ssh "cannot resolve host" if host is an A entry, but works with CNAME

by Danduk82   Last Updated August 26, 2017 18:00 PM

I have a very strange behavior (bug?) with my ssh client. When I try to use it with an A record, say ssh -vvvT github.com I get the following error:

ssh -vvvT github.com OpenSSH_7.2p2 Ubuntu-4ubuntu2.2, OpenSSL 1.0.2g 1 Mar 2016 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug2: resolve_addr: could not resolve name github.com as address: Name or service not known ssh: Could not resolve host "github.com"

Which is different from the answer I get when I try with a CNAME that points also to the same A entry (www.github.com IN CNAME github.com) :

ssh -vT www.github.com
OpenSSH_7.2p2 Ubuntu-4ubuntu2.2, OpenSSL 1.0.2g 1 Mar 2016 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug1: Re-reading configuration after hostname canonicalisation debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug1: Connecting to www.github.com [192.30.253.113] port 22. debug1: Connection established. [...] debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.2 debug1: Remote protocol version 2.0, remote software version libssh_0.7.0 debug1: no match: libssh_0.7.0 debug1: Authenticating to www.github.com:22 as 'user' debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: algorithm: [email protected] debug1: kex: host key algorithm: ssh-rsa debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none debug1: expecting SSH2_MSG_KEX_ECDH_REPLY [...] Permission denied (publickey).

We see that here it waits for the canonicalisation of DNS and then it can resolve it.

I am struggling with this since a couple of days. I have tried, I think, almost anything I found, such as: - disabling dnsmasq - refreshing dns cache - changing resolver servers

I have the same problem if I am at home or at work (laptop machine). So I guess the problem is really something with my machine.

The problem is not related only to github, I have the same problem with any A record I have tested...

And all the DNS clients or debug software I have tested can resolve theses records without problems (dig, nslookup, etc).

Does anyone have an idea? I'd like to understand and solve this, and not re-install the machine as I am starting to think about...

system: ubuntu 16.04 ssh version: ssh OpenSSH_7.2p2 Ubuntu-4ubuntu2.2, OpenSSL 1.0.2g 1 Mar 2016



Related Questions


domain name isn't added to hostname

Updated January 11, 2016 11:00 AM

Running Nameserver behind NAT

Updated June 18, 2017 08:00 AM

Conditional Forwarder windows 2008 server

Updated July 27, 2015 17:00 PM