Hello guys,
I have 5 machines in a home network, all running F9, with
named/bind providing local DNS.
A couple of weeks ago a problem appeared: ssh hangs for internal
connections. No doubt
I had misconfigured the thing years ago, as bind mystifies me, but an
update must have triggered it.
The problem is that reverse lookups hang forever; here is the end of
"ssh -vvv XXX"
debug1: Next authentication method: gssapi-with-mic
debug3: Trying to reverse map address 168.254.0.251.
Note the 'dot' at the end.
If I try nslookup 168.254.0.251 it works fine, but 168.254.0.251. does not.
Can anyone suggest what I am doing wrong? Here is named.conf, in case
that helps.
zone "0.254.168.in-addr.arpa." IN {
type master;
file "168.254.0_0.db";
};
zone "ashenden." IN {
type master;
file "ashenden_0.db";
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
08-03-2008, 10:21 PM
Ed Greshko
ssh / bind help?
William Murray wrote:
Hello guys,
I have 5 machines in a home network, all running F9, with
named/bind providing local DNS.
A couple of weeks ago a problem appeared: ssh hangs for internal
connections. No doubt
I had misconfigured the thing years ago, as bind mystifies me, but an
update must have triggered it.
The problem is that reverse lookups hang forever; here is the end of
"ssh -vvv XXX"
debug1: Next authentication method: gssapi-with-mic
debug3: Trying to reverse map address 168.254.0.251.
Note the 'dot' at the end.
If I try nslookup 168.254.0.251 it works fine, but 168.254.0.251. does not.
Just curious.... Why do you want to use "168.254.0.251." If you were to
use a trailing . on IP addresses outside of your maps you'd find they
wouldn't get resolved either.
$ host 64.236.24.12
12.24.236.64.in-addr.arpa domain name pointer www3.cnn.com.
$ host 64.236.24.12.
Host 64.236.24.12 not found: 3(NXDOMAIN)
$ host 64.236.24.12
12.24.236.64.in-addr.arpa domain name pointer www3.cnn.com.
So, just don't know what value adding the trailing . has for you or what you
are expecting.
Can anyone suggest what I am doing wrong? Here is named.conf, in case
that helps.
zone "0.254.168.in-addr.arpa." IN {
type master;
file "168.254.0_0.db";
};
zone "ashenden." IN {
type master;
file "ashenden_0.db";
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
--
Xerox never comes up with anything original.
--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
08-04-2008, 01:54 AM
Bill Davidsen
ssh / bind help?
Ed Greshko wrote:
William Murray wrote:
Hello guys,
I have 5 machines in a home network, all running F9,
with named/bind providing local DNS.
A couple of weeks ago a problem appeared: ssh hangs for internal
connections. No doubt
I had misconfigured the thing years ago, as bind mystifies me, but an
update must have triggered it.
The problem is that reverse lookups hang forever; here is the end of
"ssh -vvv XXX"
debug1: Next authentication method: gssapi-with-mic
debug3: Trying to reverse map address 168.254.0.251.
Note the 'dot' at the end.
If I try nslookup 168.254.0.251 it works fine, but 168.254.0.251. does
not.
Just curious.... Why do you want to use "168.254.0.251." If you were
to use a trailing . on IP addresses outside of your maps you'd find they
wouldn't get resolved either.
$ host 64.236.24.12
12.24.236.64.in-addr.arpa domain name pointer www3.cnn.com.
$ host 64.236.24.12.
Host 64.236.24.12 not found: 3(NXDOMAIN)
$ host 64.236.24.12
12.24.236.64.in-addr.arpa domain name pointer www3.cnn.com.
So, just don't know what value adding the trailing . has for you or what
you are expecting.
Adding the trailing dot, for names, prevents the value of the 'search'
field in /etc/resolve.com from being used. So
host fubar.bazfaz.net
could resolve to fubar.bazfaz.net.your.domain, if your DNS has a
wildcard MX record (like *.your.domain) would return a pointer to the
mail server for any address in your domain. If you add a trailing dot
that doesn't happen.
The value on an IP reverse lookup is unknown to me, there may be none.
--
Bill Davidsen <davidsen@tmr.com>
"We have more to fear from the bungling of the incompetent than from
the machinations of the wicked." - from Slashdot
--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
08-04-2008, 02:02 AM
Russell Miller
ssh / bind help?
Bill Davidsen wrote:
Adding the trailing dot, for names, prevents the value of the 'search'
field in /etc/resolve.com from being used. So
host fubar.bazfaz.net
could resolve to fubar.bazfaz.net.your.domain, if your DNS has a
wildcard MX record (like *.your.domain) would return a pointer to the
mail server for any address in your domain. If you add a trailing dot
that doesn't happen.
The value on an IP reverse lookup is unknown to me, there may be none.
I'm not entirely sure, but I think that trailing dot will cause it to
treat it as a forward and not a reverse lookup. Remember reverse
lookups get translated to 4oc.3oc.2oc.1oc.in-addr.arpa.
--Russell
--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
08-04-2008, 02:39 AM
Ed Greshko
ssh / bind help?
Bill Davidsen wrote:
The value on an IP reverse lookup is unknown to me, there may be none.
*That* was the question.
--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
08-04-2008, 08:41 AM
William John Murray
ssh / bind help?
> Bill Davidsen wrote:
>
> > The value on an IP reverse lookup is unknown to me, there may be
> none.
>
> *That* was the question.
>
>
Well, the question was really how to get ssh working again.
I now know that if I ssh to an internal or external ip from
my home network I get this hang.
debug1: Next authentication method: gssapi-with-mic
debug3: Trying to reverse map address 168.254.0.251.
But taking the same laptop to work it is fine. So I can only
assume that my home network is configured wrongly. I
don't really want to fiddle with ssh - but will do if
it fixes the problem.
That was why I posted bind.conf at the top of this thread.
Bill
--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
08-04-2008, 08:57 AM
Ed Greshko
ssh / bind help?
William John Murray wrote:
Bill Davidsen wrote:
The value on an IP reverse lookup is unknown to me, there may be
none.
*That* was the question.
Well, the question was really how to get ssh working again.
I now know that if I ssh to an internal or external ip from
my home network I get this hang.
debug1: Next authentication method: gssapi-with-mic
debug3: Trying to reverse map address 168.254.0.251.
You said 168.254.0.251 works and 168.254.0.251. doesn't.
I mean, can you "ssh 168.254.0.251"?
Can you cut/paste "everything" that you're doing so as to remove all guess
work for the people trying to help?
But taking the same laptop to work it is fine. So I can only
assume that my home network is configured wrongly. I
don't really want to fiddle with ssh - but will do if
it fixes the problem.
That was why I posted bind.conf at the top of this thread.
Bill
--
"I have just one word for you, my boy...plastics."
- from "The Graduate"
--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
08-04-2008, 10:22 AM
Björn Persson
ssh / bind help?
William Murray wrote:
> * * * * * * * *I have 5 machines in a home network, all running F9, with
> named/bind providing local DNS.
> A couple of weeks ago a problem appeared: ssh hangs for internal *
> connections. No doubt
> I had misconfigured the thing years ago, as bind mystifies me, but an
> update must have triggered it.
>
> The problem is that reverse lookups hang forever; here is the end of
> "ssh -vvv XXX"
> debug1: Next authentication method: gssapi-with-mic
> debug3: Trying to reverse map address 168.254.0.251.
> Note the 'dot' at the end.
That dot probably marks the end of the sentence.
Is there a good reason why your home network is using addresses that,
according to whois, belong to Hillsborough County Public Schools in the USA?
(You seem to be in Great Britain.) I can't say I understand what the problem
is but if you're using someone else's addresses, that might have something to
do with it.
Björn Persson
--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
08-04-2008, 12:24 PM
William Murray
ssh / bind help?
>William John Murray wrote:
>>> Bill Davidsen wrote:
>>>
>>>> The value on an IP reverse lookup is unknown to me, there may be
>>> none.
>>>
>>> *That* was the question.
>>>
>>>
>> Well, the question was really how to get ssh working again.
>> I now know that if I ssh to an internal or external ip from
>> my home network I get this hang.
>> debug1: Next authentication method: gssapi-with-mic
>> debug3: Trying to reverse map address 168.254.0.251.
You said 168.254.0.251 works and 168.254.0.251. doesn't.
I mean, can you "ssh 168.254.0.251"?
Can you cut/paste "everything" that you're doing so as to remove all guess
work for the people trying to help?
Thanks, sorry for not being clear.
billmurray> ssh -Y 168.254.0.1.
ssh: Could not resolve hostname 168.254.0.1.: Name or service not known
billmurray> ssh -Y -vvv 168.254.0.1
....
debug1: Next authentication method: gssapi-with-mic
debug3: Trying to reverse map address 168.254.0.1.
^C
billmurray> ssh -Y -vvv base.ashenden
....
debug1: Next authentication method: gssapi-with-mic
debug3: Trying to reverse map address 168.254.0.1.
^C
But...I found a work-around: Removing
GSSAPIAuthentication yes
from /etc/ssh/ssh_config
has made GSSAPI go away, and hence the problem goes away too..
Bill
"I have just one word for you, my boy...plastics." - from "The Graduate"
--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
08-04-2008, 12:55 PM
Ed Greshko
ssh / bind help?
William Murray wrote:
>William John Murray wrote:
>>> Bill Davidsen wrote:
>>>
>>>> The value on an IP reverse lookup is unknown to me, there may be
>>> none.
>>>
>>> *That* was the question.
>>>
>>>
>> Well, the question was really how to get ssh working again.
>> I now know that if I ssh to an internal or external ip from
>> my home network I get this hang. >> debug1: Next authentication
method: gssapi-with-mic
>> debug3: Trying to reverse map address 168.254.0.251.
You said 168.254.0.251 works and 168.254.0.251. doesn't.
I mean, can you "ssh 168.254.0.251"?
Can you cut/paste "everything" that you're doing so as to remove all
guess work for the people trying to help?
Thanks, sorry for not being clear.
billmurray> ssh -Y 168.254.0.1. ssh: Could not resolve hostname
168.254.0.1.: Name or service not known
billmurray> ssh -Y -vvv 168.254.0.1 ....
debug1: Next authentication method: gssapi-with-mic
debug3: Trying to reverse map address 168.254.0.1.
As mentioned by someone else the . at the end of the debug3 statement is
actually a "period" as in "end of sentence".
Nothing is wrong....
But the other question is valid....why are you using someones assigned IP
addresses?
^C
billmurray> ssh -Y -vvv base.ashenden ....
debug1: Next authentication method: gssapi-with-mic
debug3: Trying to reverse map address 168.254.0.1.
^C
But...I found a work-around: Removing GSSAPIAuthentication yes
from /etc/ssh/ssh_config
has made GSSAPI go away, and hence the problem goes away too..
Bill
"I have just one word for you, my boy...plastics." - from "The Graduate"
--
If a subordinate asks you a pertinent question, look at him as if he had
lost his senses. When he looks down, paraphrase the question back at him.
--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
ssh / bind help?
