expecting.




Can anyone suggest what I am doing wrong? Here is named.conf, in case
that helps.

Thank you!

acl ashenden {
168.254.0.0/24;
};

options {
allow-query {
168.254.0.0/24;
localhost;
};

listen-on port 53 {
127.0.0.1;
ashenden;
};
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursion yes;
};

logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};

zone "0.254.168.in-addr.arpa." IN {
type master;
file "168.254.0_0.db";
};
zone "ashenden." IN {
type master;
file "ashenden_0.db";
};
zone "." IN {
type hint;
file "named.ca";
};

include "/etc/named.rfc1912.zones";




--
Xerox never comes up with anything original.

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 08-04-2008, 01:54 AM
Bill Davidsen
 
Default ssh / bind help?

Ed Greshko wrote:

William Murray wrote:

Hello guys,
I have 5 machines in a home network, all running F9,
with named/bind providing local DNS.
A couple of weeks ago a problem appeared: ssh hangs for internal
connections. No doubt
I had misconfigured the thing years ago, as bind mystifies me, but an
update must have triggered it.


The problem is that reverse lookups hang forever; here is the end of
"ssh -vvv XXX"

debug1: Next authentication method: gssapi-with-mic
debug3: Trying to reverse map address 168.254.0.251.
Note the 'dot' at the end.
If I try nslookup 168.254.0.251 it works fine, but 168.254.0.251. does
not.


Just curious.... Why do you want to use "168.254.0.251." If you were
to use a trailing . on IP addresses outside of your maps you'd find they
wouldn't get resolved either.


$ host 64.236.24.12
12.24.236.64.in-addr.arpa domain name pointer www3.cnn.com.
$ host 64.236.24.12.
Host 64.236.24.12 not found: 3(NXDOMAIN)
$ host 64.236.24.12
12.24.236.64.in-addr.arpa domain name pointer www3.cnn.com.

So, just don't know what value adding the trailing . has for you or what
you are expecting.


Adding the trailing dot, for names, prevents the value of the 'search'
field in /etc/resolve.com from being used. So

host fubar.bazfaz.net
could resolve to fubar.bazfaz.net.your.domain, if your DNS has a
wildcard MX record (like *.your.domain) would return a pointer to the
mail server for any address in your domain. If you add a trailing dot
that doesn't happen.


The value on an IP reverse lookup is unknown to me, there may be none.

--
Bill Davidsen <davidsen@tmr.com>
"We have more to fear from the bungling of the incompetent than from
the machinations of the wicked." - from Slashdot

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 08-04-2008, 02:02 AM
Russell Miller
 
Default ssh / bind help?

Bill Davidsen wrote:
Adding the trailing dot, for names, prevents the value of the 'search'
field in /etc/resolve.com from being used. So

host fubar.bazfaz.net
could resolve to fubar.bazfaz.net.your.domain, if your DNS has a
wildcard MX record (like *.your.domain) would return a pointer to the
mail server for any address in your domain. If you add a trailing dot
that doesn't happen.


The value on an IP reverse lookup is unknown to me, there may be none.

I'm not entirely sure, but I think that trailing dot will cause it to
treat it as a forward and not a reverse lookup. Remember reverse
lookups get translated to 4oc.3oc.2oc.1oc.in-addr.arpa.


--Russell

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 08-04-2008, 02:39 AM
Ed Greshko
 
Default ssh / bind help?

Bill Davidsen wrote:


The value on an IP reverse lookup is unknown to me, there may be none.


*That* was the question.

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 08-04-2008, 08:41 AM
William John Murray
 
Default ssh / bind help?

> Bill Davidsen wrote:
>
> > The value on an IP reverse lookup is unknown to me, there may be
> none.
>
> *That* was the question.
>
>
Well, the question was really how to get ssh working again.
I now know that if I ssh to an internal or external ip from
my home network I get this hang.
debug1: Next authentication method: gssapi-with-mic
debug3: Trying to reverse map address 168.254.0.251.

But taking the same laptop to work it is fine. So I can only
assume that my home network is configured wrongly. I
don't really want to fiddle with ssh - but will do if
it fixes the problem.

That was why I posted bind.conf at the top of this thread.
Bill

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 08-04-2008, 08:57 AM
Ed Greshko
 
Default ssh / bind help?

William John Murray wrote:

Bill Davidsen wrote:


The value on an IP reverse lookup is unknown to me, there may be

none.

*That* was the question.



Well, the question was really how to get ssh working again.
I now know that if I ssh to an internal or external ip from
my home network I get this hang.
debug1: Next authentication method: gssapi-with-mic

debug3: Trying to reverse map address 168.254.0.251.


You said 168.254.0.251 works and 168.254.0.251. doesn't.

I mean, can you "ssh 168.254.0.251"?

Can you cut/paste "everything" that you're doing so as to remove all guess
work for the people trying to help?



But taking the same laptop to work it is fine. So I can only
assume that my home network is configured wrongly. I
don't really want to fiddle with ssh - but will do if

it fixes the problem.

That was why I posted bind.conf at the top of this thread.
Bill




--
"I have just one word for you, my boy...plastics."
- from "The Graduate"

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 08-04-2008, 10:22 AM
Björn Persson
 
Default ssh / bind help?

William Murray wrote:
> * * * * * * * *I have 5 machines in a home network, all running F9, with
> named/bind providing local DNS.
> A couple of weeks ago a problem appeared: ssh hangs for internal *
> connections. No doubt
> I had misconfigured the thing years ago, as bind mystifies me, but an
> update must have triggered it.
>
> The problem is that reverse lookups hang forever; here is the end of
> "ssh -vvv XXX"
> debug1: Next authentication method: gssapi-with-mic
> debug3: Trying to reverse map address 168.254.0.251.
> Note the 'dot' at the end.

That dot probably marks the end of the sentence.

Is there a good reason why your home network is using addresses that,
according to whois, belong to Hillsborough County Public Schools in the USA?
(You seem to be in Great Britain.) I can't say I understand what the problem
is but if you're using someone else's addresses, that might have something to
do with it.

Björn Persson
--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 08-04-2008, 12:24 PM
William Murray
 
Default ssh / bind help?

>William John Murray wrote:


>>> Bill Davidsen wrote:
>>>


>>>> The value on an IP reverse lookup is unknown to me, there may be


>>> none.
>>>
>>> *That* was the question.
>>>
>>>


>> Well, the question was really how to get ssh working again.
>> I now know that if I ssh to an internal or external ip from
>> my home network I get this hang.
>> debug1: Next authentication method: gssapi-with-mic

>> debug3: Trying to reverse map address 168.254.0.251.



You said 168.254.0.251 works and 168.254.0.251. doesn't.

I mean, can you "ssh 168.254.0.251"?

Can you cut/paste "everything" that you're doing so as to remove all guess
work for the people trying to help?



Thanks, sorry for not being clear.


billmurray> ssh -Y 168.254.0.1.
ssh: Could not resolve hostname 168.254.0.1.: Name or service not known


billmurray> ssh -Y -vvv 168.254.0.1
....

debug1: Next authentication method: gssapi-with-mic
debug3: Trying to reverse map address 168.254.0.1.
^C

billmurray> ssh -Y -vvv base.ashenden
....

debug1: Next authentication method: gssapi-with-mic
debug3: Trying to reverse map address 168.254.0.1.
^C

But...I found a work-around: Removing
GSSAPIAuthentication yes

from /etc/ssh/ssh_config
has made GSSAPI go away, and hence the problem goes away too..

Bill




"I have just one word for you, my boy...plastics." - from "The Graduate"

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 08-04-2008, 12:55 PM
Ed Greshko
 
Default ssh / bind help?

William Murray wrote:

>William John Murray wrote:


>>> Bill Davidsen wrote:
>>>


>>>> The value on an IP reverse lookup is unknown to me, there may be


>>> none.
>>>
>>> *That* was the question.
>>>
>>>


>> Well, the question was really how to get ssh working again.
>> I now know that if I ssh to an internal or external ip from
>> my home network I get this hang. >> debug1: Next authentication
method: gssapi-with-mic

>> debug3: Trying to reverse map address 168.254.0.251.

You said 168.254.0.251 works and 168.254.0.251. doesn't.


I mean, can you "ssh 168.254.0.251"?

Can you cut/paste "everything" that you're doing so as to remove all
guess work for the people trying to help?



Thanks, sorry for not being clear.


billmurray> ssh -Y 168.254.0.1. ssh: Could not resolve hostname
168.254.0.1.: Name or service not known


billmurray> ssh -Y -vvv 168.254.0.1 ....
debug1: Next authentication method: gssapi-with-mic
debug3: Trying to reverse map address 168.254.0.1.


As mentioned by someone else the . at the end of the debug3 statement is
actually a "period" as in "end of sentence".


Nothing is wrong....

But the other question is valid....why are you using someones assigned IP
addresses?



^C

billmurray> ssh -Y -vvv base.ashenden ....
debug1: Next authentication method: gssapi-with-mic
debug3: Trying to reverse map address 168.254.0.1.
^C

But...I found a work-around: Removing GSSAPIAuthentication yes
from /etc/ssh/ssh_config
has made GSSAPI go away, and hence the problem goes away too..
Bill



"I have just one word for you, my boy...plastics." - from "The Graduate"




--
If a subordinate asks you a pertinent question, look at him as if he had
lost his senses. When he looks down, paraphrase the question back at him.

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 

Thread Tools




All times are GMT. The time now is 11:24 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org