Date: Tue, 21 Feb 2006 19:59:59 +0300 From: Yar Tikhiy <yar@comp.chem.msu.su> To: Rostislav Krasny <rosti.bsd@gmail.com> Cc: freebsd-stable@freebsd.org, freebsd-stable-local@be-well.ilk.org, dwmalone@maths.tcd.ie, des@des.no, mak@ll.mit.edu, MH@kernel32.de Subject: Re: SSH login takes very long time...sometimes Message-ID: <20060221165959.GB77513@comp.chem.msu.su> In-Reply-To: <20060219225701.0e3e244b.rosti.bsd@gmail.com> References: <59e2ee810512250841t75157e62rec9dc389ac716534@mail.gmail.com> <20051227101621.GA16276@walton.maths.tcd.ie> <86irrfoix5.fsf@xps.des.no> <20060218012029.e146e2ff.rosti.bsd@gmail.com> <20060219104912.GB20500@comp.chem.msu.su> <20060219225701.0e3e244b.rosti.bsd@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Feb 19, 2006 at 10:57:01PM +0200, Rostislav Krasny wrote: > On Sun, 19 Feb 2006 13:49:12 +0300 > Yar Tikhiy <yar@comp.chem.msu.su> wrote: > > > On Sat, Feb 18, 2006 at 01:20:29AM +0200, Rostislav Krasny wrote: > > > On Thu, 16 Feb 2006 08:35:18 +0100 > > > des@des.no (Dag-Erling Sm??rgrav) wrote: > > > > > > > David Malone <dwmalone@maths.tcd.ie> writes: > > > > > I did once mail des@ to ask him if he'd mind me changing the default > > > > > login timeout for sshd to be (say) 5 minutes rather than 1 minute, > > > > > but I think he was busy at the time. Judging by the PR mentioned > > > > > above it should be at least 2m30s by default. Des, would you mind > > > > > this change being made? > > > > > > > > No objection, just let me see the patch first. > > > > > > In conjunction to what David had proposed, what do you think about > > > decreasing the RES_DFLRETRY from 4 to 2, like in other systems and in > > > BIND9's resolver? > > > > Could you try this change in your system and report the exact > > results, such as output from tcpdump? That is how we could judge > > the change in question... Or were the results reported already? > > Ok, I rebuilded the world and the kernel with this change and tested it > with tcpdump and a small program from the bin/62139 PR. During the test > I saw two "A? yahoo.com." requests, then two "A? yahoo.com.lan." > requests and that all taked only 30 seconds for gethostbyname() to give > up with one unreachable DNS. Now it looks better than before. > > But I think there is still a bug. If I change hostname from "saturn.lan" > to just "saturn" I see 4 "A? yahoo.com." requests, like in the PR with > "options attemts:2". Why it tries to repeat the requests when the domain > name is empty and so is the search list by default? That is the > doubling I had wrote about in the PR. The "doubling" happens only to name->IP lookups, but not to reverse lookups, according to my observations. Therefore DNS requests by sshd and friends shouldn't be affected. However, sshd will make 3 (!) lookups on the client IP address by itself. I wonder if there is a good reason for that. I also found that the second round of the "doubling" would use the first domain from `search' line if it is in resolv.conf. The rest of domains specified on `search' line are ignored. Hoping this observation will come useful, should somebody want to fix this bug. -- Yar
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060221165959.GB77513>