New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SSH Tunnel connection fails with DNS #686

Closed
confuser opened this Issue Nov 1, 2014 · 7 comments

Comments

Projects
None yet
5 participants
@confuser

confuser commented Nov 1, 2014

The tunnel itself is fine through another server, however, when trying to connect to the database using a custom domain name with a custom DNS server, it fails.

Changing the address to its internal IP allows a successful connection. Other systems are successfully connecting using the domain name.

The SSH tunnel has the custom DNS server, and can successfully look up the domain.

@stennie

This comment has been minimized.

Show comment
Hide comment
@stennie

stennie Nov 15, 2014

Contributor

@confuser If you are using an SSH tunnel to forward local ports to a remote host, the database connection string from Robomongo's point of view will be the local hostname and port (eg localhost:27017). If you want to use the domain name of the remote host it will also have to resolve from the local machine (for example, you could add an entry in /etc/hosts).

Robomongo (or other apps) will not try to resolve names on the other end of the tunnel; the whole point of the tunnel is to securely connect two endpoints that otherwise do not have direct access. If your custom DNS resolves from a normal command line without extra configuration, the same DNS should work from Robomongo.

If the problem is something else, can you provide more details on your set up?

Thanks!

Contributor

stennie commented Nov 15, 2014

@confuser If you are using an SSH tunnel to forward local ports to a remote host, the database connection string from Robomongo's point of view will be the local hostname and port (eg localhost:27017). If you want to use the domain name of the remote host it will also have to resolve from the local machine (for example, you could add an entry in /etc/hosts).

Robomongo (or other apps) will not try to resolve names on the other end of the tunnel; the whole point of the tunnel is to securely connect two endpoints that otherwise do not have direct access. If your custom DNS resolves from a normal command line without extra configuration, the same DNS should work from Robomongo.

If the problem is something else, can you provide more details on your set up?

Thanks!

@confuser

This comment has been minimized.

Show comment
Hide comment
@confuser

confuser Nov 15, 2014

Other apps such as WinSCP handles this scenario just fine. The host is set to a custom domain, and the tunnel is set to the domain which major DNS servers can lookup.

Running the ssh tunnel command via the command line works fine too.

RoboMongo is the only app I currently use with tunnel capabilities that does not perform the DNS look-up of the host, on the tunnel'd host.

confuser commented Nov 15, 2014

Other apps such as WinSCP handles this scenario just fine. The host is set to a custom domain, and the tunnel is set to the domain which major DNS servers can lookup.

Running the ssh tunnel command via the command line works fine too.

RoboMongo is the only app I currently use with tunnel capabilities that does not perform the DNS look-up of the host, on the tunnel'd host.

@stennie

This comment has been minimized.

Show comment
Hide comment
@stennie

stennie Nov 15, 2014

Contributor

@confuser How does WinSCP add the DNS to the host environment? Are you using a proxy setup in addition to (or instead of) a tunnel? Robomongo isn't doing anything special with name resolution.

It looks like WinSCP can add name resolution when using a proxy (http://winscp.net/eng/docs/ui_login_proxy#dns) but I don't see any options for doing this as part of ssh tunnelling: http://winscp.net/eng/docs/tunneling. Can you include some more details on the connection set up so we could try to reproduce this?

In the non-Windows world an ssh tunnel does not imply any changes to DNS.

Contributor

stennie commented Nov 15, 2014

@confuser How does WinSCP add the DNS to the host environment? Are you using a proxy setup in addition to (or instead of) a tunnel? Robomongo isn't doing anything special with name resolution.

It looks like WinSCP can add name resolution when using a proxy (http://winscp.net/eng/docs/ui_login_proxy#dns) but I don't see any options for doing this as part of ssh tunnelling: http://winscp.net/eng/docs/tunneling. Can you include some more details on the connection set up so we could try to reproduce this?

In the non-Windows world an ssh tunnel does not imply any changes to DNS.

@stennie stennie reopened this Nov 15, 2014

@stennie stennie added the needs repro label Nov 15, 2014

@confuser

This comment has been minimized.

Show comment
Hide comment
@confuser

confuser Nov 15, 2014

ssh -L 27018:custom-domain.lan:27017 user@real-domain.com

No special configs, no proxies either.

confuser commented Nov 15, 2014

ssh -L 27018:custom-domain.lan:27017 user@real-domain.com

No special configs, no proxies either.

@stennie

This comment has been minimized.

Show comment
Hide comment
@stennie

stennie Nov 17, 2014

Contributor

@confuser Thanks for the usage example. I would expect that to work, as long as the endpoint of the tunnel (real-domain.com) can resolve the custom-domain.lan address. I'll try setting up a repro with WinSCP and have a peek at what the code is doing.

Contributor

stennie commented Nov 17, 2014

@confuser Thanks for the usage example. I would expect that to work, as long as the endpoint of the tunnel (real-domain.com) can resolve the custom-domain.lan address. I'll try setting up a repro with WinSCP and have a peek at what the code is doing.

@anorsich

This comment has been minimized.

Show comment
Hide comment
@anorsich

anorsich Apr 19, 2016

Contributor

@confuser In the latest 0.9.0 RC8 release we reworked ssh tunnel from scratch. It now works much faster, supports DNS and has some security improvements. You can read more in the following blog post

Let us know if it worked for you, if there are any issues -- please create a new ticket.

Contributor

anorsich commented Apr 19, 2016

@confuser In the latest 0.9.0 RC8 release we reworked ssh tunnel from scratch. It now works much faster, supports DNS and has some security improvements. You can read more in the following blog post

Let us know if it worked for you, if there are any issues -- please create a new ticket.

@anorsich anorsich closed this Apr 19, 2016

@confuser

This comment has been minimized.

Show comment
Hide comment
@confuser

confuser Apr 19, 2016

Amazing, thanks @anorsich!

confuser commented Apr 19, 2016

Amazing, thanks @anorsich!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment