Monthly Archives: June 2005

Apple’s Patched OpenSSH doing SRV lookups?

Posted on by
4

Recently, while trying to figure out why ssh is taking so long to connect to many systems under Mac OS X 10.4.1, I sniffed the DNS traffic. To my surprise, I see SSH is doing SRV lookups:

0.000000  10.100.0.23 -> 10.100.0.10  DNS Standard query SRV _telnet._tcp.mariesa.techsupport.local
0.001124  10.100.0.23 -> 10.100.0.10  DNS Standard query SRV _telnet._tcp.mariesa.techsupport.local
0.001272  10.100.0.10 -> 10.100.0.23  DNS Standard query response, No such name
0.001989  10.100.0.23 -> 10.100.0.10  DNS Standard query SRV _telnet._tcp.mariesa.techsupport.local
0.002321  10.100.0.10 -> 10.100.0.23  DNS Standard query response, No such name
0.002848  10.100.0.23 -> 10.100.0.10  DNS Standard query SRV _telnet._tcp.mariesa.techsupport.local
0.003176  10.100.0.10 -> 10.100.0.23  DNS Standard query response, No such name
0.003993  10.100.0.10 -> 10.100.0.23  DNS Standard query response, No such name
2.027353  10.100.0.23 -> 10.100.0.10  DNS Standard query SRV _telnet._tcp.mariesa.techsupport.local.techsupport.local
2.027840  10.100.0.23 -> 10.100.0.10  DNS Standard query SRV _telnet._tcp.mariesa.techsupport.local.techsupport.local
2.028764  10.100.0.10 -> 10.100.0.23  DNS Standard query response, No such name
2.029120  10.100.0.10 -> 10.100.0.23  DNS Standard query response, No such name
2.029562  10.100.0.23 -> 10.100.0.10  DNS Standard query SRV _telnet._tcp.mariesa.techsupport.local.techsupport.local
2.030249  10.100.0.23 -> 10.100.0.10  DNS Standard query SRV _telnet._tcp.mariesa.techsupport.local.techsupport.local
2.030829  10.100.0.10 -> 10.100.0.23  DNS Standard query response, No such name
2.031551  10.100.0.10 -> 10.100.0.23  DNS Standard query response, No such name
4.042563  10.100.0.23 -> 10.100.0.10  DNS Standard query A mariesa.techsupport.local
4.043651  10.100.0.10 -> 10.100.0.23  DNS Standard query response A 10.100.0.103
4.064124  10.100.0.23 -> 10.100.0.10  DNS Standard query A mariesa.techsupport.local
4.065093  10.100.0.10 -> 10.100.0.23  DNS Standard query response A 10.100.0.103

That is very aggravating, since I don’t see a way to turn it off. Some Googling reveals a post on the topic.

Update: Stany did a little digging, found lots of patches, but not what I was looking for:

Now, regarding SRV lookups…. I’ve not noticed anything magic in the source that causes that to happen. Maybe that’s part of GSSAPI stuff – I frankly weren’t looking too closely. Maybe it’s something that libSystem.B.dylib does on behalf of ssh. Further investigation is needed, as it didn’t jump out at me.

So I’m thinking that this must be a part of the resolver. Although, it is doing lookups for _telnet._tcp.