Resolved: Reverse mapping checking getaddrinfo for {Reverse DNS hostname [IP Address]} failed – POSSIBLE BREAK-IN ATTEMPT!

Resolved: Reverse mapping checking getaddrinfo for {Reverse DNS hostname [IP Address]} failed – POSSIBLE BREAK-IN ATTEMPT!

If you start looking at the SSH log: “/var/log/auth.log” you might come across a lot of “Reverse mapping checking getaddrinfo for {Reverse DNS hostname [IP Address]} failed – POSSIBLE BREAK-IN ATTEMPT!” messages. In my case I only had login attempts from my IP Address so I wasn’t too worried but I wanted to get to understand why this message was appearing.

After reading online things made more sense. The message references a “reverse mapping check” and on the message itself it has the reverse DNS hostname of my IP Address. So what is going on is that it does a circular DNS check. It gets your IP address, it then does a reverse DNS check (for most ISPs the reverse DNS would be one they set), and then it will try to perform an IP resolution on that DNS hostname. Clearly for most people their ISPs won’t set up the reverse DNS to their hostnames which they can control. Because of this the reverse mapping check will fail. Forward and Reverse DNS needs to be configured correctly and coherently.


 

RESOLUTION

To resolve this issue you need to setup your PTR record and make sure the entire circular DNS validation is set up properly:

  • Setup PTR record on the DNS server in use
  • As an alternative of above option, one can put “UseDNS no” in /etc/ssh/sshd_config on server and restart sshd.

ROOT CAUSE

  • There is no reverse DNS setup for the hostname that is used, or the reverse DNS isn’t setup to resolve to a host name that resolves to the IP address (forward DNS).

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.