From owner-freebsd-newbies Thu Feb 8 14:19:18 2001 Delivered-To: freebsd-newbies@freebsd.org Received: from goblin.apana.org.au (goblin.apana.org.au [203.3.126.3]) by hub.freebsd.org (Postfix) with ESMTP id 9F56B37B6EE for ; Thu, 8 Feb 2001 14:18:53 -0800 (PST) Received: (from uucp@localhost) by goblin.apana.org.au (8.8.8/8.8.8) id IAA04707; Fri, 9 Feb 2001 08:18:38 +1000 (EST) (envelope-from dougy@gargoyle.apana.org.au) Received: from roadrunner.apana.org.au(203.3.126.132), claiming to be "roadrunner" via SMTP by goblin.apana.org.au, id smtpdlJ4705; Fri Feb 9 08:18:20 2001 Message-ID: <024f01c0921d$1d1cafa0$847e03cb@apana.org.au> From: "Doug Young" To: "Ted Mittelstaedt" , , References: <005501c091c5$70090cc0$1401a8c0@tedm.placo.com> Subject: Re: SSH Date: Fri, 9 Feb 2001 08:18:30 +1000 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-newbies@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org yeah OK ......I'll certainly try that ----- Original Message ----- From: "Ted Mittelstaedt" To: "Doug Young" ; ; Sent: Thursday, February 08, 2001 9:51 PM Subject: RE: SSH > You should still try the /etc/resolv.conf trick for testing > even for the nameserver itself. The nameserver daemon pays > no attention to the contents of /etc/resolv.conf. It's not > a problem to set a nameserver so that you cannot lookup names > from a command line. > > Ted Mittelstaedt tedm@toybox.placo.com > Author of: The FreeBSD Corporate Networker's Guide > Book website: http://www.freebsd-corp-net-guide.com > > > > -----Original Message----- > > From: owner-freebsd-newbies@FreeBSD.ORG > > [mailto:owner-freebsd-newbies@FreeBSD.ORG]On Behalf Of Doug Young > > Sent: Thursday, February 08, 2001 2:34 AM > > To: Ted Mittelstaedt; Graham.Lillico@itnet.co.uk; > > freebsd-newbies@FreeBSD.ORG > > Subject: Re: SSH > > > > > > That sounds a probable factor in many cases, however I get two minute SSH > > logins when the machine I'm logging into is the same as one of the > > nameservers ... one of them is on my LAN only a matter of inches / > > millimeters away. > > > > In all cases where I've used SSH, public IPs have been used at both ends. > > I've just put it down to the neanderthal phone network in OZ, particularly > > when its noticeably worse in peak times. I guess it could be that > > two of the > > three nameservers are "unavailable" within the timeout period.but > > dunno why > > the one on my LAN should be unavailable though. > > > > ----- Original Message ----- > > From: "Ted Mittelstaedt" > > To: "Doug Young" ; > > ; > > Sent: Thursday, February 08, 2001 8:22 PM > > Subject: RE: SSH > > > > > > > I've seen the 2 minute login problem on systems before. > > > > > > What you want to do is on the system that your telnetting > > > or SSHing _to_ is you want to temporarily rename /etc/resolv.conf > > > to something else. Then, logout and log back in. If the > > > 2 minute delay disappears (which most of the time this will > > > fix it) then what is going on is that the FreeBSD system is > > > seeing the incoming Telnet or SSH request from you and is > > > then issuing a DNS lookup for the Reverse Address Record for > > > the IP number that your coming in from - and the DNS server > > > that it's using is timing out. FreeBSD does this in order to > > > write a log entry for the activity that contains the real name > > > of the host, not just it's IP number. > > > > > > Most of the time DNS servers will fail on reverse address > > > queries is because the authority responsible for numbering > > > has not properly configured PTR lookups. If it's a public > > > IP number then the numbering authority is the ISP you got > > > the number from. If it's a RFC1918 number that you assigned, > > > then your it. And, note that simply having an empty PTR > > > record for the IP number in the DNS is not going to produce > > > this problem - the misconfiguration has to be more serious than > > > that. Common examples are ISP's that specify IP numbers of old > > > nameservers in ARIN's records (that are subsequently taken down) > > > or administrators that set up private DNS servers that cannot > > > make PTR lookups. (often for RFC1918 number ranges) > > > > > > The remaining time that the DNS lookups usually will fail is > > > if an IP number for a nameserver that is specified in /etc/rc.conf > > > is unreachable. > > > > > > Ted Mittelstaedt tedm@toybox.placo.com > > > Author of: The FreeBSD Corporate Networker's Guide > > > Book website: http://www.freebsd-corp-net-guide.com > > > > > > > > > > -----Original Message----- > > > > From: owner-freebsd-newbies@FreeBSD.ORG > > > > [mailto:owner-freebsd-newbies@FreeBSD.ORG]On Behalf Of Doug Young > > > > Sent: Thursday, February 08, 2001 1:26 AM > > > > To: Graham.Lillico@itnet.co.uk; freebsd-newbies@FreeBSD.ORG > > > > Subject: Re: SSH > > > > > > > > > > > > As far as I know thats normal ..... every SSH login I've ever > > > > seen has taken > > > > about 2 minutes > > > > > > > > ----- Original Message ----- > > > > From: > > > > To: > > > > Sent: Thursday, February 08, 2001 7:21 PM > > > > Subject: SSH > > > > > > > > > > > > > > > > > > > > > > > Hi, > > > > > > > > > > Can anyone tell me why it is taking so long to log in via ssh, its > > > > currently > > > > > taking about 2 minutes from entering my password to getting a shell > > > > prompt, is > > > > > this right? if not any ideas what could be causing it? > > > > > > > > > > Graham > > > > > > > > > > > > > > > > > > > > > > > > > > > > > ****************************************************************** > > > > ********** > > > > ******* > > > > > http://www.itnet.co.uk > > > > > http://www.itnet.co.uk/eb - Click here to see ITNET's ebusiness > > > > capabilities > > > > > > > > > > Any opinions expressed in this email are those of the individual and > > > > > not necessarily those of ITNET plc and/or its subsidiaries. > > This email > > > > > and any files transmitted with it, including replies and forwarded > > > > > copies (which may contain alterations) subsequently transmitted from > > > > > ITNET plc and/or its subsidiaries, are confidential and > > solely for the > > > > > use of the intended recipient. If you are not the intended recipient > > > > > or the person responsible for delivering to the intended > > recipient, be > > > > > advised that you have received this email in error and that any use > > > > > is strictly prohibited. > > > > > > > > > > If you have received this email in error please notify > > ITNET Customer > > > > Service > > > > > Centre by telephone on +44 (0)121 683 4043 or via email to > > > > > csccom@itnet.co.uk, including a copy of this message. > > > > > Please then delete this email and destroy any copies of it. > > > > > > > > > ****************************************************************** > > > > ********** > > > > ******* > > > > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > > > with "unsubscribe freebsd-newbies" in the body of the message > > > > > > > > > > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > > with "unsubscribe freebsd-newbies" in the body of the message > > > > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-newbies" in the body of the message > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-newbies" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-newbies" in the body of the message