Bogus Root DNS server Traffic.
Hello, This bug is in SuSe, Debian, every version of Red Hat I tested. tcpdump -nl -i any -s 2048 dst port 53 ssh user@host 14:53:30.239173 65.114.174.99.32778 > 205.171.3.65.domain: 64500+ AAAA? host.domain.com. (46) (DF) 14:53:30.267398 65.114.174.99.32778 > 205.171.3.65.domain: 64501+ AAAA? host. (26) (DF) 14:53:30.286020 65.114.174.99.32778 > 205.171.3.65.domain: 64502+ A? host.domain.com. (46) (DF) That middle query is causing bogus root DNS server traffic every time someone sshs to an unqualified hostname within their LAN. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=131610 SSH people won't take responsibility for this bug. The Fedora people won't take responsibility for this bug. I'm sick of trying to report this bug, so here it is. I figured the administrators of root DNS servers should know about this, which is why I copied to NANOG. Who knows how much bogus traffic this issue is causing. My guess is lots. -- Jason Giglio IT Coordinator Smyth Bedford, VA, USA Phone: 540-586-2311x113
On Mon, Sep 27, 2004 at 02:32:53PM -0400, Jason Giglio wrote:
This bug is in SuSe, Debian, every version of Red Hat I tested.
Looks like the stub resolver in glibc. Permutation order should be hostname over AFI, not AFI over hostname, agreed. So the correct query sequence should be: - AAAA host.domain.com. - A host.domain.com. - AAAA host. - A host.
That middle query is causing bogus root DNS server traffic every time someone sshs to an unqualified hostname within their LAN.
Nod.
SSH people won't take responsibility for this bug.
They are correct. It's not their fault.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=131610 The Fedora people won't take responsibility for this bug.
They do, did you test as Florian asked you? Regards, Daniel -- CLUE-RIPE -- Jabber: dr@cluenet.de -- dr@IRCnet -- PGP: 0xA85C8AA0
participants (3)
-
Daniel Roesen
-
james edwards
-
Jason Giglio