From owner-freebsd-bugs@FreeBSD.ORG  Thu Sep 30 10:00:49 2004
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 5FB7916A4CE
	for <freebsd-bugs@hub.freebsd.org>;
	Thu, 30 Sep 2004 10:00:49 +0000 (GMT)
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 4D56443D41
	for <freebsd-bugs@hub.freebsd.org>;
	Thu, 30 Sep 2004 10:00:49 +0000 (GMT)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.12.11/8.12.11) with ESMTP id i8UA0nje033421
	for <freebsd-bugs@freefall.freebsd.org>; Thu, 30 Sep 2004 10:00:49 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.12.11/8.12.11/Submit) id i8UA0nRe033420;
	Thu, 30 Sep 2004 10:00:49 GMT
	(envelope-from gnats)
Date: Thu, 30 Sep 2004 10:00:49 GMT
Message-Id: <200409301000.i8UA0nRe033420@freefall.freebsd.org>
To: freebsd-bugs@FreeBSD.org
From: Yar Tikhiy <yar@FreeBSD.org>
Subject: Re: bin/62139: User cannot login through telnet or ssh because of
	reverse resolving delay
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: Yar Tikhiy <yar@FreeBSD.org>
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Sep 2004 10:00:49 -0000

The following reply was made to PR bin/62139; it has been noted by GNATS.

From: Yar Tikhiy <yar@FreeBSD.org>
To: Rostislav Krasny <rosti_bsd@yahoo.com>
Cc: freebsd-gnats-submit@FreeBSD.org
Subject: Re: bin/62139: User cannot login through telnet or ssh because of reverse resolving delay
Date: Thu, 30 Sep 2004 13:50:37 +0400

 On Thu, Sep 16, 2004 at 01:51:56PM -0700, Rostislav Krasny wrote:
 > 
 > > > Finally I add a custom "options" settings line in /etc/resolv.conf
 > > > file:
 > > > 
 > > > options		attempts:1
 > > > 
 > > > With this option my box is sending 2 "A? yahoo.com" requests. With
 > > > 'attempts:2' it sends 4 requests, with 'attempts:3' it sends 6
 > > > requests, with 'attempts:5' it sends 10 requests... and so on. Why
 > > > the numbers of actual requests are double of the defined numbers?
 > > 
 > > It means that ping seems to call the resolver twice each time.
 > 
 > In my test program a gethostbyname(3) function is called only once.
 
 I suspect that gethostbyname(3) may call resolver more than once.
 gethostbyname(3) is a "multiplexor" for many name resolution
 interfaces, e.g., DNS, hosts(5), NIS, etc.  When it does its job
 it has to canonize the name etc.  This may lead to more than 1 call
 to underlying mechanisms, e.g., the DNS resolver library.
 
 > > > What is the default value of the 'attempts' option? The resolver(5)
 > > > man page states that the default value is defined by RES_DFLRETRY
 > in
 > > > <resolv.h>. But there is no RES_DFLRETRY in /usr/include/resolv.h
 > > > file. In other systems the RES_DFLRETRY is defined as 2.
 > > 
 > > RES_MAXRETRY. 5.  The man page seems to give a wrong name there.
 > > I'll fix it later.
 > 
 > Thank you for the fixing. I've seen your commits:
 > 
 > http://docs.freebsd.org/cgi/mid.cgi?200409091739.i89HdlwM019548
 > http://docs.freebsd.org/cgi/mid.cgi?200409091742.i89HgIan019681
 > http://docs.freebsd.org/cgi/mid.cgi?200409091719.i89HJRGu019026
 > 
 > According to them the default value of the 'attempts' option was and
 > still is 4 and RES_DFLRETRY is the right name. But most of UNIX and
 > UNIX-like operating systems that I checked have RES_DFLRETRY defined as
 > 2, not as 4. They are: Solaris, AIX, Linux and even NetBSD. Only
 > OpenBSD have it hardcoded as 4.
 > 
 > > > IMHO the default value of the 'attempts' option should be 2 and it
 > > > must not be doubled. With the default value of 'timeout' option
 > > > (5 seconds) it should take no more than 10 seconds to decide that
 > > > one DNS is unreachable or not.
 > > 
 > > You are misinterpreting the `timeout' option.   See RFC 1536 or the
 > > code.  And `attempts' is not doubled, that is a consequence of the
 > > application behaviour.
 > 
 > Maybe I was wrong with the `timeout' option but I think I was right
 > with the `attempts' one.
 > 
 > > I feel that losing all DNS servers is just slightly better
 > > than losing the network connection at all.  Therefore console
 > > access to such machine is the answer.  Trying to overcome that
 > > in software is too risky, at least for the default configuration.
 > > I'd rather close this PR.
 > 
 > The point is that the default configuration of resolver(5) in FreeBSD
 > is different from most of other Unices and even NetBSD. Why it is
 > different? Also the double number of DNS requests is not clear for me yet.
 
 If you believe the default configuration should be adjusted,
 please feel free to conduct a discussion on a FreeBSD mailing
 list, e.g., freebsd-net or freebsd-hackers.  Personally I don't
 feel like touching the default configuration, but even if I did,
 our two votes wouldn't be enough.
 
 -- 
 Yar