Date: Tue, 27 Dec 2005 13:42:26 +0200 From: Rostislav Krasny <rosti.bsd@gmail.com> To: David Malone <dwmalone@maths.tcd.ie> Cc: yar@freebsd.org, freebsd-stable@freebsd.org, Lowell Gilbert <freebsd-stable-local@be-well.ilk.org>, des@freebsd.org, "Michael A. Koerber" <mak@ll.mit.edu>, Marian Hettwer <MH@kernel32.de> Subject: Re: SSH login takes very long time...sometimes Message-ID: <59e2ee810512270342w29dae556v1864fed21875befe@mail.gmail.com> In-Reply-To: <20051227101621.GA16276@walton.maths.tcd.ie> References: <59e2ee810512250841t75157e62rec9dc389ac716534@mail.gmail.com> <20051227101621.GA16276@walton.maths.tcd.ie>
next in thread | previous in thread | raw e-mail | index | archive | help
On 12/27/05, David Malone <dwmalone@maths.tcd.ie> wrote: > On Sun, Dec 25, 2005 at 06:41:57PM +0200, Rostislav Krasny wrote: > > defined as 4. In a case the DNS server isn't responding the > > gethostbyname() makes 8 (eight!) reverse resolving attempts for one > > (!) non-responding DNS server before it returns error. And this is by > > default. All that is still true for my current 6.0-STABLE. > > > > http://www.freebsd.org/cgi/query-pr.cgi?pr=bin/62139 > > > > As a workaround I may suggest addind "options attempts:2" or even > > "options attempts:1" line to the /etc/resolver.conf > > I've often thought that we shouled make the default login timeout > longer than our DNS timeout, as it means it is hard (or impossible) > to log in to fix your DNS server when your DNS server is down. It > is even worse if you don't control some DNS server in the chain > between the root and the name you're trying to look up. > > I did once mail des@ to ask him if he'd mind me changing the default > login timeout for sshd to be (say) 5 minutes rather than 1 minute, > but I think he was busy at the time. Judging by the PR mentioned > above it should be at least 2m30s by default. I think the RES_DFLRETRY should also be decreased from 4 to 2, as it is defined in most of other systems. By the way, BIND9, that is a part of the FreeBSD base system, has its own resolver, where the RES_DFLRETRY defined as 2 (ses below): > grep RES_DFLRETRY /usr/src/contrib/bind9/lib/bind/include/resolv.h #define RES_DFLRETRY 2 /* Default #/tries. */ > grep RES_DFLRETRY /usr/include/resolv.h #define RES_DFLRETRY 4 /* retries per each name server */ And doubling of this number of retries by functions like gethostbyname() is also mysterious for me yet.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?59e2ee810512270342w29dae556v1864fed21875befe>