Discussion:
ssh connection, secondary ok while prime not
(too old to reply)
T o n g
2011-02-25 04:17:15 UTC
Permalink
Hi,

I have a very weird ssh connection problem -- I get

Permission denied (publickey).

error while trying to ssh into the box (as root) [1]. However, if I ssh
into the same box, same as root, using the same sshd configuration, just
a secondary debug ssh session, it works flawlessly [2]. I've done

/etc/init.d/ssh restart

several times on the server, but the problem persists. What could be
wrong?

[1] sudo ssh -C -A -X maroon

[2] start "sudo ssh -v -C -A -X -p 222" on the client
after a "/usr/sbin/sshd -d -D -p 222" on the server

(It was OK before. I can't remember that I changed anything. I've still
got one ssh connection open to the server as root for configuration &
testing)

Thanks
--
Tong (remove underscore(s) to reply)
http://xpt.sourceforge.net/techdocs/
http://xpt.sourceforge.net/tools/
--
To UNSUBSCRIBE, email to debian-user-***@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact ***@lists.debian.org
Archive: http://lists.debian.org/ik7agb$j7s$***@dough.gmane.org
elbbit
2011-02-25 07:44:27 UTC
Permalink
Post by T o n g
/etc/init.d/ssh restart
This method normally includes /etc/ssh/sshd_config when it starts the
sshd binary. The directive you are looking for in the file is probably
"PermitRootLogin yes". Adding or changing this entry in the sshd_config
file will enable you to log in remotely as the root user.
Post by T o n g
[1] sudo ssh -C -A -X maroon
FYI, this can also been accomplished as "ssh -l root -CAX maroon" or
Post by T o n g
after a "/usr/sbin/sshd -d -D -p 222" on the server
Starting the SSH daemon this way will mostly likely exclude the reading
of the /etc/ssh/sshd_config file, and, as a result, not include the
"PermitRootLogin no" directive that you may have.

Hope this helps,

elbbit
T o n g
2011-02-26 14:57:25 UTC
Permalink
Thanks a lot for your answer, elbbit.
Post by elbbit
Post by T o n g
/etc/init.d/ssh restart
This method normally includes /etc/ssh/sshd_config when it starts the
sshd binary. The directive you are looking for in the file is probably
"PermitRootLogin yes". Adding or changing this entry in the sshd_config
file will enable you to log in remotely as the root user.
Thanks, I double checked, and it *is* turned on (in the remote host), as
always:

% grep PermitRootLogin /etc/ssh/sshd_config
PermitRootLogin yes
Post by elbbit
Post by T o n g
[1] sudo ssh -C -A -X maroon
FYI, this can also been accomplished as "ssh -l root -CAX maroon" or
Thanks for the tip. I setup and use sudo ssh mechanism instead because I
also need it for scp and rsync transferring files that is not readable to
me.

OK, back to the problem. I dig deeper following your tips, using non-root
user instead, and now it seems to be much more complicated than I ever
seen before. In OP, I *simplified* my question, and now I need to
describe exactly my situation.

In summary,

- I'm using the ~/.ssh/config file for remote host connection
- my sshd is listening on port 21
- remote host is named maroon, and client is named coral

Now the problem in summary,

- using hostname for remote host NOK.
- using ~/.ssh/config file NOK.

Here are the details (long!).

Problem #1, using hostname for remote host NOK

***@coral:~$ ssh -C -A -X -p 21 -o UserKnownHostsFile=/tmp/32083.tmpf.32124.uknf maroon -v
OpenSSH_5.5p1 Debian-4ubuntu4, OpenSSL 0.9.8o 01 Jun 2010
debug1: Reading configuration data /home/tong/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to maroon [::1] port 21.
debug1: Connection established.
debug1: identity file /home/tong/.ssh/id_rsa type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-1024
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-1024
debug1: identity file /home/tong/.ssh/id_rsa-cert type -1
debug1: identity file /home/tong/.ssh/id_dsa type 2
debug1: Checking blacklist file /usr/share/ssh/blacklist.DSA-1024
debug1: Checking blacklist file /etc/ssh/blacklist.DSA-1024
debug1: identity file /home/tong/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.5p1 Debian-4ubuntu4
debug1: match: OpenSSH_5.5p1 Debian-4ubuntu4 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.5p1 Debian-4ubuntu4
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 ***@openssh.com
debug1: kex: client->server aes128-ctr hmac-md5 ***@openssh.com
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '[maroon]:21' is known and matches the RSA host key.
debug1: Found key in /tmp/32083.tmpf.32124.uknf:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /home/tong/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 149
debug1: Enabling compression at level 6.
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-***@openssh.com
debug1: Entering interactive session.
debug1: Requesting X11 forwarding with authentication spoofing.
debug1: Requesting authentication agent forwarding.
debug1: Sending environment.
debug1: Sending env LANG = C
Linux coral 2.6.35-22-generic #33-Ubuntu SMP Sun Sep 19 20:32:27 UTC 2010 x86_64 GNU/Linux
Ubuntu 10.10

I.e., instead of connecting to remote host maroon, the ssh session
connected to my local host (coral) instead (using IPV6?). This is so weird, I
never see this before. How could it be? DNS name look up seems to be fine:

***@coral:~$ dig maroon

; <<>> DiG 9.7.1-P2 <<>> maroon
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19913
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;maroon. IN A

;; ANSWER SECTION:
maroon. 0 IN A 192.168.2.100

;; Query time: 0 msec
;; SERVER: 192.168.2.100#53(192.168.2.100)
;; WHEN: Sat Feb 26 09:22:39 2011
;; MSG SIZE rcvd: 40

***@coral:~$ ping maroon
PING maroon.my.local.domain (192.168.2.100) 56(84) bytes of data.
64 bytes from maroon.my.local.domain (192.168.2.100): icmp_req=1 ttl=64 time=0.113 ms
64 bytes from maroon.my.local.domain (192.168.2.100): icmp_req=2 ttl=64 time=0.147 ms
^C

***@coral:~$ grep maroon /etc/hostname | echo no found
no found

Directly using IP instead:

***@coral:~$ ssh -C -A -X -p 21 -o UserKnownHostsFile=/tmp/32083.tmpf.32124.uknf 192.168.2.100 -v
OpenSSH_5.5p1 Debian-4ubuntu4, OpenSSL 0.9.8o 01 Jun 2010
debug1: Reading configuration data /home/tong/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to 192.168.2.100 [192.168.2.100] port 21.
debug1: Connection established.
debug1: identity file /home/tong/.ssh/id_rsa type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-1024
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-1024
debug1: identity file /home/tong/.ssh/id_rsa-cert type -1
debug1: identity file /home/tong/.ssh/id_dsa type 2
debug1: Checking blacklist file /usr/share/ssh/blacklist.DSA-1024
debug1: Checking blacklist file /etc/ssh/blacklist.DSA-1024
debug1: identity file /home/tong/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.5p1 Debian-6
debug1: match: OpenSSH_5.5p1 Debian-6 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.5p1 Debian-4ubuntu4
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 ***@openssh.com
debug1: kex: client->server aes128-ctr hmac-md5 ***@openssh.com
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: checking without port identifier
Failed to add the host to the list of known hosts (/tmp/32083.tmpf.32124.uknf).
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /home/tong/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 149
debug1: Enabling compression at level 6.
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-***@openssh.com
debug1: Entering interactive session.
debug1: Requesting X11 forwarding with authentication spoofing.
debug1: Requesting authentication agent forwarding.
debug1: Sending environment.
debug1: Sending env LANG = C
Linux maroon.my.local.domain 2.6.36-grml64 #1 SMP PREEMPT Mon Dec 13 13:16:48 UTC 2010 x86_64

I.e., using hostname for remote host NOK while directly using IP is OK.

I did a comparison of the above logs:

@@ -4,3 +4,3 @@
debug1: Applying options for *
-debug1: Connecting to maroon [::1] port 21.
+debug1: Connecting to 192.168.2.100 [192.168.2.100] port 21.
debug1: Connection established.
@@ -14,4 +14,4 @@
debug1: identity file /home/tong/.ssh/id_dsa-cert type -1
-debug1: Remote protocol version 2.0, remote software version OpenSSH_5.5p1 Debian-4ubuntu4
-debug1: match: OpenSSH_5.5p1 Debian-4ubuntu4 pat OpenSSH*
+debug1: Remote protocol version 2.0, remote software version OpenSSH_5.5p1 Debian-6
+debug1: match: OpenSSH_5.5p1 Debian-6 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
@@ -26,4 +26,4 @@
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
-debug1: Host '[maroon]:21' is known and matches the RSA host key.
-debug1: Found key in /tmp/32083.tmpf.32124.uknf:1
+debug1: checking without port identifier
+Failed to add the host to the list of known hosts (/tmp/32083.tmpf.32124.uknf).
debug1: ssh_rsa_verify: signature correct
@@ -48,2 +48,2 @@
debug1: Sending env LANG = C
-Linux coral 2.6.35-22-generic #33-Ubuntu SMP Sun Sep 19 20:32:27 UTC 2010 x86_64 GNU/Linux
+Linux maroon.my.local.domain 2.6.36-grml64 #1 SMP PREEMPT Mon Dec 13 13:16:48 UTC 2010 x86_64

The only key difference is where the ssh connected to.

Now problem #2, using ~/.ssh/config file NOK.

***@coral:~$ ssh -C -A -X -p 21 192.168.2.100 -v
OpenSSH_5.5p1 Debian-4ubuntu4, OpenSSL 0.9.8o 01 Jun 2010
debug1: Reading configuration data /home/tong/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to 192.168.2.100 [192.168.2.100] port 21.
debug1: Connection established.
debug1: identity file /home/tong/.ssh/id_rsa type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-1024
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-1024
debug1: identity file /home/tong/.ssh/id_rsa-cert type -1
debug1: identity file /home/tong/.ssh/id_dsa type 2
debug1: Checking blacklist file /usr/share/ssh/blacklist.DSA-1024
debug1: Checking blacklist file /etc/ssh/blacklist.DSA-1024
debug1: identity file /home/tong/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.5p1 Debian-6
debug1: match: OpenSSH_5.5p1 Debian-6 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.5p1 Debian-4ubuntu4
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 ***@openssh.com
debug1: kex: client->server aes128-ctr hmac-md5 ***@openssh.com
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: checking without port identifier
The authenticity of host '[192.168.2.100]:21 ([192.168.2.100]:21)' can't be established.
RSA key fingerprint is ff:7e:df:4a:a3:b8:33:e4:14:9c:27:62:f2:0e:cb:62.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[192.168.2.100]:21' (RSA) to the list of known hosts.
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /home/tong/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 149
debug1: Enabling compression at level 6.
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-***@openssh.com
debug1: Entering interactive session.
debug1: Requesting X11 forwarding with authentication spoofing.
debug1: Requesting authentication agent forwarding.
debug1: Sending environment.
debug1: Sending env LANG = C
Linux maroon.my.local.domain 2.6.36-grml64 #1 SMP PREEMPT Mon Dec 13 13:16:48 UTC 2010 x86_64

Mow,

$ tail -4 ~/.ssh/config
Host mhmi
HostName 192.168.2.100
User tong
IdentityFile /home/tong/.ssh/id_rsa

***@coral:~$ ssh -C -A -X -p 21 mhmi -v
OpenSSH_5.5p1 Debian-4ubuntu4, OpenSSL 0.9.8o 01 Jun 2010
debug1: Reading configuration data /home/tong/.ssh/config
debug1: Applying options for mh*
debug1: Applying options for mhmi
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to 192.168.2.100 [192.168.2.100] port 21.
debug1: Connection established.
debug1: identity file /path/to/other/key type -1
debug1: identity file /path/to/other/key-cert type -1
debug1: identity file /home/tong/.ssh/id_rsa type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-1024
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-1024
debug1: identity file /home/tong/.ssh/id_rsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.5p1 Debian-6
debug1: match: OpenSSH_5.5p1 Debian-6 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.5p1 Debian-4ubuntu4
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 ***@openssh.com
debug1: kex: client->server aes128-ctr hmac-md5 ***@openssh.com
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '[192.168.2.100]:21' is known and matches the RSA host key.
debug1: Found key in /home/tong/.ssh/known_hosts:52
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /home/tong/.ssh/id_rsa
debug1: Authentications that can continue: publickey
debug1: Trying private key: /path/to/other/key
debug1: No more authentication methods to try.
Permission denied (publickey).

I.e., with everything seems to be the same to me, using
~/.ssh/config file NOK.

Any ideas? Is there any way to trouble shoot the default sshd daemon? (I can still
ssh to remote host as root using a secondary session)

As mentioned before. I've still got one ssh connection open to the head-
less remote host as root for configuration & testing), I' afraid to
reboot or restart my local network connection to iron over the problems.

Thanks
--
Tong (remove underscore(s) to reply)
http://xpt.sourceforge.net/techdocs/
http://xpt.sourceforge.net/tools/
--
To UNSUBSCRIBE, email to debian-user-***@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact ***@lists.debian.org
Archive: http://lists.debian.org/ikb4ck$m8l$***@dough.gmane.org
T o n g
2011-03-03 03:18:33 UTC
Permalink
Post by T o n g
using hostname for remote host NOK
UserKnownHostsFile=/tmp/32083.tmpf.32124.uknf maroon -v OpenSSH_5.5p1
Debian-4ubuntu4, OpenSSL 0.9.8o 01 Jun 2010 debug1: Reading
configuration data /home/tong/.ssh/config debug1: Reading
configuration data /etc/ssh/ssh_config debug1: Applying options for *
debug1: Connecting to maroon [::1] port 21. debug1: Connection
established.
. . .
I.e., instead of connecting to remote host maroon, the ssh session
connected to my local host (coral) instead (using IPV6?). This is so
weird, I never see this before.
Found and fixed the problem:

$ diff -wU 3 /etc/hosts~ /etc/hosts
--- /etc/hosts~ 2011-02-16 22:13:00.000000000 -0500
+++ /etc/hosts 2011-03-02 21:57:11.000000000 -0500
@@ -4,7 +4,7 @@
# The following lines are desirable for IPv6 capable hosts
# (added automatically by netbase upgrade)

-::1 ip6-localhost ip6-loopback maroon.my.local.domain
+::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
Post by T o n g
; <<>> DiG 9.7.1-P2 <<>> maroon
;; global options: +cmd
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19913 ;; flags: qr
aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;maroon. IN A
maroon. 0 IN A 192.168.2.100
;; Query time: 0 msec
;; SERVER: 192.168.2.100#53(192.168.2.100) ;; WHEN: Sat Feb 26
09:22:39 2011
;; MSG SIZE rcvd: 40
PING maroon.my.local.domain (192.168.2.100) 56(84) bytes of data. 64
bytes from maroon.my.local.domain (192.168.2.100): icmp_req=1 ttl=64
icmp_req=2 ttl=64 time=0.147 ms ^C
If I knew how to do IPV6 DNS query, I might have prevented the problem.
So, how to do IPV6 DNS query?

Thanks.
--
Tong (remove underscore(s) to reply)
http://xpt.sourceforge.net/techdocs/
http://xpt.sourceforge.net/tools/
--
To UNSUBSCRIBE, email to debian-user-***@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact ***@lists.debian.org
Archive: http://lists.debian.org/ikn1a9$9v$***@dough.gmane.org
elbbit
2011-03-03 04:47:50 UTC
Permalink
Post by T o n g
So, how to do IPV6 DNS query?
host -6 <hostname>

Such as:

:~$ host -6 www.debian.org
www.debian.org has address 86.59.118.148
www.debian.org has address 82.195.75.97
www.debian.org has IPv6 address 2001:41b8:202:deb:216:35ff:fec4:6340
www.debian.org has IPv6 address 2001:858:2:2:214:22ff:fe0d:7717
:~$

elbbit
Tom H
2011-03-03 05:39:52 UTC
Permalink
Post by elbbit
Post by T o n g
So, how to do IPV6 DNS query?
host -6 <hostname>
"host -6" (and "dig -6") use ipv6 to make the query but don't run an
ipv6 query (unless they do an aaaa query by default along the a query,
but not sure about this).
Nate Bargmann
2011-03-03 12:26:27 UTC
Permalink
Post by Tom H
Post by elbbit
Post by T o n g
So, how to do IPV6 DNS query?
host -6 <hostname>
"host -6" (and "dig -6") use ipv6 to make the query but don't run an
ipv6 query (unless they do an aaaa query by default along the a query,
but not sure about this).
I'm running DNSmasq as an IPv4 caching DNS on my OpenWRT router for my
LAN and the -6 switch fails. Meanwhile, not using the -6 switch does
resolve IPv6 host names. I guess I need to figure out how to teach
DNSmasq to be an IPv6 DNS cache for my LAN as well.

- Nate >>
--
"The optimist proclaims that we live in the best of all
possible worlds. The pessimist fears this is true."

Ham radio, Linux, bikes, and more: http://www.n0nb.us
Tom H
2011-03-03 13:19:05 UTC
Permalink
Post by Nate Bargmann
Post by Tom H
Post by elbbit
Post by T o n g
So, how to do IPV6 DNS query?
host -6 <hostname>
"host -6" (and "dig -6") use ipv6 to make the query but don't run an
ipv6 query (unless they do an aaaa query by default along the a query,
but not sure about this).
I'm running DNSmasq as an IPv4 caching DNS on my OpenWRT router for my
LAN and the -6 switch fails.  Meanwhile, not using the -6 switch does
resolve IPv6 host names.  I guess I need to figure out how to teach
DNSmasq to be an IPv6 DNS cache for my LAN as well.
I think that you've misunderstood what I said.

The "-6" is to force the query to use ipv6 networking so, if your
network isn't ipv6-enabled, the query will fail.

You can use ipv4 networking to query a server for an ipv6 address.
Nate Bargmann
2011-03-03 21:17:07 UTC
Permalink
Post by Tom H
Post by Nate Bargmann
Post by Tom H
Post by elbbit
Post by T o n g
So, how to do IPV6 DNS query?
host -6 <hostname>
"host -6" (and "dig -6") use ipv6 to make the query but don't run an
ipv6 query (unless they do an aaaa query by default along the a query,
but not sure about this).
I'm running DNSmasq as an IPv4 caching DNS on my OpenWRT router for my
LAN and the -6 switch fails.  Meanwhile, not using the -6 switch does
resolve IPv6 host names.  I guess I need to figure out how to teach
DNSmasq to be an IPv6 DNS cache for my LAN as well.
I think that you've misunderstood what I said.
The "-6" is to force the query to use ipv6 networking so, if your
network isn't ipv6-enabled, the query will fail.
I understood, perhaps I didn't convey that aspect. At the moment I
don't have an IPv6 namserver running locally so the -6 failed. I may
need to tell radvd to pass an IPv6 DNS server from the tunnel broker if
that is possible.
Post by Tom H
You can use ipv4 networking to query a server for an ipv6 address.
That's what I'm relying on at the moment.

Thanks!

- Nate >>
--
"The optimist proclaims that we live in the best of all
possible worlds. The pessimist fears this is true."

Ham radio, Linux, bikes, and more: http://www.n0nb.us
--
To UNSUBSCRIBE, email to debian-user-***@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact ***@lists.debian.org
Archive: http://lists.debian.org/***@n0nb.us
T o n g
2011-03-04 03:03:14 UTC
Permalink
Thanks everyone for the replies, especially to Tom for the answer.
Post by elbbit
:~$ host -6 www.debian.org
www.debian.org has address 86.59.118.148 www.debian.org has address
82.195.75.97 www.debian.org has IPv6 address
2001:41b8:202:deb:216:35ff:fec4:6340 www.debian.org has IPv6 address
2001:858:2:2:214:22ff:fe0d:7717
$ dig www.debian.org aaaa

; <<>> DiG 9.7.1-P2 <<>> www.debian.org aaaa
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56784
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.debian.org. IN AAAA

;; ANSWER SECTION:
www.debian.org. 218 IN AAAA 2607:f8f0:610:4000:211:25ff:fec4:5b28

;; Query time: 38 msec
;; SERVER: 192.168.2.100#53(192.168.2.100)
;; WHEN: Thu Mar 3 21:58:14 2011
;; MSG SIZE rcvd: 60

I was expecting that the answer will be one of the previous "www.debian.org
has IPv6 address"... Any explanation to this?

Thanks
--
Tong (remove underscore(s) to reply)
http://xpt.sourceforge.net/techdocs/
http://xpt.sourceforge.net/tools/
--
To UNSUBSCRIBE, email to debian-user-***@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact ***@lists.debian.org
Archive: http://lists.debian.org/ikpkpi$9v$***@dough.gmane.org
Chris Davies
2011-03-04 10:21:44 UTC
Permalink
Post by T o n g
Post by elbbit
:~$ host -6 www.debian.org
www.debian.org has IPv6 address 2001:41b8:202:deb:216:35ff:fec4:6340
www.debian.org has IPv6 address 2001:858:2:2:214:22ff:fe0d:7717
$ dig www.debian.org aaaa
www.debian.org. 218 IN AAAA 2607:f8f0:610:4000:211:25ff:fec4:5b28
I was expecting that the answer will be one of the previous "www.debian.org
has IPv6 address"... Any explanation to this?
When I try this (against IPv4 servers - my IPv6 connection isn't yet
active) I get the same two IPv6 addresses for each type of question:

$ host www.debian.org | grep IPv6
www.debian.org has IPv6 address 2001:41b8:202:deb:216:35ff:fec4:6340
www.debian.org has IPv6 address 2001:858:2:2:214:22ff:fe0d:7717

$ dig +aaonly aaaa www.debian.org | grep '^www.*AAAA'
www.debian.org. 212 IN AAAA 2001:858:2:2:214:22ff:fe0d:7717
www.debian.org. 212 IN AAAA 2001:41b8:202:deb:216:35ff:fec4:6340

Chris

Tom H
2011-03-03 05:06:40 UTC
Permalink
Post by T o n g
If I knew how to do IPV6 DNS query, I might have prevented the problem.
So, how to do IPV6 DNS query?
dig maroon aaaa
Continue reading on narkive:
Loading...