From owner-freebsd-stable Wed Jul 17 19: 4:14 2002 Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 87FE337B400 for ; Wed, 17 Jul 2002 19:04:10 -0700 (PDT) Received: from drugs.dv.isc.org (drugs.dv.isc.org [130.155.191.236]) by mx1.FreeBSD.org (Postfix) with ESMTP id 066D643E64 for ; Wed, 17 Jul 2002 19:04:09 -0700 (PDT) (envelope-from marka@drugs.dv.isc.org) Received: from drugs.dv.isc.org (localhost [127.0.0.1]) by drugs.dv.isc.org (8.12.5/8.12.5) with ESMTP id g6I244Je000390; Thu, 18 Jul 2002 12:04:06 +1000 (EST) (envelope-from marka@drugs.dv.isc.org) Message-Id: <200207180204.g6I244Je000390@drugs.dv.isc.org> To: Tai-hwa Liang Cc: freebsd-stable@FreeBSD.ORG From: Mark.Andrews@isc.org Subject: Re: slow ssh connection speed(bind problem?) In-reply-to: Your message of "Thu, 18 Jul 2002 09:45:20 +0800." <20020718093542.Q53886-100000@www.mmlab.cse.yzu.edu.tw> Date: Thu, 18 Jul 2002 12:04:04 +1000 Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > On Thu, 18 Jul 2002 Mark.Andrews@isc.org wrote: > [...] > > > /etc/hosts > > > ::1 localhost localhost.my.domain > > > 127.0.0.1 localhost.my.domain localhost > > > 192.168.0.12 newly.built.releng.4.server test > > > > > > /etc/resolv.conf: > > > domain my.domain. > > > search my.domain. > > > nameserver 192.168.0.1 > > > > [...] > > > > Well are you serving the RFC 1918 address range you are using > > or are you depending upon the over loaded servers on the Internet > > to answer you leaked queries? If you are using RFC 1918 address > > and are using the DNS you should be serving the appropriate > > address range. Even a empty zone (SOA and NS record only) > > will do to stop the queries leaking and speed up the response. > We did setup a named listen on 192.168.0.1 and serves all RFC 1918 ranged > addressing records(forward & reverse) since years ago. The slowdown only > appeared after enabling UsePrivilegeSeparation in the latest OpenSSH-3.4p1. > > According to Chris Johnson's reply, a working /var/empty/etc/resolv.conf > did solve the problem; however, a Linux box with OpenSSH-3.4p1 + > UsePrivilegeSeparation with an empty /var/empty/(no resolv.conf) doesn't > have such problem, though. Well if resolv.conf is missing the resolver will try to contact a nameserver on the local machine via 127.0.0.1#53 or 0.0.0.0#53. > > > I'm wondering whether there was any bind(especially getnameinfo()) > > > related changes in recent RELENG_4. Or did I miss any sshd_config related > > > knobs? > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > with "unsubscribe freebsd-stable" in the body of the message > > -- > > Mark Andrews, Internet Software Consortium > > 1 Seymour St., Dundas Valley, NSW 2117, Australia > > PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews@isc.org > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-stable" in the body of the message -- Mark Andrews, Internet Software Consortium 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews@isc.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message