Thursday, March 5, 2009

Telnet: Temporary Failure in Name Resolution: Illegal Seek

When using a Windows client to telnet to a Linux server, I kept getting the following error:
temporary failure in name resolution: illegal seek
The logs on the Linux server showed that the client was connecting, but they were never presented with a login prompt. After checking the Windows client's name resolution I checked name resolution on the Linux server. Everything worked properly on the Windows clients, but I got an error on the Linux server when trying to perform a nslookup on the linux server for the Windows client's IP address. The error I was receiving when I did the nslookup on the Linux server was ** server can't find 10.20.168.192.in-addr.arpa: SERVFAIL


The Linux server looks queries a Windows 2003 server for DNS. Upon seeing the above error from nslookup I realized that the server couldn't do a reverse DNS look up for the client. After checking the DNS server I noticed that there was not a reverse DNS zone setup for the subnet that the client was in. I set up a revers lookup zone for the subnet and the clients were able to successfully telnet into the Linux box.

The real question is why? Why is Linux doing a reverse DNS look up for telnet connections? Incidentally, clients could SSH to the Linux server without any problems. I found a pretty sufficient answer from "The Answer Guy" at this site. He essentially explains that because telnet is an insecure protocol, Linux tries to counteract this by doing a "double reverse look up". This would help explain why SSH would work.

No comments: