From owner-freebsd-stable Tue Mar 18 17: 3:17 2003 Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BC3A737B401 for ; Tue, 18 Mar 2003 17:03:15 -0800 (PST) Received: from alcanet.com.au (mail2.alcanet.com.au [203.62.196.17]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4145043F93 for ; Tue, 18 Mar 2003 17:03:14 -0800 (PST) (envelope-from peter.jeremy@alcatel.com.au) Received: from sydsmtp01.alcatel.com.au (IDENT:root@localhost.localdomain [127.0.0.1]) by alcanet.com.au (8.12.4/8.12.4/Alcanet1.3) with ESMTP id h2J13CFx015296 for ; Wed, 19 Mar 2003 12:03:12 +1100 Received: from gsmx07.alcatel.com.au ([139.188.20.247]) by sydsmtp01.alcatel.com.au (Lotus Domino Release 5.0.11) with ESMTP id 2003031912031135:274452 ; Wed, 19 Mar 2003 12:03:11 +1100 Received: from gsmx07.alcatel.com.au (localhost [127.0.0.1]) by gsmx07.alcatel.com.au (8.12.8/8.12.5) with ESMTP id h2J13Bui090967 for ; Wed, 19 Mar 2003 12:03:11 +1100 (EST) (envelope-from peter.jeremy@alcatel.com.au) Received: (from jeremyp@localhost) by gsmx07.alcatel.com.au (8.12.8/8.12.5/Submit) id h2J13BZY090966 for freebsd-stable@freebsd.org; Wed, 19 Mar 2003 12:03:11 +1100 (EST) (envelope-from peter.jeremy@alcatel.com.au) Date: Wed, 19 Mar 2003 12:03:11 +1100 From: Peter Jeremy To: freebsd-stable@freebsd.org Subject: Slow ssh login Message-ID: <20030319010311.GO90290@gsmx07.alcatel.com.au> Mail-Followup-To: freebsd-stable@freebsd.org Mime-Version: 1.0 User-Agent: Mutt/1.4i X-MIMETrack: Itemize by SMTP Server on SYDSMTP01/AlcatelAustralia(Release 5.0.11 |July 24, 2002) at 19/03/2003 12:03:11 PM, Serialize by Router on SYDSMTP01/AlcatelAustralia(Release 5.0.11 |July 24, 2002) at 19/03/2003 12:03:12 PM, Serialize complete at 19/03/2003 12:03:12 PM Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Since my latest round of updating, I've noticed that it takes a _long_ time to login to ssh on one of my machines. Having looked into it, I've found that there's a DNS lookup problem: The "privilege separation" process does a chroot to /var/empty and then tried to do a reverse lookup on the IP address of the incoming client. Since there's no /etc/host.conf (or /etc/hosts) within the chroot tree, it falls back to doing a DNS lookup on d.c.b.a.in-addr.arpa and this fails because the nameserver is not currently accessible (it knows where to ask because the PrivSep processes parent has had a look through resolv.conf before fork()ing). Since the addresses in question are all private addresses that don't exist in the DNS (I use /etc/hosts for them all), the DNS lookup isn't going to return useful information in any case. Has anyone else bumped into this? What is the recommended solution? The two solutions I can think of are: 1) Install /etc/host.conf and /etc/hosts into /var/empty. This raises the difficulty of remembering to keep them up to date. 2) Running a local named that is authoritative for my private addresses. I'd prefer not to do this for a variety of reasons. Anyone got any other solutions? Peter To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message