How does OpenSSH / NSS determine the address to use for a hostname with multiple DNS entries?

ssh centos nss

Solution 1:

How does OpenSSH / NSS determine the address to use for a hostname with multiple DNS entries?

getaddrinfo() the libc name resolver. Every address resolved is attempted, see sshconnect.c

ssh_config is sometimes useful as a crude name resolver because HostName real name keywords can go under Host or Match blocks. Problem is, I don't know of a way to modify these without duplicating the IP addresses. It is not powerful enough to rewrite names any way you like.

glibc allows influence of getaddrinfo sort order via gai.conf. This is not a ssh client config, it would affect glibc name resolution, and almost all software on the system.

Multiple DNS records of the same name, only one of which works to connect, is causing problems. Alter DNS such that there is a name that can be used for SSH. For example, renaming one of those zones such that the full name is unqiue, say my-weird-AD-device.zone.company.com. Or, add an additional short name to DNS for this host with only the correct IP, so my-weird-AD-device-2.

Related

Why my Windows DNS Server automatically add more TLD (.co.id) when i try to find domain using nslookup?
SSH Connection Error: buffer_put_cstring: s == NULL [preauth]
One RewriteCond for multiple RewriteRules
azure pipeline getting failed with below Failed to acquire a token Kubernetes Task
SNMP and SQL Server, is it possible to store the alerts in sql server without using any program?
open() "/run/nginx.pid" failed (13: Permission denied)
acpi package has zero elements CentOS 7 boot error
Want to enable Windows Server firewall - how to know what ports to open
OpenVPN won't start as a service with config file
Server push : how to make it work
How can I set up a point-to-point IPv6 GRE tunnel encrypted with ipsec between my Mikrotik CCR2004 router and a Linux host running Strongswan?
How to clear Openswan logs?