From owner-freebsd-current@FreeBSD.ORG Wed Sep 11 17:01:01 2013 Return-Path: Delivered-To: current@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id EA4F0A27; Wed, 11 Sep 2013 17:01:01 +0000 (UTC) (envelope-from feld@FreeBSD.org) Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id BDCB728EF; Wed, 11 Sep 2013 17:01:01 +0000 (UTC) Received: from compute5.internal (compute5.nyi.mail.srv.osa [10.202.2.45]) by gateway1.nyi.mail.srv.osa (Postfix) with ESMTP id 030D0287C5; Wed, 11 Sep 2013 13:00:59 -0400 (EDT) Received: from web3 ([10.202.2.213]) by compute5.internal (MEProxy); Wed, 11 Sep 2013 13:00:59 -0400 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=message-id:from:to:cc:mime-version :content-transfer-encoding:content-type:in-reply-to:references :subject:date; s=smtpout; bh=pvoc+OlWwIq2qlpv+foofsyaRDI=; b=Gvm 1J1/CAQzt6JPvtX+id3ksvQvmdUDuIZrQzrljv1p0O48aWCbkaHKCbRfcnmwI77I UN0UZcIoq1Ypr6y+ZPwnDzdZmACuuBJIcGbd61ZUs2RXbo8mEJdRwVwi4mS/Zg9Q Qw15DoJ4w/67KgbubsV44xkin0lPjaWxxE4QeNyY= Received: by web3.nyi.mail.srv.osa (Postfix, from userid 99) id C9324B000DB; Wed, 11 Sep 2013 13:00:59 -0400 (EDT) Message-Id: <1378918859.17169.20748585.2EB69C85@webmail.messagingengine.com> X-Sasl-Enc: t+PU1bvrDr9qO4Fg3o1efp29iE0dfn0/yHmceodRUwMI 1378918859 From: Mark Felder To: Ian Lepore , =?ISO-8859-1?Q?Dag-Erling=20Sm=F8rgrav?= MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain X-Mailer: MessagingEngine.com Webmail Interface - ajax-15090c31 In-Reply-To: <1378916181.1111.617.camel@revolution.hippie.lan> References: <86hadre740.fsf@nine.des.no> <1378913151.1111.613.camel@revolution.hippie.lan> <86d2ofe556.fsf@nine.des.no> <1378916181.1111.617.camel@revolution.hippie.lan> Subject: Re: HEADS UP: OpenSSH with DNSSEC support in 10 Date: Wed, 11 Sep 2013 12:00:59 -0500 Cc: current@FreeBSD.org X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Sep 2013 17:01:02 -0000 On Wed, Sep 11, 2013, at 11:16, Ian Lepore wrote: > > Thanks. If this is client-side I'm much less scared by it. At $work we > have embedded systems with less than full network functionality, often > including either /etc/hosts usage or worse, sometimes a dns is > configured but unreachable, and we ssh into them a lot for development. > Do you work around that problem by setting UseDNS no? We have that pretty much standard on all our servers at work because if you ssh and both client and server have ipv6 the connection takes forever for it to give up trying to find a PTR for your client's ipv6 address. And don't try to use GENERATE in BIND to make PTRs for all your ipv6 addresses... you'll run out of memory trying to start the daemon :-)