Date: Mon, 22 Sep 2003 09:31:16 -0700 From: Greg White <gregw-freebsd-stable@greg.cex.ca> To: stable@freebsd.org Subject: Re: Very slow SSh since upgrading machines to RELENG_4_8 Message-ID: <20030922093116.A78915@greg.cex.ca> In-Reply-To: <E1A1Sn8-0008Ss-00@mailhost.firstcallgroup.co.uk>; from pfrench@firstcallgroup.co.uk on Mon, Sep 22, 2003 at 04:39:58PM %2B0100 References: <001101c3811f$00e25cb0$05e22090@csrv.ad.york.ac.uk> <E1A1Sn8-0008Ss-00@mailhost.firstcallgroup.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon Sep 09/22/03, 2003 at 04:39:58PM +0100, Pete French wrote: > > This sounds suspiciously like DNS timing out. I seem to remember this is > > due to the fact the default config of sshd now enables privilege > > seperation. sshd chroots into /var/empty and therefore can't access > > /etc/hosts, /etc/nsswitch.conf, /etc/resolv.conf etc. > > O.K., that sounds like its the problems - though doesnt explain why the > timeout only occurrs between machines on the same subnet, rather than > those on differing subnets. I'll give it a go. Possibly the split > horizon DNS should be my best option, though its not something I;ve > ever done before and am thus slightly reticent... If you depend entirely on /etc/hosts for hosts on the same subnet, and for DNS for hosts outside it, you'll see exactly this behaviour: http://news.gw.com/comp.unix.bsd.freebsd.misc/189060 for starters. /etc/hosts is not copied into the chroot environment. Split horizon DNS is not all that tricky to implement, even with BIND. :) -- Greg White
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030922093116.A78915>