Marc Chamberlin wrote:
Hello - I am running an OpenSuSE 15.3 x64 system where I am also running a NAMED server for my network.
quasar:/etc/named.d # named -v BIND 9.16.6 (Stable Release) <id:25846cf>
Same here, albeit on Leap 15.2.
quasar:/etc/named.d # ssh -V OpenSSH_8.4p1, OpenSSL 1.1.1d 10 Sep 2019
Roughly the same here, depending on which system. I like how you are careful with describing the context, +1
Apparently recently something has changed which is now breaking SSH's ability to connect to a URL with upper case letters in the host name.
First of all, lower/upper case is irrelevant in DNS. It does look as if ssh sort of looks at case though - at least when it comes to managing known_hosts. Interesting.
(I connect and use SSH within a port knocking script which has worked for many years, so I know it is not caused by something I am doing, but by a change that has occurred within either SSH or NAMED.) Internet and Googling searches seem to imply that Bind (NAMED) is now resolving URL's in a case sensitive fashion.
Not here. I have a host called 'gaston' - using host or dig (or ssh), lower/upper case, it always resolves correctly.
https://kb.isc.org/docs/aa-01113 and I suspect this change has just now caught up with me.
It seems to be specifically related to response compression, I'm not sure when that is used.
But, I don't know if the fault lies entirely with Bind/NAMED.
What _is_ the fault? if it is "breaking SSH's ability to connect to a URL with upper case letters in the host name", I cannot confirm - it works fine here.
SSH appears to be mangling URLs, changing upper case letters within a URL, to lower case before asking a name server to resolve them.
Wait - lets get the terminology right. ssh does not deal with URLs, only with hostnames and/or -addresses. I agree ssh should not be changing anything in a URL, but folding a hostname to lower case before resolving it should not have _any_ impact on the resolution of the name.
(IMHO this is extremely bad behavior on SSH's part because it is destroying user supplied data, something a program should never do!) Here is an example of what I am seeing that leads me to this conclusion -
ssh marc@darkstarINT.mydomain.com ssh: connect to host darkstarint.mydomain.com port 22: No route to host
Notice SSH changed the upper case "INT" in the host name "darkstarINT" to a lower case "int" in the query.
Yup, same behaviour here.
Doing some further Googling, I found some references to using an ACL declaration in the NAMED configuration files, but I am unable to find any easy/clear guidance or examples on how to do this.
Using ACLs is no big deal, but I don't see what you're trying to achieve. We can start another thread on that if you want.
Does anyone here know either how to keep SSH from converting a URL, that it is querying, to stop this horrid conversion of a URL to all lower case, or how to get NAMED to handle queries in a case insensitive manner?
I think you are jumping to solutions. Maybe try the following on your system, to confirm if your DNS is case-insensitive (or not): host darkstarINT.mydomain.com host darkstarint.mydomain.com Next, maybe try both variations with ssh: ssh darkstarINT.mydomain.com ssh darkstarint.mydomain.com -- Per Jessen, Zürich (7.7°C) Member, openSUSE Heroes (2016 - present) We're hiring - https://en.opensuse.org/openSUSE:Heroes