Bug 2405 - Description of UseDNS option is not accurate
Summary: Description of UseDNS option is not accurate
Status: CLOSED FIXED
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: Documentation (show other bugs)
Version: 6.8p1
Hardware: Other Linux
: P5 enhancement
Assignee: Damien Miller
URL:
Keywords:
Depends on:
Blocks: V_7_0
  Show dependency treegraph
 
Reported: 2015-05-28 17:56 AEST by Jakub Jelen
Modified: 2016-08-02 10:41 AEST (History)
2 users (show)

See Also:

Attachments
Document UseDNS better (875 bytes, patch)
2015-07-17 13:46 AEST, Damien Miller 		dtucker: ok+
Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jakub Jelen 2015-05-28 17:56:17 AEST 
After releasing openssh-6.8 with new default "UseDNS no", some of our users were surprised that they can't connect to their machines with authorized keys limited to hostname, example:
'from="host.example.org" ssh-rsa ...' in ~/.ssh/authorized_keys

Manual page should state that this option turns off not only reverse lookups (from manual page -- "look up the remote host name and check that the resolved host name for the remote IP address maps back to the very same IP address"), but all DNS functionality that is required for some functions to work, for example above mentioned authorized_keys based on hostname.

Based on Red Hat bugziila [1].

[1] https://bugzilla.redhat.com/show_bug.cgi?id=1225239
Comment 1 Damien Miller 2015-07-17 13:46:38 AEST 
Created attachment 2674 [details]
Document UseDNS better
Comment 2 Darren Tucker 2015-07-17 13:55:05 AEST 
Comment on attachment 2674 [details]
Document UseDNS better

ok, but I wonder if checking the reverse mapping even has any value at all these days...
Comment 3 Damien Miller 2015-07-20 10:30:17 AEST 
applied - will be in OpenSSH 7.0. Thanks!
Comment 4 Damien Miller 2016-08-02 10:41:46 AEST 
Close all resolved bugs after 7.3p1 release