Date: Wed, 11 Sep 2013 12:00:59 -0500 From: Mark Felder <feld@FreeBSD.org> To: Ian Lepore <ian@FreeBSD.org>, =?ISO-8859-1?Q?Dag-Erling=20Sm=F8rgrav?= <des@des.no> Cc: current@FreeBSD.org Subject: Re: HEADS UP: OpenSSH with DNSSEC support in 10 Message-ID: <1378918859.17169.20748585.2EB69C85@webmail.messagingengine.com> In-Reply-To: <1378916181.1111.617.camel@revolution.hippie.lan> References: <86hadre740.fsf@nine.des.no> <1378913151.1111.613.camel@revolution.hippie.lan> <86d2ofe556.fsf@nine.des.no> <1378916181.1111.617.camel@revolution.hippie.lan>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Sep 11, 2013, at 11:16, Ian Lepore wrote: > > Thanks. If this is client-side I'm much less scared by it. At $work we > have embedded systems with less than full network functionality, often > including either /etc/hosts usage or worse, sometimes a dns is > configured but unreachable, and we ssh into them a lot for development. > Do you work around that problem by setting UseDNS no? We have that pretty much standard on all our servers at work because if you ssh and both client and server have ipv6 the connection takes forever for it to give up trying to find a PTR for your client's ipv6 address. And don't try to use GENERATE in BIND to make PTRs for all your ipv6 addresses... you'll run out of memory trying to start the daemon :-)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1378918859.17169.20748585.2EB69C85>