From owner-freebsd-stable@FreeBSD.ORG  Tue Dec 27 10:16:28 2005
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
X-Original-To: freebsd-stable@freebsd.org
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id D278516A41F;
	Tue, 27 Dec 2005 10:16:28 +0000 (GMT)
	(envelope-from dwmalone@maths.tcd.ie)
Received: from salmon.maths.tcd.ie (salmon.maths.tcd.ie [134.226.81.11])
	by mx1.FreeBSD.org (Postfix) with SMTP id 78DC543D72;
	Tue, 27 Dec 2005 10:16:26 +0000 (GMT)
	(envelope-from dwmalone@maths.tcd.ie)
Received: from walton.maths.tcd.ie ([134.226.81.10] helo=walton.maths.tcd.ie)
	by salmon.maths.tcd.ie with SMTP id <aa73313@salmon>;
	27 Dec 2005 10:16:23 +0000 (GMT)
Date: Tue, 27 Dec 2005 10:16:21 +0000
From: David Malone <dwmalone@maths.tcd.ie>
To: Rostislav Krasny <rosti.bsd@gmail.com>, des@freebsd.org
Message-ID: <20051227101621.GA16276@walton.maths.tcd.ie>
References: <59e2ee810512250841t75157e62rec9dc389ac716534@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <59e2ee810512250841t75157e62rec9dc389ac716534@mail.gmail.com>
User-Agent: Mutt/1.5.6i
Sender: dwmalone@maths.tcd.ie
Cc: yar@freebsd.org, "Michael A. Koerber" <mak@ll.mit.edu>,
	freebsd-stable@freebsd.org,
	Lowell Gilbert <freebsd-stable-local@be-well.ilk.org>,
	Marian Hettwer <MH@kernel32.de>
Subject: Re: SSH login takes very long time...sometimes
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Dec 2005 10:16:28 -0000

On Sun, Dec 25, 2005 at 06:41:57PM +0200, Rostislav Krasny wrote:
> defined as 4. In a case the DNS server isn't responding the
> gethostbyname() makes 8 (eight!) reverse resolving attempts for one
> (!) non-responding DNS server before it returns error. And this is by
> default. All that is still true for my current 6.0-STABLE.
> 
> http://www.freebsd.org/cgi/query-pr.cgi?pr=bin/62139
> 
> As a workaround I may suggest addind "options attempts:2" or even
> "options attempts:1" line to the /etc/resolver.conf

I've often thought that we shouled make the default login timeout
longer than our DNS timeout, as it means it is hard (or impossible)
to log in to fix your DNS server when your DNS server is down. It
is even worse if you don't control some DNS server in the chain
between the root and the name you're trying to look up.

I did once mail des@ to ask him if he'd mind me changing the default
login timeout for sshd to be (say) 5 minutes rather than 1 minute,
but I think he was busy at the time. Judging by the PR mentioned
above it should be at least 2m30s by default. Des, would you mind
this change being made?

	David.