From owner-freebsd-stable Wed Jul 17 18:45:25 2002 Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0911237B400 for ; Wed, 17 Jul 2002 18:45:23 -0700 (PDT) Received: from www.mmlab.cse.yzu.edu.tw (www.mmlab.cse.yzu.edu.tw [140.138.145.166]) by mx1.FreeBSD.org (Postfix) with SMTP id DD7AB43E6A for ; Wed, 17 Jul 2002 18:45:21 -0700 (PDT) (envelope-from avatar@www.mmlab.cse.yzu.edu.tw) Received: (qmail 53986 invoked from network); 18 Jul 2002 01:45:20 -0000 Received: from www.mmlab.cse.yzu.edu.tw (@140.138.145.166) by www.mmlab.cse.yzu.edu.tw with SMTP; 18 Jul 2002 01:45:20 -0000 Date: Thu, 18 Jul 2002 09:45:20 +0800 (CST) From: Tai-hwa Liang To: Mark.Andrews@isc.org Cc: freebsd-stable@FreeBSD.ORG Subject: Re: slow ssh connection speed(bind problem?) In-Reply-To: <200207172222.g6HMMJJe085318@drugs.dv.isc.org> Message-ID: <20020718093542.Q53886-100000@www.mmlab.cse.yzu.edu.tw> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Thu, 18 Jul 2002 Mark.Andrews@isc.org wrote: [...] > > /etc/hosts > > ::1 localhost localhost.my.domain > > 127.0.0.1 localhost.my.domain localhost > > 192.168.0.12 newly.built.releng.4.server test > > > > /etc/resolv.conf: > > domain my.domain. > > search my.domain. > > nameserver 192.168.0.1 > > [...] > > Well are you serving the RFC 1918 address range you are using > or are you depending upon the over loaded servers on the Internet > to answer you leaked queries? If you are using RFC 1918 address > and are using the DNS you should be serving the appropriate > address range. Even a empty zone (SOA and NS record only) > will do to stop the queries leaking and speed up the response. We did setup a named listen on 192.168.0.1 and serves all RFC 1918 ranged addressing records(forward & reverse) since years ago. The slowdown only appeared after enabling UsePrivilegeSeparation in the latest OpenSSH-3.4p1. According to Chris Johnson's reply, a working /var/empty/etc/resolv.conf did solve the problem; however, a Linux box with OpenSSH-3.4p1 + UsePrivilegeSeparation with an empty /var/empty/(no resolv.conf) doesn't have such problem, though. > > > I'm wondering whether there was any bind(especially getnameinfo()) > > related changes in recent RELENG_4. Or did I miss any sshd_config related > > knobs? > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-stable" in the body of the message > -- > Mark Andrews, Internet Software Consortium > 1 Seymour St., Dundas Valley, NSW 2117, Australia > PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews@isc.org > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message