Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 20 Jul 2018 13:15:34 +0100
From:      Matthew Seaman <>
Subject:   Re: FreeBSD-11.1 Jails and SSL
Message-ID:  <>
In-Reply-To: <>
References:  <> <> <> <> <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
On 19/07/2018 21:52, James B. Byrne via freebsd-questions wrote:
> On Thu, July 19, 2018 16:38, Philipp Vlassakakis wrote:
>>> Am 19.07.2018 um 22:29 schrieb James B. Byrne
>>> <>:
>>> UseDNS=YES in /etc/ssh/sshd_config
>> Does the problem persists, if you disable this option?
> No, it does not persist.  Log ons are now as fast as with any other
> host.  Why is UseDNS=YES (the default setting) a problem inside a jail
> and nowhere else?

SSH is doing a reverse lookup on the IP number your connection comes 
from.  It's possible you're timing out on the IP lookup specifically. 
Particularly if you're using private address space -- local_unbound has 
some special settings around the handling of RFC1918 zones -- so compare 
the per-jail config with you main host (which I presume has no similar 

Another potential gotcha is if your reverse IP space has a broken DNSSEC 
configuration: local_unbound defaults to enabling DNSSEC processing 
(indeed, that's the primary reason for having local_unbound at all) and 
DNSSEC signing failures will essentially make the affected data 
disappear from the DNS.



Want to link to this message? Use this URL: <>