Hello - I am running an OpenSuSE 15.3 x64 system where I am also running a NAMED server for my network.
quasar:/etc/named.d # named -v BIND 9.16.6 (Stable Release) <id:25846cf> quasar:/etc/named.d # ssh -V OpenSSH_8.4p1, OpenSSL 1.1.1d 10 Sep 2019 Apparently recently something has changed which is now breaking SSH's ability to connect to a URL with upper case letters in the host name. (I connect and use SSH within a port knocking script which has worked for many years, so I know it is not caused by something I am doing, but by a change that has occurred within either SSH or NAMED.) Internet and Googling searches seem to imply that Bind (NAMED) is now resolving URL's in a case sensitive fashion. https://kb.isc.org/docs/aa-01113 and I suspect this change has just now caught up with me.
But, I don't know if the fault lies entirely with Bind/NAMED. SSH appears to be mangling URLs, changing upper case letters within a URL, to lower case before asking a name server to resolve them. (IMHO this is extremely bad behavior on SSH's part because it is destroying user supplied data, something a program should never do!) Here is an example of what I am seeing that leads me to this conclusion -
ssh marc@darkstarINT.mydomain.com ssh: connect to host darkstarint.mydomain.com port 22: No route to host
Notice SSH changed the upper case "INT" in the host name "darkstarINT" to a lower case "int" in the query. I checked the log file at /var/log/named/named and indeed saw the query for the URL, from SSH, was all lower case. The message "No route to host" is misleading (probably because of bad error handling) and just means SSH was unable to get an IP address from the DNS server for the URL host name, that it mangled. Doing some further Googling, I found some references to using an ACL declaration in the NAMED configuration files, but I am unable to find any easy/clear guidance or examples on how to do this. Does anyone here know either how to keep SSH from converting a URL, that it is querying, to stop this horrid conversion of a URL to all lower case, or how to get NAMED to handle queries in a case insensitive manner? (perhaps using the ACL declaration that I found some references to.) If not, does anyone know of a better forum I could ask? Links to documentation, with examples, would also be appreciated, after hours of searching I was not able to find anything helpful. I know I could go through all my NAMED configuration files and and either add duplicate zones or use CNAME perhaps to add in all lower case equivalent host names but that seems like a huge burden and a bunch of extra maintenance overhead. Thanks and as always appreciate thoughts, ideas, and the time it takes to write a reply... Marc... -- *"The Truth is out there" - Spooky* *_ _ . . . . . . _ _ . _ _ _ _ . . . . _ . . . . _ _ . _ _ _ . . . . _ _ . _ . . _ . _ _ _ _ . _ . _ . _ . _ . * Computers: the final frontier. These are the voyages of the user Marc. His mission: to explore strange new hardware. To seek out new software and new applications. To boldly go where no Marc has gone before! (/This email is digitally signed and the OpenPGP electronic signature is added as an attachment. If you know how, you can use my public key to prove this email indeed came from me and has not been modified in transit. My public key, which can be used for sending encrypted email to me also, can be found at - https://keys.openpgp.org/search?q=marc@marcchamberlin.com or just ask me for it and I will send it to you as an attachment. If you don't understand all this geek speak, no worries, just ignore this explanation and ignore the OpenPGP signature key attached to this email (it will look like gibberish if you open it) and/or ask me to explain it further if you like./)