Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 16 Nov 2002 21:53:31 +0100
From:      Stephan Eckner <stephan-freebsd-questions@eckner.org>
To:        freebsd-questions@freebsd.org
Subject:   sshd and reverse lookups
Message-ID:  <20021116205331.GB2815@knuth.codeblau.de>
next in thread | raw e-mail | index | archive | help 
Hi,

being new to Freebsd, I'm having a problem with sshd on 4.7-RELEASE: 
Although my DNS-Setup is configured correctly, I get a very long delay 
when connecting to the FreeBSD machine. 

Here are the details:

I'm using the OpenSSH-Version that came with 4.7-RELEAS:
freebsd# ssh -V
  OpenSSH_3.4p1 FreeBSD-20020702, SSH protocols 1.5/2.0, OpenSSL 0x0090607f

The machine is called freebsd.local and has the IP-Address 192.168.1.99:
freebsd# ifconfig fxp1
  fxp1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
        inet 192.168.1.99 netmask 0xffffff00 broadcast 192.168.1.255

I tried to tell sshd not to reverse-lookup IP-Adresses:
freebsd# ps afux | grep sshd
  root     92  0.0  2.2  2336 1352  ??  Is    8:06PM   0:00.01 /usr/sbin/sshd -u0
freebsd# grep Reverse /etc/ssh/sshd_config
  VerifyReverseMapping no

I told the resolver to use my DNS-Server on 192.168.1.1:
freebsd# cat /etc/resolv.conf 
  search local
  nameserver 192.168.1.1
freebsd# cat /etc/host.conf 
  # $FreeBSD: src/etc/host.conf,v 1.6 1999/08/27 23:23:41 peter Exp $
  # First try the /etc/hosts file
  hosts
  # Now try the nameserver next.
  bind
  # If you have YP/NIS configured, uncomment the next line
  # nis

... which is actually working:
freebsd# nslookup 192.168.2.66
  Server:  mutter.local
  Address:  192.168.1.1
  Name:    laura.wlan
  Address:  192.168.2.66

Now, when I connect from laura.wlan, the ssh-connection hangs, because sshd
on freebsd.local tries to contact a nameserver ... on _freebsd.local_:
freebsd# tcpdump -n -i lo0
  tcpdump: listening on lo0
  20:42:31.233449 192.168.1.99.1066 > 192.168.1.99.53:  13026+ PTR? 66.2.168.192.in-addr.arpa. (43)
freebsd# lsof  -n
  <--snip-->
  sshd    692  sshd    4u  IPv4 0xc6263600        0t0    TCP 192.168.1.99:ssh->192.168.2.66:36540 (ESTABLISHED)
  sshd    692  sshd    5u                                    0xc0b79500 file struct, ty=0x5, op=0xc0264dac
  sshd    692  sshd    6u  PIPE 0xc67e4ca0      16384        ->0xc67e4b60
  sshd    692  sshd    7u  IPv4 0xc6201ec0        0t0    UDP 192.168.1.99:instl_boots->192.168.1.99:domain

Of course there is no response, because there is no nameserver on freebsd.local.

Why is sshd doing these reverse-lookups and where does it get the idea from to 
ask a nameserver on the local machine?


Stephan

PS: After upgrading my ports tree I installed first openssh-3.5 (same problem)
and then openssh-portable-3.5p1 (no problem). 

-- 
Stephan Eckner                                           http://www.eckner.org/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021116205331.GB2815>