From owner-freebsd-stable@FreeBSD.ORG Wed Feb 22 17:11:11 2006 Return-Path: X-Original-To: freebsd-stable@freebsd.org Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6FD8B16A420 for ; Wed, 22 Feb 2006 17:11:11 +0000 (GMT) (envelope-from ume@mahoroba.org) Received: from ameno.mahoroba.org (gw4.mahoroba.org [218.45.22.175]) by mx1.FreeBSD.org (Postfix) with ESMTP id CA0B043D46 for ; Wed, 22 Feb 2006 17:11:10 +0000 (GMT) (envelope-from ume@mahoroba.org) Received: from kasuga.mahoroba.org (IDENT:rqxSkdLI1T0l2dgqq4JcHPJyH7GLIQ2UMoVmokv4/h2lZeA4xbZtNEOpaxph+siP@kasuga-iwi.mahoroba.org [IPv6:3ffe:501:185b:8010:212:f0ff:fe52:6ac]) (user=ume mech=CRAM-MD5 bits=0) by ameno.mahoroba.org (8.13.4/8.13.4) with ESMTP/inet6 id k1MH8H1G043423 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 23 Feb 2006 02:08:18 +0900 (JST) (envelope-from ume@mahoroba.org) Date: Thu, 23 Feb 2006 02:08:17 +0900 Message-ID: From: Hajimu UMEMOTO To: Rostislav Krasny In-Reply-To: <20060222024430.ad4b5c60.rosti.bsd@gmail.com> References: <59e2ee810512250841t75157e62rec9dc389ac716534@mail.gmail.com> <20051227101621.GA16276@walton.maths.tcd.ie> <86irrfoix5.fsf@xps.des.no> <20060218012029.e146e2ff.rosti.bsd@gmail.com> <20060219104912.GB20500@comp.chem.msu.su> <20060219225701.0e3e244b.rosti.bsd@gmail.com> <20060221165959.GB77513@comp.chem.msu.su> <20060222024430.ad4b5c60.rosti.bsd@gmail.com> User-Agent: xcite1.38> Wanderlust/2.14.0 (Africa) SEMI/1.14.6 (Maruoka) FLIM/1.14.8 (=?ISO-8859-4?Q?Shij=F2?=) APEL/10.6 Emacs/22.0.50 (i386-unknown-freebsd6.1) MULE/5.0 (SAKAKI) X-Operating-System: FreeBSD 6.1-PRERELEASE X-PGP-Key: http://www.imasy.or.jp/~ume/publickey.asc X-PGP-Fingerprint: 1F00 0B9E 2164 70FC 6DC5 BF5F 04E9 F086 BF90 71FE Organization: Internet Mutual Aid Society, YOKOHAMA MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka") Content-Type: text/plain; charset=US-ASCII X-Greylist: Sender succeeded SMTP AUTH authentication, not delayed by milter-greylist-2.1.3 (ameno.mahoroba.org [IPv6:3ffe:501:185b:8010::1]); Thu, 23 Feb 2006 02:08:23 +0900 (JST) X-Virus-Scanned: by amavisd-new X-Virus-Status: Clean X-Spam-Status: No, score=-2.6 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.1.0 X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on ameno.mahoroba.org Cc: freebsd-stable@freebsd.org, freebsd-stable-local@be-well.ilk.org, Yar Tikhiy , dwmalone@maths.tcd.ie, des@des.no, mak@ll.mit.edu, MH@kernel32.de Subject: Re: SSH login takes very long time...sometimes X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Feb 2006 17:11:11 -0000 Hi, >>>>> On Wed, 22 Feb 2006 02:44:30 +0200 >>>>> Rostislav Krasny said: rosti> On Tue, 21 Feb 2006 19:59:59 +0300 rosti> Yar Tikhiy wrote: rosti> I forgot that a "search" resolver(5) parameter is useless for reverse rosti> resolving. But that "doubling" of name->IP requests with an empty (or rosti> root, according to resolver(5)) domain in the "search" is still a bug, rosti> IMHO. Although it shouldn't affect the sshd. I looked BIND9's resolver, and took the related part into our resolver. However, it seems to me that there is still same issue in BIND9's resolver. So, I change more bit. Please try the following patch and let me know the result: Index: lib/libc/net/getaddrinfo.c diff -u -p lib/libc/net/getaddrinfo.c.orig lib/libc/net/getaddrinfo.c --- lib/libc/net/getaddrinfo.c.orig Sat Jul 23 03:21:28 2005 +++ lib/libc/net/getaddrinfo.c Thu Feb 23 01:43:49 2006 @@ -2405,7 +2405,9 @@ res_searchN(name, target) HEADER *hp = (HEADER *)(void *)target->answer; /*XXX*/ u_int dots; int trailing_dot, ret, saved_herrno; - int got_nodata = 0, got_servfail = 0, tried_as_is = 0; + int got_nodata = 0, got_servfail = 0, root_on_list = 0; + int tried_as_is = 0; + int searched = 0; char abuf[MAXDNAME]; if ((_res.options & RES_INIT) == 0 && res_init() == -1) { @@ -2429,13 +2431,14 @@ res_searchN(name, target) return (res_queryN(cp, target)); /* - * If there are dots in the name already, let's just give it a try - * 'as is'. The threshold can be set with the "ndots" option. + * If there are enough dots in the name, let's just give it a + * try 'as is'. The threshold can be set with the "ndots" option. + * Also, query 'as is', if there is a trailing dot in the name. */ saved_herrno = -1; - if (dots >= _res.ndots) { + if (dots >= _res.ndots || trailing_dot) { ret = res_querydomainN(name, NULL, target); - if (ret > 0) + if (ret > 0 || trailing_dot) return (ret); saved_herrno = h_errno; tried_as_is++; @@ -2454,6 +2457,14 @@ res_searchN(name, target) for (domain = (const char * const *)_res.dnsrch; *domain && !done; domain++) { + searched = 1; + + if (domain[0][0] == '\0' || + (domain[0][0] == '.' && domain[0][1] == '\0')) + root_on_list++; + + if (root_on_list && tried_as_is) + continue; ret = res_querydomainN(name, *domain, target); if (ret > 0) @@ -2505,11 +2516,11 @@ res_searchN(name, target) } /* - * if we have not already tried the name "as is", do that now. - * note that we do this regardless of how many dots were in the - * name or whether it ends with a dot. + * If the query has not already been tried as is then try it + * unless RES_NOTLDQUERY is set and there were no dots. */ - if (!tried_as_is && (dots || !(_res.options & RES_NOTLDQUERY))) { + if ((dots || !searched || !(_res.options & RES_NOTLDQUERY)) && + !(tried_as_is || root_on_list)) { ret = res_querydomainN(name, NULL, target); if (ret > 0) return (ret); Index: lib/libc/net/res_query.c diff -u -p lib/libc/net/res_query.c.orig lib/libc/net/res_query.c --- lib/libc/net/res_query.c.orig Fri Apr 15 23:42:29 2005 +++ lib/libc/net/res_query.c Thu Feb 23 01:43:49 2006 @@ -198,7 +198,9 @@ res_search(name, class, type, answer, an char tmp[MAXDNAME]; u_int dots; int trailing_dot, ret, saved_herrno; - int got_nodata = 0, got_servfail = 0, tried_as_is = 0; + int got_nodata = 0, got_servfail = 0, root_on_list = 0; + int tried_as_is = 0; + int searched = 0; if ((_res.options & RES_INIT) == 0 && res_init() == -1) { h_errno = NETDB_INTERNAL; @@ -218,13 +220,14 @@ res_search(name, class, type, answer, an return (res_query(cp, class, type, answer, anslen)); /* - * If there are dots in the name already, let's just give it a try - * 'as is'. The threshold can be set with the "ndots" option. + * If there are enough dots in the name, let's just give it a + * try 'as is'. The threshold can be set with the "ndots" option. + * Also, query 'as is', if there is a trailing dot in the name. */ saved_herrno = -1; - if (dots >= _res.ndots) { + if (dots >= _res.ndots || trailing_dot) { ret = res_querydomain(name, NULL, class, type, answer, anslen); - if (ret > 0) + if (ret > 0 || trailing_dot) return (ret); saved_herrno = h_errno; tried_as_is++; @@ -243,6 +246,14 @@ res_search(name, class, type, answer, an for (domain = (const char * const *)_res.dnsrch; *domain && !done; domain++) { + searched = 1; + + if (domain[0][0] == '\0' || + (domain[0][0] == '.' && domain[0][1] == '\0')) + root_on_list++; + + if (root_on_list && tried_as_is) + continue; ret = res_querydomain(name, *domain, class, type, answer, anslen); @@ -308,11 +319,11 @@ res_search(name, class, type, answer, an } /* - * If we have not already tried the name "as is", do that now. - * note that we do this regardless of how many dots were in the - * name or whether it ends with a dot unless NOTLDQUERY is set. + * If the query has not already been tried as is then try it + * unless RES_NOTLDQUERY is set and there were no dots. */ - if (!tried_as_is && (dots || !(_res.options & RES_NOTLDQUERY))) { + if ((dots || !searched || !(_res.options & RES_NOTLDQUERY)) && + !(tried_as_is || root_on_list)) { ret = res_querydomain(name, NULL, class, type, answer, anslen); if (ret > 0) return (ret); Sincerely, -- Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan ume@mahoroba.org ume@{,jp.}FreeBSD.org http://www.imasy.org/~ume/