Hobbit doing DNS lookup instead of using bb-hosts address?
I often use ssh tunnels to avoid punching multiple firewall holes. A technique I use when binding the same port for multiple targets is to use an IP above 1 on the localhost network, e.g. ssh -L 127.0.0.218:25:192.168.22.218:25 -i hobbitkey hobbit at 192.168.22.218 ssh -L 127.0.0.123:25:192.168.22.123:25 -i hobbitkey hobbit at 192.168.22.123
So I'd expect to be able to use a bb-hosts entry like: 127.0.0.218 mail.subnet.net # smtp and use the tunnel for the test. But it seems that if mail.subnet.net can be resolved to an IP address via DNS, Hobbit will use the registered address instead of the one in its own bb-hosts file. So the test fails, which is exactly the point of having the tunnel. So to use the tunnel, I have to use a bogus name.
Is this the correct behavior? Am I missing something? I understand that the scenario I give will result in a bogus conn test if the 127.0.0.218 address is used, and what to do about it if it matters.
On Tue, 2007-05-22 at 14:18 -0400, Hobbit User wrote:
But it seems that if mail.subnet.net can be resolved to an IP address via DNS, Hobbit will use the registered address instead of the one in its own bb-hosts file. So the test fails, which is exactly the point of having the tunnel. So to use the tunnel, I have to use a bogus name.
Is this the correct behavior?
Yes.
Am I missing something? Yes. testip. When the ip and domain-name conflict, dns is used unless the testip option is specified.
-- Daniel J McDonald, CCIE # 2495, CISSP # 78281, CNX Austin Energy http://www.austinenergy.com
On Tue, May 22, 2007 14:28, Daniel J McDonald wrote:
On Tue, 2007-05-22 at 14:18 -0400, Hobbit User wrote:
But it seems that if mail.subnet.net can be resolved to an IP address via DNS, Hobbit will use the registered address instead of the one in its own bb-hosts file. So the test fails, which is exactly the point of having the tunnel. So to use the tunnel, I have to use a bogus name.
Is this the correct behavior?
Yes.
Am I missing something? Yes. testip. When the ip and domain-name conflict, dns is used unless the testip option is specified.
Thanks. Works like a charm. Is there doc on that? The bb-hosts manpage refers to testip functionality only when stating that the http tests ignore it. My perusing of the list archives seemed to indicate that Hobbit used the bb-hosts IP address unless it was 0.0.0.0, in which case it did a lookup. Which makes more sense to me than the actual behavior of having to tag the line to get the IP address on it to be used for anything.
On Tue, May 22, 2007 at 02:53:45PM -0400, Hobbit User wrote:
Yes. testip. When the ip and domain-name conflict, dns is used unless the testip option is specified.
Thanks. Works like a charm. Is there doc on that? The bb-hosts manpage refers to testip functionality only when stating that the http tests ignore it.
That was an omission on my part - fixed now.
My perusing of the list archives seemed to indicate that Hobbit used the bb-hosts IP address unless it was 0.0.0.0, in which case it did a lookup. Which makes more sense to me than the actual behavior of having to tag the line to get the IP address on it to be used for anything.
I have it just the other way around :-) I'd rather not have to remember IP's for all of my hosts - that's what DNS is for. So had it not been for compatibility with the BB bb-hosts format, I'd probably have removed the IP address entirely from bb-hosts.
Regards, Henrik
On Tuesday, 22 May 2007, Henrik Stoerner wrote:
I have it just the other way around :-) I'd rather not have to remember IP's for all of my hosts - that's what DNS is for. So had it not been for compatibility with the BB bb-hosts format, I'd probably have removed the IP address entirely from bb-hosts.
There are some reasons to keep it, one being the case of mail servers load balanced or reverse NAT'd, where you want to monitor the internal IP, but the realities of current email restrictions (result of forward lookup on result of reverse lookup being the same as the IP the connection is from) requiring DNS hold the mail servers NAT'd IP, without multi-view DNS in place ...
Hope that makes sense to someone else ...
Regards, Buchan
-- Buchan Milne ISP Systems Specialist - Monitoring/Authentication Team Leader B.Eng,RHCE(803004789010797),LPIC-2(LPI000074592)
participants (4)
-
bgmilne@staff.telkomsa.net
-
dan.mcdonald@austinenergy.com
-
henrik@hswn.dk
-
hobbit@epperson.homelinux.net