[stunnel-users] stunnel client connecting to host with dynamic

C.J. Adams-Collier cjac at colliertech.org
Tue Feb 10 19:59:09 CET 2009


If you watch port 53 (tcpdump, tshark, etc.), do you see a request
leave the host and come back with the old name?  It sounds to me like
you're getting a stale value from the cache somewhere...

Can you run stunnel under strace or gdb and see what it does to get
the hostname resolved?

On Tue, Feb 10, 2009 at 11:08:36PM +0800, Adamson H wrote:
> Hi, I have named local resolver enabled on the stunnel client (FreeBSD  
> 7.0). I did a test on the client and found there was no problem with the  
> local resolver.
>
> 1. on the stunnel client: dig hostname.dynaip.org --> points to the  
> correct IP of the stunnel host
> 2. restart ppp on stunnel host to get a new IP
> 3. on the stunnel client: dig hostname.dynaip.org --> points to the  
> updated IP of the stunnel host
>
> I tested ftp service on the stunnel host without going through stunnel,  
> and it worked before and after the IP change.
>
> Regards,
> Adamson H
>
> -------- Original Message --------
> Subject: Re: [stunnel-users] stunnel client connecting to host with dynamic
> From: Michal Trojnara <Michal.Trojnara at mobi-com.net>
> To: stunnel-users at mirt.net
> Date: 02/10/2009 10:32 PM
>> Adamson H wrote:
>>   
>>> I added delay = yes to my stunnel client conf file and removed the 
>>> cron script.  The rsync job (873) failed after the IP of the stunnel 
>>> host had changed.  I had to manually restart stunnel to get the job 
>>> done and put the cron script back again.
>>>
>>> delay = yes does not with work with ddns.
>>>     
>>
>> That's really strange.  The relevant client.c code is:
>>
>>     /* setup address_list */
>>     if(c->opt->option.delayed_lookup) {
>>         resolved_list.num=0;
>>         if(!name2addrlist(&resolved_list,
>>                 c->opt->remote_address, DEFAULT_LOOPBACK)){
>>             s_log(LOG_ERR, "No host resolved");
>>             longjmp(c->err, 1);
>>         }
>>         address_list=&resolved_list;
>>     } else /* use pre-resolved addresses */
>>         address_list=&c->opt->remote_addr;
>>
>> Maybe you use some kind of advanced/broken resolver library that caches IP
>> addresses?
>>
>> Best regards,
>>     Mike
>> _______________________________________________
>> stunnel-users mailing list
>> stunnel-users at mirt.net
>> http://stunnel.mirt.net/mailman/listinfo/stunnel-users
>>
>>   
>
> _______________________________________________
> stunnel-users mailing list
> stunnel-users at mirt.net
> http://stunnel.mirt.net/mailman/listinfo/stunnel-users
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20090210/4160bd8a/attachment.sig>


More information about the stunnel-users mailing list