From owner-freebsd-stable@FreeBSD.ORG  Mon Sep 22 09:31:02 2003
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 7F2A316A4B3
	for <stable@freebsd.org>; Mon, 22 Sep 2003 09:31:02 -0700 (PDT)
Received: from greg.cex.ca (h24-207-38-10.dlt.dccnet.com [24.207.38.10])
	by mx1.FreeBSD.org (Postfix) with SMTP id 3EBB343F93
	for <stable@freebsd.org>; Mon, 22 Sep 2003 09:31:01 -0700 (PDT)
	(envelope-from gregw-freebsd-stable@greg.cex.ca)
Received: (qmail 91714 invoked by uid 1001); 22 Sep 2003 16:31:16 -0000
Date: Mon, 22 Sep 2003 09:31:16 -0700
From: Greg White <gregw-freebsd-stable@greg.cex.ca>
To: stable@freebsd.org
Message-ID: <20030922093116.A78915@greg.cex.ca>
Mail-Followup-To: stable@freebsd.org
References: <001101c3811f$00e25cb0$05e22090@csrv.ad.york.ac.uk>
	<E1A1Sn8-0008Ss-00@mailhost.firstcallgroup.co.uk>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5.1i
In-Reply-To: <E1A1Sn8-0008Ss-00@mailhost.firstcallgroup.co.uk>;
	from pfrench@firstcallgroup.co.uk on Mon, Sep 22, 2003 at 04:39:58PM +0100
Subject: Re: Very slow SSh since upgrading machines to RELENG_4_8
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Production branch of FreeBSD source code
	<freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Sep 2003 16:31:02 -0000

On Mon Sep 09/22/03, 2003 at 04:39:58PM +0100, Pete French wrote:
> > This sounds suspiciously like DNS timing out. I seem to remember this is
> > due to the fact the default config of sshd now enables privilege
> > seperation. sshd chroots into /var/empty and therefore can't access
> > /etc/hosts, /etc/nsswitch.conf, /etc/resolv.conf etc.
> 
> O.K., that sounds like its the problems - though doesnt explain why the
> timeout only occurrs between machines on the same subnet, rather than
> those on differing subnets. I'll give it a go. Possibly the split
> horizon DNS should be my best option, though its not something I;ve
> ever done before and am thus slightly reticent...

If you depend entirely on /etc/hosts for hosts on the same subnet, and
for DNS for hosts outside it, you'll see exactly this behaviour:

http://news.gw.com/comp.unix.bsd.freebsd.misc/189060

for starters.

/etc/hosts is not copied into the chroot environment. 

Split horizon DNS is not all that tricky to implement, even with BIND.
:)

-- 
Greg White