Hi,
I have noticed that when named (BIND9) is running on my Debian Etch
server, a remote SSH login to the server causes a large number of IP
packets to be sent out to various addresses which resolve to the root
name servers (e.g. M.ROOT-SERVERS.NET). These are sent out via UDP to
port 53, and this behavior does not occur when named is not running.
I am quite sure the login event is linked to these packets, due to
the exact timing, multiple tests, and the fact that not much else is
going on with the box. (It's a new server that I am preparing for
deployment, and I observed this behavior while testing my firewall).
My question is: Why does sshd need to resolve domain names, if indeed
this is what is happening? I am using the default SSH config and
logging in via public key authentication (plaintext private key). I
am using an IP address for the log-in, rather than a hostname.
The reason I would like to know about this is because I am setting up
my firewall, so I would like to know about whether outbound traffic
to port 53 is really necessary for SSH to function.
Thank you!
Bogart Salzberg
-- List Info: http://erdelynet.com/ssh-l/ List Archives: http://erdelynet.com/archive/ssh-l/ To Unsubscribe: Mail mailto:ssh+unsubscribe@erdelynet.comReceived on Fri, 8 Jun 2007 11:32:27 -0400
This archive was generated by hypermail 2.1.8 : Wed Jul 04 2007 - 16:59:33 EDT