Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 20 Jul 2018 13:15:34 +0100
From:      Matthew Seaman <matthew@FreeBSD.org>
To:        freebsd-questions@freebsd.org
Subject:   Re: FreeBSD-11.1 Jails and SSL
Message-ID:  <aa3a1244-7b62-a2ce-89e9-eb4ff5955f43@FreeBSD.org>
In-Reply-To: <f7964527d64bf8a83c51a75ced360bd0.squirrel@webmail.harte-lyne.ca>
References:  <b09a213c9018244d79763c7d65e98e1c.squirrel@webmail.harte-lyne.ca> <A820DA67-87FA-4638-B5D4-F87D63CB22C0@lists.vlassakakis.de> <56bbc3069975ec09b4771e57d138de64.squirrel@webmail.harte-lyne.ca> <39F372AB-BCCB-4A38-A351-F0F3ECCDEA21@lists.vlassakakis.de> <f7964527d64bf8a83c51a75ced360bd0.squirrel@webmail.harte-lyne.ca>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
On 19/07/2018 21:52, James B. Byrne via freebsd-questions wrote:
> On Thu, July 19, 2018 16:38, Philipp Vlassakakis wrote:
>>> Am 19.07.2018 um 22:29 schrieb James B. Byrne
>>> <byrnejb@harte-lyne.ca>:
>>>
>>> UseDNS=YES in /etc/ssh/sshd_config
>> Does the problem persists, if you disable this option?
>>
> No, it does not persist.  Log ons are now as fast as with any other
> host.  Why is UseDNS=YES (the default setting) a problem inside a jail
> and nowhere else?
> 

SSH is doing a reverse lookup on the IP number your connection comes 
from.  It's possible you're timing out on the IP lookup specifically. 
Particularly if you're using private address space -- local_unbound has 
some special settings around the handling of RFC1918 zones -- so compare 
the per-jail config with you main host (which I presume has no similar 
problems?)

Another potential gotcha is if your reverse IP space has a broken DNSSEC 
configuration: local_unbound defaults to enabling DNSSEC processing 
(indeed, that's the primary reason for having local_unbound at all) and 
DNSSEC signing failures will essentially make the affected data 
disappear from the DNS.

	Cheers,

	Matthew



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?aa3a1244-7b62-a2ce-89e9-eb4ff5955f43>