[Pdns-users] forward-zones, SSHFP and non-FQDN

Willem gwillem at gmail.com
Wed Dec 8 16:06:13 UTC 2010


Hi there,

Happy longtime PDNS user here. I'm setting up SSHFP to be able to
utilize the openssh VerifyHostKeyDNS feature. My internal network uses
a local pdns_recursor resolver with this setting:

 forward-zones=internal=IP_OF_PDNS_AUTH_SERVER

So machines can find each other with serverX.internal. This works fine
for most apps, however not for openssh. When it looks up the SSHFP
record, it doesn't expand boxX to use the FQDN (.internal) as has been
specified in resolv.conf. Imho this is by design but this renders the
feature useless in my network (unless I stick to using FQDNs).

Apart from patching openssh, would it possible to tell powerdns
recursor to also forward non-FQDN queries to a specific source? Ie.
lookups for hosts without a dot?

Alternative solutions welcome :)

Cheers!
Willem



More information about the Pdns-users mailing list