On Thu, Aug 11, 2011 at 10:35:16AM -0600, Jeff Ross wrote: > I'm logging into a remote server and on the remote end I see this in the > logs: > > 2011-08-11 10:20:34.701069500 auth.info: sshd[20129]: Address > 71.37.181.185 maps to heinlein.openvistas.net, but this does not map > back to the address - POSSIBLE BREAK-IN ATTEMPT! > > That is incorrect, though.
... > > On the remote end sshd is set to UseDNS (not changed from default). Any > ideas on why this is failing? > > Jeff Is the DNS server, that the remote server is using, trustable? If it lies answers ie. gives different answers of heinlein lookups, (perhaps in order to snarf up jobs that contact heinlein from the remote server). I hate to say this but DNS is not that trustable unless DNSSEC is used because it verifies an answer, which I believe is not done in the resolver. Your error message does not make sense if plain DNS were trustable. But it's not. -peter
