Package: openssh-server Version: 1:5.1p1-5+b1 Severity: normal Hi,
There seems to be a problem in the ssh -D SOCKS proxy which is triggered by some eccentricity in login.facebook.com's DNS entry. Below are three illustrations of how that DNS entry is behaving, taken from different places on the net. In each case a DNS query gives one valid A record response before triggering an error condition. I don't know what it is about facebook's DNS servers that is causing this. A regular web browser will cope with the error condition and connect to the IP address in question. A web browser talking SOCKS over ssh -D will fail to connect to the IP address. host login.facebook.com localhost Using domain server: Name: localhost Address: 127.0.0.1#53 Aliases: -------------------- login.facebook.com has address 69.63.180.173 ;; connection timed out; no servers could be reached host login.facebook.com 192.168.1.1 Using domain server: Name: 192.168.1.1 Address: 192.168.1.1#53 Aliases: login.facebook.com has address 69.63.176.138 Host login.facebook.com not found: 2(SERVFAIL) -------------------- host login.facebook.com 64.127.100.11 Using domain server: Name: 64.127.100.11 Address: 64.127.100.11#53 Aliases: login.facebook.com has address 69.63.180.174 ;; connection timed out; no servers could be reached -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.28-1-686 (SMP w/2 CPU cores) Locale: LANG=en_AU, LC_CTYPE=en_AU (charmap=ISO-8859-1) Shell: /bin/sh linked to /bin/bash Versions of packages openssh-server depends on: ii add 3.110 add and remove users and groups ii deb 1.5.19 Debian configuration management sy ii dpk 1.14.26 Debian package management system ii lib 2.9-4 GNU C Library: Shared libraries ii lib 1.39+1.40-WIP-2006.11.14+dfsg-2etch1 common error description library ii lib 1.6.dfsg.4~beta1-13 MIT Kerberos runtime libraries - k ii lib 1.6.dfsg.4~beta1-13 MIT Kerberos runtime libraries - C ii lib 1.6.dfsg.4~beta1-13 MIT Kerberos runtime libraries ii lib 0.79-5 Pluggable Authentication Modules f ii lib 0.79-5 Runtime support for the PAM librar ii lib 0.99.7.1-5 Pluggable Authentication Modules l ii lib 2.0.59-1 SELinux shared libraries ii lib 0.9.8g-16 SSL shared libraries ii lib 7.6.dbs-13 Wietse Venema's TCP wrappers libra ii lsb 3.2-22 Linux Standard Base 3.2 init scrip ii ope 0.1.0 list of blacklisted OpenSSH RSA an ii ope 1:5.1p1-5+b1 secure shell client, an rlogin/rsh ii pro 1:3.2.7-3 /proc file system utilities ii zli 1:1.2.3.3.dfsg-13 compression library - runtime Versions of packages openssh-server recommends: ii openssh-blacklist-extra 0.4.1 list of non-default blacklisted Op ii xauth 1:1.0.2-2 X authentication utility -- debconf-show failed -- Peter Eckersley p...@eff.org Staff Technologist Tel +1 415 436 9333 x131 Electronic Frontier Foundation Fax +1 415 436 9993 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org