Date: Wed, 19 Mar 2003 12:03:11 +1100 From: Peter Jeremy <peter.jeremy@alcatel.com.au> To: freebsd-stable@freebsd.org Subject: Slow ssh login Message-ID: <20030319010311.GO90290@gsmx07.alcatel.com.au>
next in thread | raw e-mail | index | archive | help
Since my latest round of updating, I've noticed that it takes a _long_ time to login to ssh on one of my machines. Having looked into it, I've found that there's a DNS lookup problem: The "privilege separation" process does a chroot to /var/empty and then tried to do a reverse lookup on the IP address of the incoming client. Since there's no /etc/host.conf (or /etc/hosts) within the chroot tree, it falls back to doing a DNS lookup on d.c.b.a.in-addr.arpa and this fails because the nameserver is not currently accessible (it knows where to ask because the PrivSep processes parent has had a look through resolv.conf before fork()ing). Since the addresses in question are all private addresses that don't exist in the DNS (I use /etc/hosts for them all), the DNS lookup isn't going to return useful information in any case. Has anyone else bumped into this? What is the recommended solution? The two solutions I can think of are: 1) Install /etc/host.conf and /etc/hosts into /var/empty. This raises the difficulty of remembering to keep them up to date. 2) Running a local named that is authoritative for my private addresses. I'd prefer not to do this for a variety of reasons. Anyone got any other solutions? Peter To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030319010311.GO90290>