From owner-freebsd-newbies Thu Feb 8 3:53:59 2001 Delivered-To: freebsd-newbies@freebsd.org Received: from mail.freebsd-corp-net-guide.com (mail.freebsd-corp-net-guide.com [206.29.169.15]) by hub.freebsd.org (Postfix) with ESMTP id 2117337B401 for ; Thu, 8 Feb 2001 03:53:38 -0800 (PST) Received: from tedm.placo.com (nat-rtr.freebsd-corp-net-guide.com [206.29.168.154]) by mail.freebsd-corp-net-guide.com (8.11.1/8.11.1) with SMTP id f18BoIF89030; Thu, 8 Feb 2001 11:50:18 GMT (envelope-from tedm@toybox.placo.com) From: "Ted Mittelstaedt" To: "Doug Young" , , Subject: RE: SSH Date: Thu, 8 Feb 2001 03:51:14 -0800 Message-ID: <005501c091c5$70090cc0$1401a8c0@tedm.placo.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3155.0 In-Reply-To: <012801c091ba$a14d0da0$847e03cb@apana.org.au> Importance: Normal Sender: owner-freebsd-newbies@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org You should still try the /etc/resolv.conf trick for testing even for the nameserver itself. The nameserver daemon pays no attention to the contents of /etc/resolv.conf. It's not a problem to set a nameserver so that you cannot lookup names from a command line. Ted Mittelstaedt tedm@toybox.placo.com Author of: The FreeBSD Corporate Networker's Guide Book website: http://www.freebsd-corp-net-guide.com > -----Original Message----- > From: owner-freebsd-newbies@FreeBSD.ORG > [mailto:owner-freebsd-newbies@FreeBSD.ORG]On Behalf Of Doug Young > Sent: Thursday, February 08, 2001 2:34 AM > To: Ted Mittelstaedt; Graham.Lillico@itnet.co.uk; > freebsd-newbies@FreeBSD.ORG > Subject: Re: SSH > > > That sounds a probable factor in many cases, however I get two minute SSH > logins when the machine I'm logging into is the same as one of the > nameservers ... one of them is on my LAN only a matter of inches / > millimeters away. > > In all cases where I've used SSH, public IPs have been used at both ends. > I've just put it down to the neanderthal phone network in OZ, particularly > when its noticeably worse in peak times. I guess it could be that > two of the > three nameservers are "unavailable" within the timeout period.but > dunno why > the one on my LAN should be unavailable though. > > ----- Original Message ----- > From: "Ted Mittelstaedt" > To: "Doug Young" ; > ; > Sent: Thursday, February 08, 2001 8:22 PM > Subject: RE: SSH > > > > I've seen the 2 minute login problem on systems before. > > > > What you want to do is on the system that your telnetting > > or SSHing _to_ is you want to temporarily rename /etc/resolv.conf > > to something else. Then, logout and log back in. If the > > 2 minute delay disappears (which most of the time this will > > fix it) then what is going on is that the FreeBSD system is > > seeing the incoming Telnet or SSH request from you and is > > then issuing a DNS lookup for the Reverse Address Record for > > the IP number that your coming in from - and the DNS server > > that it's using is timing out. FreeBSD does this in order to > > write a log entry for the activity that contains the real name > > of the host, not just it's IP number. > > > > Most of the time DNS servers will fail on reverse address > > queries is because the authority responsible for numbering > > has not properly configured PTR lookups. If it's a public > > IP number then the numbering authority is the ISP you got > > the number from. If it's a RFC1918 number that you assigned, > > then your it. And, note that simply having an empty PTR > > record for the IP number in the DNS is not going to produce > > this problem - the misconfiguration has to be more serious than > > that. Common examples are ISP's that specify IP numbers of old > > nameservers in ARIN's records (that are subsequently taken down) > > or administrators that set up private DNS servers that cannot > > make PTR lookups. (often for RFC1918 number ranges) > > > > The remaining time that the DNS lookups usually will fail is > > if an IP number for a nameserver that is specified in /etc/rc.conf > > is unreachable. > > > > Ted Mittelstaedt tedm@toybox.placo.com > > Author of: The FreeBSD Corporate Networker's Guide > > Book website: http://www.freebsd-corp-net-guide.com > > > > > > > -----Original Message----- > > > From: owner-freebsd-newbies@FreeBSD.ORG > > > [mailto:owner-freebsd-newbies@FreeBSD.ORG]On Behalf Of Doug Young > > > Sent: Thursday, February 08, 2001 1:26 AM > > > To: Graham.Lillico@itnet.co.uk; freebsd-newbies@FreeBSD.ORG > > > Subject: Re: SSH > > > > > > > > > As far as I know thats normal ..... every SSH login I've ever > > > seen has taken > > > about 2 minutes > > > > > > ----- Original Message ----- > > > From: > > > To: > > > Sent: Thursday, February 08, 2001 7:21 PM > > > Subject: SSH > > > > > > > > > > > > > > > > > > Hi, > > > > > > > > Can anyone tell me why it is taking so long to log in via ssh, its > > > currently > > > > taking about 2 minutes from entering my password to getting a shell > > > prompt, is > > > > this right? if not any ideas what could be causing it? > > > > > > > > Graham > > > > > > > > > > > > > > > > > > > > > > > ****************************************************************** > > > ********** > > > ******* > > > > http://www.itnet.co.uk > > > > http://www.itnet.co.uk/eb - Click here to see ITNET's ebusiness > > > capabilities > > > > > > > > Any opinions expressed in this email are those of the individual and > > > > not necessarily those of ITNET plc and/or its subsidiaries. > This email > > > > and any files transmitted with it, including replies and forwarded > > > > copies (which may contain alterations) subsequently transmitted from > > > > ITNET plc and/or its subsidiaries, are confidential and > solely for the > > > > use of the intended recipient. If you are not the intended recipient > > > > or the person responsible for delivering to the intended > recipient, be > > > > advised that you have received this email in error and that any use > > > > is strictly prohibited. > > > > > > > > If you have received this email in error please notify > ITNET Customer > > > Service > > > > Centre by telephone on +44 (0)121 683 4043 or via email to > > > > csccom@itnet.co.uk, including a copy of this message. > > > > Please then delete this email and destroy any copies of it. > > > > > > > ****************************************************************** > > > ********** > > > ******* > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > > with "unsubscribe freebsd-newbies" in the body of the message > > > > > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > with "unsubscribe freebsd-newbies" in the body of the message > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-newbies" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-newbies" in the body of the message