From owner-freebsd-questions@FreeBSD.ORG Mon Jun 6 04:08:10 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7BB8C16A41C for ; Mon, 6 Jun 2005 04:08:10 +0000 (GMT) (envelope-from kdk@daleco.biz) Received: from ezekiel.daleco.biz (southernuniform.com [66.76.92.18]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0385943D48 for ; Mon, 6 Jun 2005 04:08:09 +0000 (GMT) (envelope-from kdk@daleco.biz) Received: from [192.168.2.2] ([69.27.157.226]) by ezekiel.daleco.biz (8.13.1/8.13.1) with ESMTP id j564802K037394; Sun, 5 Jun 2005 23:08:01 -0500 (CDT) (envelope-from kdk@daleco.biz) Message-ID: <42A3CBF8.5020809@daleco.biz> Date: Sun, 05 Jun 2005 23:07:20 -0500 From: Kevin Kinsey User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.7) Gecko/20050428 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Robert Marella References: <5EEBE9C3C61D1142994C6B620C51E847110B80@depot.weblinkmo.com> <17059.37867.174248.688500@jerusalem.litteratus.org> <42A3A5F4.8090807@gmail.com> <20050606023235.GA81334@osiris.chen.org.nz> <42A3B9B6.5070800@gmail.com> <20050606025554.GB81546@osiris.chen.org.nz> <42A3BCF9.8090200@gmail.com> In-Reply-To: <42A3BCF9.8090200@gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org, Jonathan Chen Subject: Re: ssh delays 40 seconds X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Jun 2005 04:08:10 -0000 Robert Marella wrote: > Jonathan Chen wrote: > >> On Sun, Jun 05, 2005 at 04:49:26PM -1000, Robert Marella wrote: >> >>> Jonathan Chen wrote: >> >> >> >> [...] >> >>>> It's not the forward case that's the problem. The sshd daemon on the >>>> server side attempts to find out where the connection is from by doing >>>> a reverse-lookup. If the incoming IP hasn't got a DNS entry, the >>>> failing >>>> DNS ip-lookup will time out in ~30s. >>>> >>> >>> Thanks for responding. In all of my systems /etc/hosts is populated >>> with the name and LAN IP address of all other boxes. My >>> gateway/firewall is a 5.4 Rel computer. I can ping that box "it's >>> called gateway" with ping gateway or ping 10.0.0.1 no problem. >> >> >> >> What does "dig -x 10.0.0.1" on the ssh-server box give you? Looks like >> you need to set up a internal DNS server to resolve these sort of >> problems. >> >> Cheers. > > > Jonathan > from my gateway box. The 24.25.227.64 is also found in resolv.conf placed > there by dhcpd from roadrunner. > > robert@gateway:~> dig -x 10.0.0.1 > > ; <<>> DiG 9.3.1 <<>> -x 10.0.0.1 > ;; global options: printcmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 51746 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 > > ;; QUESTION SECTION: > ;1.0.0.10.in-addr.arpa. IN PTR > > ;; Query time: 4208 msec > ;; SERVER: 24.25.227.64#53(24.25.227.64) > ;; WHEN: Sun Jun 5 16:58:13 2005 > ;; MSG SIZE rcvd: 39 > No ANSWER section. . . seems to prove that the issue is probably reverse DNS, AFAIAC. Should look more like: ====================================== #dig -x 192.168.0.1 ; <<>> DiG 9.3.0 <<>> -x 192.168.0.1 ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50363 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1 ;; QUESTION SECTION: ;1.0.168.192.in-addr.arpa. IN PTR ;; ANSWER SECTION: 1.0.168.192.in-addr.arpa. 86400 IN PTR archangel.daleco.biz.0.168.192.in-addr.arpa. ======================================= I forget which, but one chapter in the handbook deals with running a nameserver; getting reverse DNS should eliminate your delay issue. Kevin Kinsey DaleCo, S.P.