I have googled and searched the openssh database. I could not find the
answer. Hence, I write this email. I would like to know if ssh only
looks for the primary DNS to resvolve the IP address and this is normal;
this is for security purpose.
The followings were what I tried:
---------------------------------
I used "ssh -v xxx.yyy.zzz" to connect. There was an error message:
"ssh: Could not resolve hostname xxx.yyy.zzz: Name or service not known"
If I use dot-quad (i.e., ssh 123.456.789.123), it worked.
I used "wireshark" to monitor the traffic. Wireshark showed that the
primary DNS could not resolve the address and returned "server failure".
Ssh then stopped without trying the secondary DNS.
When I "dig xxx.yyy.zzz" or "nslookup xxx", wireshark showed that the
primary DNS failed and returned "server failure". However, it
immediately asked the secondary DNS server listed in /etc/resolv.conf
and I got the correct IP.
Regards,
Peter Yue
_______________________________________________
openssh-unix-dev mailing list
openssh-...@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
ssh uses the getaddrinfo() system library function to resolve a
name into an IP address. How temporary DNS failures are handled by
your library is out of scope for ssh.
//Peter