Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 8 Feb 2001 03:51:14 -0800
From:      "Ted Mittelstaedt" <tedm@toybox.placo.com>
To:        "Doug Young" <dougy@gargoyle.apana.org.au>, <Graham.Lillico@itnet.co.uk>, <freebsd-newbies@FreeBSD.ORG>
Subject:   RE: SSH
Message-ID:  <005501c091c5$70090cc0$1401a8c0@tedm.placo.com>
In-Reply-To: <012801c091ba$a14d0da0$847e03cb@apana.org.au>

next in thread | previous in thread | raw e-mail | index | archive | help
You should still try the /etc/resolv.conf trick for testing
even for the nameserver itself.  The nameserver daemon pays
no attention to the contents of /etc/resolv.conf.  It's not
a problem to set a nameserver so that you cannot lookup names
from a command line.

Ted Mittelstaedt                      tedm@toybox.placo.com
Author of:          The FreeBSD Corporate Networker's Guide
Book website:         http://www.freebsd-corp-net-guide.com


> -----Original Message-----
> From: owner-freebsd-newbies@FreeBSD.ORG
> [mailto:owner-freebsd-newbies@FreeBSD.ORG]On Behalf Of Doug Young
> Sent: Thursday, February 08, 2001 2:34 AM
> To: Ted Mittelstaedt; Graham.Lillico@itnet.co.uk;
> freebsd-newbies@FreeBSD.ORG
> Subject: Re: SSH
>
>
> That sounds a probable factor in many cases, however I get two minute SSH
> logins when the machine I'm logging into is the same as one of the
> nameservers ... one of them is on my LAN only a matter of inches /
> millimeters away.
>
> In all cases where I've used SSH, public IPs have been used at both ends.
> I've just put it down to the neanderthal phone network in OZ, particularly
> when its noticeably worse in peak times. I guess it could be that
> two of the
> three nameservers are "unavailable" within the timeout period.but
> dunno why
> the one on my LAN should be unavailable though.
>
> ----- Original Message -----
> From: "Ted Mittelstaedt" <tedm@toybox.placo.com>
> To: "Doug Young" <dougy@gargoyle.apana.org.au>;
> <Graham.Lillico@itnet.co.uk>; <freebsd-newbies@FreeBSD.ORG>
> Sent: Thursday, February 08, 2001 8:22 PM
> Subject: RE: SSH
>
>
> > I've seen the 2 minute login problem on systems before.
> >
> > What you want to do is on the system that your telnetting
> > or SSHing _to_ is you want to temporarily rename /etc/resolv.conf
> > to something else.  Then, logout and log back in.  If the
> > 2 minute delay disappears (which most of the time this will
> > fix it) then what is going on is that the FreeBSD system is
> > seeing the incoming Telnet or SSH request from you and is
> > then issuing a DNS lookup for the Reverse Address Record for
> > the IP number that your coming in from - and the DNS server
> > that it's using is timing out.  FreeBSD does this in order to
> > write a log entry for the activity that contains the real name
> > of the host, not just it's IP number.
> >
> > Most of the time DNS servers will fail on reverse address
> > queries is because the authority responsible for numbering
> > has not properly configured PTR lookups.  If it's a public
> > IP number then the numbering authority is the ISP you got
> > the number from.  If it's a RFC1918 number that you assigned,
> > then your it.  And, note that simply having an empty PTR
> > record for the IP number in the DNS is not going to produce
> > this problem - the misconfiguration has to be more serious than
> > that.  Common examples are ISP's that specify IP numbers of old
> > nameservers in ARIN's records (that are subsequently taken down)
> > or administrators that set up private DNS servers that cannot
> > make PTR lookups.  (often for RFC1918 number ranges)
> >
> > The remaining time that the DNS lookups usually will fail is
> > if an IP number for a nameserver that is specified in /etc/rc.conf
> > is unreachable.
> >
> > Ted Mittelstaedt                      tedm@toybox.placo.com
> > Author of:          The FreeBSD Corporate Networker's Guide
> > Book website:         http://www.freebsd-corp-net-guide.com
> >
> >
> > > -----Original Message-----
> > > From: owner-freebsd-newbies@FreeBSD.ORG
> > > [mailto:owner-freebsd-newbies@FreeBSD.ORG]On Behalf Of Doug Young
> > > Sent: Thursday, February 08, 2001 1:26 AM
> > > To: Graham.Lillico@itnet.co.uk; freebsd-newbies@FreeBSD.ORG
> > > Subject: Re: SSH
> > >
> > >
> > > As far as I know thats normal ..... every SSH login I've ever
> > > seen has taken
> > > about 2 minutes
> > >
> > > ----- Original Message -----
> > > From: <Graham.Lillico@itnet.co.uk>
> > > To: <freebsd-newbies@FreeBSD.ORG>
> > > Sent: Thursday, February 08, 2001 7:21 PM
> > > Subject: SSH
> > >
> > >
> > > >
> > > >
> > > > Hi,
> > > >
> > > > Can anyone tell me why it is taking so long to log in via ssh, its
> > > currently
> > > > taking about 2 minutes from entering my password to getting a shell
> > > prompt, is
> > > > this right? if not any ideas what could be causing it?
> > > >
> > > > Graham
> > > >
> > > >
> > > >
> > > >
> > > >
> > > ******************************************************************
> > > **********
> > > *******
> > > > http://www.itnet.co.uk
> > > > http://www.itnet.co.uk/eb  -  Click here to see ITNET's ebusiness
> > > capabilities
> > > >
> > > > Any opinions expressed in this email are those of the individual and
> > > > not necessarily those of ITNET plc and/or its subsidiaries.
> This email
> > > > and any files transmitted with it, including replies and forwarded
> > > > copies (which may contain alterations) subsequently transmitted from
> > > > ITNET plc and/or its subsidiaries, are confidential and
> solely for the
> > > > use of the intended recipient. If you are not the intended recipient
> > > > or the person responsible for delivering to the intended
> recipient, be
> > > > advised that  you have received this email in error and that any use
> > > > is strictly prohibited.
> > > >
> > > > If you have received this email in error please notify
> ITNET Customer
> > > Service
> > > > Centre by telephone on +44 (0)121 683 4043 or via email to
> > > > csccom@itnet.co.uk, including a copy of this message.
> > > > Please then delete this email and destroy any copies of it.
> > > >
> > > ******************************************************************
> > > **********
> > > *******
> > > >
> > > >
> > > > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > > > with "unsubscribe freebsd-newbies" in the body of the message
> > > >
> > >
> > >
> > >
> > > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > > with "unsubscribe freebsd-newbies" in the body of the message
> > >
> >
>
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-newbies" in the body of the message
>



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-newbies" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?005501c091c5$70090cc0$1401a8c0>