From owner-freebsd-stable@FreeBSD.ORG Tue Dec 27 11:42:29 2005 Return-Path: X-Original-To: freebsd-stable@freebsd.org Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D194016A41F for ; Tue, 27 Dec 2005 11:42:29 +0000 (GMT) (envelope-from rosti.bsd@gmail.com) Received: from zproxy.gmail.com (zproxy.gmail.com [64.233.162.196]) by mx1.FreeBSD.org (Postfix) with ESMTP id 11B7E43D45 for ; Tue, 27 Dec 2005 11:42:27 +0000 (GMT) (envelope-from rosti.bsd@gmail.com) Received: by zproxy.gmail.com with SMTP id 8so1309173nzo for ; Tue, 27 Dec 2005 03:42:27 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=ZfjV7z+r2ktTXMbD1eu5rJX0SfZAEU5D0hflnijBEC/a1AgPqqV7lFWT1QyEVng/XYhbJbpjZhp7/4wfrSnnRgyQkpxe6nC6WiqTKHVZMhwUfMPoa9Km0V/0nY8/QGIv5cQF83ztiG36sGknja0OigrFVnGxvGqCLTm3ZJCNi5w= Received: by 10.65.116.6 with SMTP id t6mr84309qbm; Tue, 27 Dec 2005 03:42:26 -0800 (PST) Received: by 10.65.211.19 with HTTP; Tue, 27 Dec 2005 03:42:26 -0800 (PST) Message-ID: <59e2ee810512270342w29dae556v1864fed21875befe@mail.gmail.com> Date: Tue, 27 Dec 2005 13:42:26 +0200 From: Rostislav Krasny To: David Malone In-Reply-To: <20051227101621.GA16276@walton.maths.tcd.ie> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <59e2ee810512250841t75157e62rec9dc389ac716534@mail.gmail.com> <20051227101621.GA16276@walton.maths.tcd.ie> Cc: yar@freebsd.org, freebsd-stable@freebsd.org, Lowell Gilbert , des@freebsd.org, "Michael A. Koerber" , Marian Hettwer Subject: Re: SSH login takes very long time...sometimes X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Dec 2005 11:42:29 -0000 On 12/27/05, David Malone wrote: > On Sun, Dec 25, 2005 at 06:41:57PM +0200, Rostislav Krasny wrote: > > defined as 4. In a case the DNS server isn't responding the > > gethostbyname() makes 8 (eight!) reverse resolving attempts for one > > (!) non-responding DNS server before it returns error. And this is by > > default. All that is still true for my current 6.0-STABLE. > > > > http://www.freebsd.org/cgi/query-pr.cgi?pr=3Dbin/62139 > > > > As a workaround I may suggest addind "options attempts:2" or even > > "options attempts:1" line to the /etc/resolver.conf > > I've often thought that we shouled make the default login timeout > longer than our DNS timeout, as it means it is hard (or impossible) > to log in to fix your DNS server when your DNS server is down. It > is even worse if you don't control some DNS server in the chain > between the root and the name you're trying to look up. > > I did once mail des@ to ask him if he'd mind me changing the default > login timeout for sshd to be (say) 5 minutes rather than 1 minute, > but I think he was busy at the time. Judging by the PR mentioned > above it should be at least 2m30s by default. I think the RES_DFLRETRY should also be decreased from 4 to 2, as it is defined in most of other systems. By the way, BIND9, that is a part of the FreeBSD base system, has its own resolver, where the RES_DFLRETRY defined as 2 (ses below): > grep RES_DFLRETRY /usr/src/contrib/bind9/lib/bind/include/resolv.h #define RES_DFLRETRY 2 /* Default #/tries. */ > grep RES_DFLRETRY /usr/include/resolv.h #define RES_DFLRETRY 4 /* retries per each name server */ And doubling of this number of retries by functions like gethostbyname() is also mysterious for me yet.