On Mon, Dec 24, 2007 at 03:07:51PM +0100, Vincent Lefevre wrote: > On 2007-12-24 10:49:32 +0000, Colin Watson wrote: > > I can't tell for sure from your strace (in future, use -s 1024 so that > > buffers passed to system calls aren't truncated to quite such a short > > length), but your diagnosis sounds right, and it doesn't sound like > > OpenSSH is the appropriate place for a deployed workaround. Reassigning > > to glibc where the resolver is implemented. > > OK, I didn't know what OpenSSH used for DNS resolving. As different > software behaves differently, this is rather confusing. After more > tests, it seems that Iceweasel has the same problem, though other > users (as seen in discussions on web forums) reported that Firefox > worked (but perhaps they have disabled IPv6 in Firefox or somewhere > else). Some users reported the same problem with apt-get with Debian > and Ubuntu[*]. So, this probably comes from glibc (I suppose that > not all software does IPv6 DNS requests).
Indeed, OpenSSH just uses getaddrinfo, which is the newer generation of library support for name resolution. I imagine, though, that the relevant fact is that it does an AAAA query and gets garbage back. > > However, in your particular case, setting 'AddressFamily inet' in > > /etc/ssh/ssh_config should work around the problem just for ssh. > > The solution I chose was to disable the DNS forwarding service of > the D-Link router; but this meant I had to fill the /etc/resolv.conf > manually (I thought the router would provide the DNS servers of the > ISP instead of the local 192.168.1.1, but after running "pump", the > /etc/resolv.conf file is left unchanged). However, the consequence > is that Windows machines (which don't support IPv6, thus are not > affected by the bug of the router) can no longer use the router's > DNS service either. Have you considered asking your router vendor for a firmware upgrade? It sounds like a straightforward bug in their DNS implementation. Thanks, -- Colin Watson [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]