resolver broken on feisty? (was Re: sshd complains: POSSIBLE BREAK-IN ATTEMPT)

Karl Auer kauer at biplane.com.au
Sun Sep 16 23:38:22 UTC 2007 

On Sun, 2007-09-16 at 14:21 +0200, Josef Wolf wrote:
> > What do you have in /etc/nsswitch.conf on these two machines?
> 
> [ ... ]
> hosts:          files mdns4_minimal [NOTFOUND=return] dns mdns4
> [ ... ]
> 
> Ah, it seems that here we come closer to the problem.  When I reduce this
> line to "hosts: files" the problem diasappears.

Yes - but only if the box concerned has an entry in the hosts file, I
assume?

> With the original line, I see 2 problems:
> 
> 1. "[NOTFOUND=return]" appears before "dns".  This means that dns lookups
>    will never be done?  Does this really make sense?

Um, I'd have expected nothing or "[NOTFOUND=continue]" (which is the
default. So no, I don't think that makes sense. However, at the time
that file was created, maybe you didn't have a resolv.conf or for some
other reason dns was not available? I'm not sure, but the NOTFOUND may
not apply if mdns is not available at all, only if it is there and says
"not found". Personally I have disabled the whole zeroconf mess, which
*may* be why my lookups all work in spite of having the same
nsswitch.conf entries as you :-)

Anyway, you could move dns to just after hosts, or remove the mdsn[4]
entries, or change "return" to "continue". All of those should do the
trick. BUT: raven.wolf.local must be in the hosts file or resolvable via
the DNS, otherwise nothing can work.

> 2. I have googled a little bit for mdns information.  It looks as if
> the domain name ".wolf.local" that I have choosen for my internal
> network (should not be visible from outside) collides with mdns.

Yes. But it should disable itself automagically if it sees anything in
the domain ".local" anyway.

>    Now I wonder what domain names can be used for such purposes.  Is
>    there something like "private" domain names (analogous to the rfc1918
>    private addresses like 192.168.x.y?)

It's private - so pick whatever you like. That's what "private"
means :-) How about ".private"?

Regards, K.

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer at biplane.com.au)                   +61-2-64957160 (h)
http://www.biplane.com.au/~kauer/                  +61-428-957160 (mob)

More information about the ubuntu-users mailing list