# SSH fails to resolve via mdns (*.local)

## FishB8

It used to work. And something changed recently so that it no longer works, and I can't figure out where the problem is.

nss-mdns is installed, and /etc/nsswitch.conf is configured to support mdns lookups.

mdns lookup is working:

```
$ avahi-resolve-host-name HPStream1-Linux.local

HPStream1-Linux.local   172.16.4.6
```

it seems to be propagating to glib (though it takes a little long to lookup):

```
$ getent hosts HPStream1-Linux.local

172.16.4.6      HPStream1-Linux.local
```

I can ping it using a .local address:

```
$ ping HPStream1-Linux.local

PING HPStream1-Linux.local (172.16.4.6) 56(84) bytes of data.

64 bytes from hpstream1-linux.office.kc.com (172.16.4.6): icmp_seq=1 ttl=64 time=0.136 ms

64 bytes from hpstream1-linux.office.kc.com (172.16.4.6): icmp_seq=2 ttl=64 time=0.142 ms

^C

--- HPStream1-Linux.local ping statistics ---

2 packets transmitted, 2 received, 0% packet loss, time 1001ms

rtt min/avg/max/mdev = 0.136/0.139/0.142/0.003 ms
```

But ssh doesn't want to play nice:

```
ssh HPStream1-Linux.local

ssh: Could not resolve hostname hpstream1-linux.local: Name or service not known
```

Aside from a bug, I'm lost as to what would be wrong.

strace only shows connections to nscd sockets (And I've flushed the nscd caceh):

```
execve("/usr/bin/ssh", ["ssh", "HPStream1-Linux.local"], [/* 110 vars */]) = 0

brk(NULL)                               = 0x55629b97c000

mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f181dc7d000

access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)

open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3

fstat(3, {st_mode=S_IFREG|0644, st_size=346657, ...}) = 0

mmap(NULL, 346657, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f181dc28000

close(3)                                = 0

open("/usr/lib64/libcrypto.so.1.0.0", O_RDONLY|O_CLOEXEC) = 3

read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0\202\6\0\0\0\0\0"..., 832) = 832

fstat(3, {st_mode=S_IFREG|0555, st_size=2382312, ...}) = 0

mmap(NULL, 4492504, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f181d612000

mprotect(0x7f181d831000, 2093056, PROT_NONE) = 0

mmap(0x7f181da30000, 163840, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x21e000) = 0x7f181da30000

mmap(0x7f181da58000, 11480, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f181da58000

close(3)                                = 0

open("/lib64/libdl.so.2", O_RDONLY|O_CLOEXEC) = 3

read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0p\16\0\0\0\0\0\0"..., 832) = 832

fstat(3, {st_mode=S_IFREG|0755, st_size=14344, ...}) = 0

mmap(NULL, 2109712, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f181d40e000

mprotect(0x7f181d410000, 2097152, PROT_NONE) = 0

mmap(0x7f181d610000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7f181d610000

close(3)                                = 0

mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f181dc27000

open("/lib64/libz.so.1", O_RDONLY|O_CLOEXEC) = 3

read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0`#\0\0\0\0\0\0"..., 832) = 832

fstat(3, {st_mode=S_IFREG|0755, st_size=92552, ...}) = 0

mmap(NULL, 2187816, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f181d1f7000

mprotect(0x7f181d20d000, 2093056, PROT_NONE) = 0

mmap(0x7f181d40c000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x15000) = 0x7f181d40c000

close(3)                                = 0

open("/lib64/libresolv.so.2", O_RDONLY|O_CLOEXEC) = 3

read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\3409\0\0\0\0\0\0"..., 832) = 832

fstat(3, {st_mode=S_IFREG|0755, st_size=84528, ...}) = 0

mmap(NULL, 2189928, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f181cfe0000

mprotect(0x7f181cff3000, 2097152, PROT_NONE) = 0

mmap(0x7f181d1f3000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x13000) = 0x7f181d1f3000

mmap(0x7f181d1f5000, 6760, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f181d1f5000

close(3)                                = 0

open("/lib64/libc.so.6", O_RDONLY|O_CLOEXEC) = 3

read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\320\10\2\0\0\0\0\0"..., 832) = 832

fstat(3, {st_mode=S_IFREG|0755, st_size=1689000, ...}) = 0

mmap(NULL, 3795440, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f181cc41000

mprotect(0x7f181cdd6000, 2097152, PROT_NONE) = 0

mmap(0x7f181cfd6000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x195000) = 0x7f181cfd6000

mmap(0x7f181cfdc000, 14832, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f181cfdc000

close(3)                                = 0

mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f181dc26000

mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f181dc25000

mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f181dc24000

arch_prctl(ARCH_SET_FS, 0x7f181dc25700) = 0

mprotect(0x7f181cfd6000, 16384, PROT_READ) = 0

mprotect(0x7f181d1f3000, 4096, PROT_READ) = 0

mprotect(0x7f181d40c000, 4096, PROT_READ) = 0

mprotect(0x7f181d610000, 4096, PROT_READ) = 0

mprotect(0x7f181da30000, 114688, PROT_READ) = 0

mprotect(0x55629a7f5000, 12288, PROT_READ) = 0

mprotect(0x7f181dc7e000, 4096, PROT_READ) = 0

munmap(0x7f181dc28000, 346657)          = 0

open("/dev/null", O_RDWR)               = 3

close(3)                                = 0

brk(NULL)                               = 0x55629b97c000

brk(0x55629b99d000)                     = 0x55629b99d000

getpid()                                = 3066

open("/proc/3066/fd", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 3

fstat(3, {st_mode=S_IFDIR|0500, st_size=0, ...}) = 0

getdents(3, /* 8 entries */, 32768)     = 192

close(10)                               = 0

close(11)                               = 0

getdents(3, /* 0 entries */, 32768)     = 0

close(3)                                = 0

getuid()                                = 1000

geteuid()                               = 1000

setresuid(-1, 1000, -1)                 = 0

socket(AF_LOCAL, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3

connect(3, {sa_family=AF_LOCAL, sun_path="/var/run/nscd/socket"}, 110) = 0

sendto(3, "\2\0\0\0\v\0\0\0\7\0\0\0passwd\0", 19, MSG_NOSIGNAL, NULL, 0) = 19

poll([{fd=3, events=POLLIN|POLLERR|POLLHUP}], 1, 5000) = 1 ([{fd=3, revents=POLLIN|POLLHUP}])

recvmsg(3, {msg_name(0)=NULL, msg_iov(2)=[{"", 7}, {"", 8}], msg_controllen=0, msg_flags=MSG_CMSG_CLOEXEC}, MSG_CMSG_CLOEXEC) = 0

close(3)                                = 0

socket(AF_LOCAL, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3

connect(3, {sa_family=AF_LOCAL, sun_path="/var/run/nscd/socket"}, 110) = 0

sendto(3, "\2\0\0\0\1\0\0\0\5\0\0\0001000\0", 17, MSG_NOSIGNAL, NULL, 0) = 17

poll([{fd=3, events=POLLIN|POLLERR|POLLHUP}], 1, 5000) = 1 ([{fd=3, revents=POLLIN|POLLHUP}])

read(3, "\2\0\0\0\1\0\0\0\7\0\0\0\2\0\0\0\350\3\0\0\350\3\0\0\16\0\0\0\r\0\0\0"..., 36) = 36

read(3, "reuben\0x\0Reuben Martin\0/home/reu"..., 46) = 46

close(3)                                = 0

umask(022)                              = 022

open("/etc/ssl/openssl.cnf", O_RDONLY)  = 3

fstat(3, {st_mode=S_IFREG|0644, st_size=10835, ...}) = 0

read(3, "#\n# OpenSSL example configuratio"..., 4096) = 4096

read(3, "Netscape crash on BMPStrings or "..., 4096) = 4096

read(3, " this to avoid interpreting an e"..., 4096) = 2643

read(3, "", 4096)                       = 0

close(3)                                = 0

open("/home/reuben/.ssh/config", O_RDONLY) = -1 ENOENT (No such file or directory)

open("/etc/ssh/ssh_config", O_RDONLY)   = 3

fstat(3, {st_mode=S_IFREG|0644, st_size=1705, ...}) = 0

read(3, "#\t$OpenBSD: ssh_config,v 1.30 20"..., 4096) = 1705

read(3, "", 4096)                       = 0

close(3)                                = 0

socket(AF_LOCAL, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3

connect(3, {sa_family=AF_LOCAL, sun_path="/var/run/nscd/socket"}, 110) = 0

sendto(3, "\2\0\0\0\22\0\0\0\t\0\0\0services\0", 21, MSG_NOSIGNAL, NULL, 0) = 21

poll([{fd=3, events=POLLIN|POLLERR|POLLHUP}], 1, 5000) = 1 ([{fd=3, revents=POLLIN|POLLHUP}])

recvmsg(3, {msg_name(0)=NULL, msg_iov(2)=[{"", 9}, {"", 8}], msg_controllen=0, msg_flags=MSG_CMSG_CLOEXEC}, MSG_CMSG_CLOEXEC) = 0

close(3)                                = 0

socket(AF_LOCAL, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3

connect(3, {sa_family=AF_LOCAL, sun_path="/var/run/nscd/socket"}, 110) = 0

sendto(3, "\2\0\0\0\20\0\0\0\10\0\0\0ssh/tcp\0", 20, MSG_NOSIGNAL, NULL, 0) = 20

poll([{fd=3, events=POLLIN|POLLERR|POLLHUP}], 1, 5000) = 1 ([{fd=3, revents=POLLIN|POLLHUP}])

read(3, "\2\0\0\0\377\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\377\377\377\377", 24) = 24

close(3)                                = 0

open("/etc/nsswitch.conf", O_RDONLY|O_CLOEXEC) = 3

fstat(3, {st_mode=S_IFREG|0644, st_size=482, ...}) = 0

read(3, "# /etc/nsswitch.conf:\n# $Header:"..., 4096) = 482

read(3, "", 4096)                       = 0

close(3)                                = 0

open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3

fstat(3, {st_mode=S_IFREG|0644, st_size=346657, ...}) = 0

mmap(NULL, 346657, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f181dc28000

close(3)                                = 0

open("/lib64/libnss_files.so.2", O_RDONLY|O_CLOEXEC) = 3

read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0000\"\0\0\0\0\0\0"..., 832) = 832

fstat(3, {st_mode=S_IFREG|0755, st_size=43216, ...}) = 0

mmap(NULL, 2164536, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f181ca30000

mprotect(0x7f181ca3a000, 2093056, PROT_NONE) = 0

mmap(0x7f181cc39000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x9000) = 0x7f181cc39000

mmap(0x7f181cc3b000, 22328, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f181cc3b000

close(3)                                = 0

mprotect(0x7f181cc39000, 4096, PROT_READ) = 0

munmap(0x7f181dc28000, 346657)          = 0

open("/etc/services", O_RDONLY|O_CLOEXEC) = 3

fstat(3, {st_mode=S_IFREG|0644, st_size=36140, ...}) = 0

read(3, "# /etc/services\n#\n# Network serv"..., 4096) = 4096

close(3)                                = 0

ioctl(0, TCGETS, {B38400 opost isig icanon echo ...}) = 0

open("/dev/urandom", O_RDONLY|O_NOCTTY|O_NONBLOCK) = 3

fstat(3, {st_mode=S_IFCHR|0666, st_rdev=makedev(1, 9), ...}) = 0

poll([{fd=3, events=POLLIN}], 1, 10)    = 1 ([{fd=3, revents=POLLIN}])

read(3, "\352\350\204\326\212\213\22\350\321\212\361\340\222\241c\244\3302<\224\273\10\265\3350\1[T+\203\244\23", 32) = 32

close(3)                                = 0

getuid()                                = 1000

uname({sysname="Linux", nodename="travesty", ...}) = 0

socket(AF_LOCAL, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3

connect(3, {sa_family=AF_LOCAL, sun_path="/var/run/nscd/socket"}, 110) = 0

sendto(3, "\2\0\0\0\r\0\0\0\6\0\0\0hosts\0", 18, MSG_NOSIGNAL, NULL, 0) = 18

poll([{fd=3, events=POLLIN|POLLERR|POLLHUP}], 1, 5000) = 1 ([{fd=3, revents=POLLIN|POLLHUP}])

recvmsg(3, {msg_name(0)=NULL, msg_iov(2)=[{"", 6}, {"", 8}], msg_controllen=0, msg_flags=MSG_CMSG_CLOEXEC}, MSG_CMSG_CLOEXEC) = 0

close(3)                                = 0

socket(AF_LOCAL, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3

connect(3, {sa_family=AF_LOCAL, sun_path="/var/run/nscd/socket"}, 110) = 0

sendto(3, "\2\0\0\0\16\0\0\0\26\0\0\0hpstream1-linux.loca"..., 34, MSG_NOSIGNAL, NULL, 0) = 34

poll([{fd=3, events=POLLIN|POLLERR|POLLHUP}], 1, 5000) = 1 ([{fd=3, revents=POLLIN|POLLHUP}])

read(3, "\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", 24) = 24

close(3)                                = 0

write(2, "ssh: Could not resolve hostname "..., 82ssh: Could not resolve hostname hpstream1-linux.local: Name or service not known

) = 82

exit_group(255)                         = ?

+++ exited with 255 +++

```

----------

## Ant P.

The only thing I could think of is nscd's caching stale mDNS hostnames; it shouldn't be involved at all, avahi-daemon does its own caching. Have you tried disabling that?

----------

## FishB8

 *Ant P. wrote:*   

> The only thing I could think of is nscd's caching stale mDNS hostnames; it shouldn't be involved at all, avahi-daemon does its own caching. Have you tried disabling that?

 

I don't think the cache itself is stale. I had been bouncing the daemon to make sure the cache was flushed. Rather I think it's just plain broken. After turning it off ssh works.

----------

## UberLord

 *FishB8 wrote:*   

> 
> 
> nss-mdns is installed, and /etc/nsswitch.conf is configured to support mdns lookups.
> 
> 

 

I challenge that assertation because only libnss_files.so is loaded according to your trace, nothing either dns or mdns related is loaded.

Why don't you post your config?

----------

## FishB8

Yes, but when nscd is not running it does connect to avahi.

```
# strace ssh HPStream1-Linux.local 2>&1 | grep connect

connect(3, {sa_family=AF_LOCAL, sun_path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)

connect(3, {sa_family=AF_LOCAL, sun_path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)

connect(3, {sa_family=AF_LOCAL, sun_path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)

connect(3, {sa_family=AF_LOCAL, sun_path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)

connect(3, {sa_family=AF_LOCAL, sun_path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)

connect(3, {sa_family=AF_LOCAL, sun_path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)

connect(3, {sa_family=AF_LOCAL, sun_path="/var/run/avahi-daemon/socket"}, 110) = 0

connect(3, {sa_family=AF_INET, sin_port=htons(22), sin_addr=inet_addr("172.16.4.6")}, 16) = 0

connect(4, {sa_family=AF_LOCAL, sun_path="/tmp/ssh-PuuUU8ixE7Kr/agent.1569"}, 110) = 0
```

my nsswitch.conf

```

passwd:      files

shadow:      files

group:       files

#hosts:       files mdns4_minimal [NOTFOUND=return] resolve mdns mymachines wins myhostname

hosts:       files mdns4_minimal [NOTFOUND=return] dns mdns mymachines wins myhostname

networks:    files dns

services:    files

protocols:   files

rpc:         files

ethers:      files

netmasks:    files

netgroup:    files

bootparams:  files

automount:   files

aliases:     files

```

----------

