From: Marc Chamberlin <marc@marcchamberlin.com> Date: Wed, 8 Mar 2023 14:04:48 -0800 Hello - I am running an OpenSuSE 15.3 x64 system where I am also running a NAMED server for my network.
quasar:/etc/named.d # named -v BIND 9.16.6 (Stable Release) <id:25846cf> quasar:/etc/named.d # ssh -V OpenSSH_8.4p1, OpenSSL 1.1.1d 10 Sep 2019 Apparently recently something has changed which is now breaking SSH's ability to connect to a URL with upper case letters in the host name. (I connect and use SSH within a port knocking script which has worked for many years, so I know it is not caused by something I am doing, but by a change that has occurred within either SSH or NAMED.) Internet and Googling searches seem to imply that Bind (NAMED) is now resolving URL's in a case sensitive fashion. https://kb.isc.org/docs/aa-01113 and I suspect this change has just now caught up with me.
But, I don't know if the fault lies entirely with Bind/NAMED. SSH appears to be mangling URLs, changing upper case letters within a URL, to lower case before asking a name server to resolve them. (IMHO this is extremely bad behavior on SSH's part because it is destroying user supplied data, something a program should never do!) Here is an example of what I am seeing that leads me to this conclusion -
ssh marc@darkstarINT.mydomain.com ssh: connect to host darkstarint.mydomain.com port 22: No route to host
Notice SSH changed the upper case "INT" in the host name "darkstarINT" to a lower case "int" in the query. I checked the log file at /var/log/named/named and indeed saw the query for the URL, from SSH, was all lower case. The message "No route to host" is misleading (probably because of bad error handling) and just means SSH was unable to get an IP address from the DNS server for the URL host name, that it mangled. Since Day 1, DNS has been case-insensitive, and as far as I know, the ssh client has always made its DNS queries in lowercase, so I don't think DNS is your problem. Try doing ssh -vvv marc@darkstarINT.mydomain.com and tell us what ssh says. -- Bob Rogers http://www.rgrjr.com/