Re: [SLUG] Telnet and the Internet

From: Paul M Foster (paulf@quillandmouse.com)
Date: Tue Feb 05 2002 - 22:48:39 EST

Next message: Patrick Grantham: "Re: [SLUG] home network"
Previous message: Paul M Foster: "Re: [SLUG] Telnet and the Internet"
In reply to: Derek Glidden: "Re: [SLUG] Telnet and the Internet"
Next in thread: Robert Haeckl: "Re: [SLUG] Telnet and the Internet"
Reply: Robert Haeckl: "Re: [SLUG] Telnet and the Internet"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Tue, Feb 05, 2002 at 11:21:01AM -0500, Derek Glidden wrote:

> On Mon, 2002-02-04 at 21:47, Paul M Foster wrote:
> > On Mon, Feb 04, 2002 at 07:53:16PM -0500, Russ Herrold wrote:
> >
> > > On Mon, 4 Feb 2002, Paul M Foster wrote:
> > >
> > > > Anyone have any enlightening info?
> > >
> > > As a BOFH, this is a safe rule to live by: -- 80% of the time,
> > > DNS is not doing what you expect.
> > >
> > > Another gem: tcpdump is your friend -- and it can monitor
> > > ppp0
> > >
> > > As I recall ppp can set debugging up to kdebug 7, and debug 7
> > > -- which show everything but the color of your eyebrows, into
> > > /var/log/messages
> > >
> >
> > Good, but that doesn't answer the question of why _telnet_ is making
> > pppd dial out rather than simply responding itself. (BTW, after pppd
> > dials out, telnet responds with a prompt. Go figure.)
>
> What's likely happening is that the telneted-to box is trying to do a
> reverse lookup of who's connecting, the telnet-ing box is ignoring the
> fact that the box is local and listed in /etc/hosts and doing a lookup
> anyway, the DNS server is ignoring both of them and taking the
> opportunity of a DNS lookup to refresh data from the root servers, or
> some other box on the network is seeing extra activity and using that as
> an excuse to lookup www.playboy.com.

It was www.penthouse.com, but that's another story. <grin>

In looking over some other tcp dumps, one other thing occurred to me. On
internal machine (internal to the LAN), I have the nameservers in
resolv.conf all set to look to the internet for names. The reason is
that otherwise I have to run a DNS server on my firewall or some other
internal machine, which I'd rather not do. But that's probably half the
reason why telnet and ssh look to the net for names of local machines.
It's clear from looking at the dumps that the very first thing that
happens with telnet and ssh is that they do a lookup for the name of the
target machine, and do so via internet name servers. The more severe
problem is that the DNS code on the local machines appears to initially
ignore host.conf and hosts, until the internet nameservers tells it to
go away.

Surely DNS isn't _supposed_ to work this way?

Paul

Next message: Patrick Grantham: "Re: [SLUG] home network"
Previous message: Paul M Foster: "Re: [SLUG] Telnet and the Internet"
In reply to: Derek Glidden: "Re: [SLUG] Telnet and the Internet"
Next in thread: Robert Haeckl: "Re: [SLUG] Telnet and the Internet"
Reply: Robert Haeckl: "Re: [SLUG] Telnet and the Internet"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 15:40:19 EDT