Solved sshd: reverse mapping checking getaddrinfo ... failed

rigoletto@

Developer
Hello,

I do have dns/unbound as resolver, and dns/nsd as authoritative server for private address only. Both seem to be working correctly:

host workstation.mydomain.com:
Code:
workstation.mydomain.com has address 192.168.0.10

host 192.168.0.10
Code:
10.0.168.192.in-addr.arpa domain name pointer \
workstation.mydomain.com.0.168.192.in-addr.arpa.

*Using drill or dig also do not report any error.

So, apparently everything is correctly configured but everytime a log in on that server using ssh I have this message on auth.log:
Code:
reverse mapping checking getaddrinfo for  \
workstation.mydomain.com.0.168.192.in-addr.arpa [192.168.0.10] failed \
- POSSIBLE BREAK-IN ATTEMPT! [192.168.0.10]

I do not know what (and where) could be going wrong, and what kind of information exactly would be more useful to post here.

PS. the domain is a real one, registered.

Thanks!
 
Your reverse lookup doesn't look correct.

Code:
root@molly:~ # host molly.dicelan.home
molly.dicelan.home has address 192.168.10.190
molly.dicelan.home has IPv6 address 2001:470:1f15:bcd::190
root@molly:~ # host 192.168.10.190
190.10.168.192.in-addr.arpa domain name pointer molly.dicelan.home.

Note how the reverse resolves to the hostname not molly.dicelan.home.0.198.192.in-addr.arpa.
 
The reverse file look like this, as per Digital Ocean guide:

Code:
$ORIGIN 0.168.192.in-addr.arpa. ; default zone domain
$TTL 1800                       ; default time to live

@                      IN      SOA     ns1.mydomain.com.    admin.mydomain.com. (
                               2017021308      ; serial number
                                3600            ; Refresh
                                900             ; Retry
                                1209600         ; Expire
                                1800            ; Min TTL
                                )

                        IN NS   ns1.mydomain.com

10                       IN PTR  workstation.mydomain.com

But also tried like this, as per Calomel.org guide:

Code:
...
0.168.192.in-addr.arpa.          IN      SOA     ns1.mydomain.com.    admin.mydomain.com. (
...
0.168.192.in-addr.arpa.   IN PTR workstation

Thanks!
 
It should be:
Code:
10                       IN PTR  workstation.mydomain.com.
Note the dot at the end. This is to indicate it's a fully qualified domain name. If it's not an FQDN it will attach the $ORIGIN domain to the hostname.
 
Back
Top