Date: Sun, 05 Jun 2005 23:07:20 -0500 From: Kevin Kinsey <kdk@daleco.biz> To: Robert Marella <rmarella@gmail.com> Cc: freebsd-questions@freebsd.org, Jonathan Chen <jonc@chen.org.nz> Subject: Re: ssh delays 40 seconds Message-ID: <42A3CBF8.5020809@daleco.biz> In-Reply-To: <42A3BCF9.8090200@gmail.com> References: <5EEBE9C3C61D1142994C6B620C51E847110B80@depot.weblinkmo.com> <17059.37867.174248.688500@jerusalem.litteratus.org> <42A3A5F4.8090807@gmail.com> <20050606023235.GA81334@osiris.chen.org.nz> <42A3B9B6.5070800@gmail.com> <20050606025554.GB81546@osiris.chen.org.nz> <42A3BCF9.8090200@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Robert Marella wrote: > Jonathan Chen wrote: > >> On Sun, Jun 05, 2005 at 04:49:26PM -1000, Robert Marella wrote: >> >>> Jonathan Chen wrote: >> >> >> >> [...] >> >>>> It's not the forward case that's the problem. The sshd daemon on the >>>> server side attempts to find out where the connection is from by doing >>>> a reverse-lookup. If the incoming IP hasn't got a DNS entry, the >>>> failing >>>> DNS ip-lookup will time out in ~30s. >>>> >>> >>> Thanks for responding. In all of my systems /etc/hosts is populated >>> with the name and LAN IP address of all other boxes. My >>> gateway/firewall is a 5.4 Rel computer. I can ping that box "it's >>> called gateway" with ping gateway or ping 10.0.0.1 no problem. >> >> >> >> What does "dig -x 10.0.0.1" on the ssh-server box give you? Looks like >> you need to set up a internal DNS server to resolve these sort of >> problems. >> >> Cheers. > > > Jonathan > from my gateway box. The 24.25.227.64 is also found in resolv.conf placed > there by dhcpd from roadrunner. > > robert@gateway:~> dig -x 10.0.0.1 > > ; <<>> DiG 9.3.1 <<>> -x 10.0.0.1 > ;; global options: printcmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 51746 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 > > ;; QUESTION SECTION: > ;1.0.0.10.in-addr.arpa. IN PTR > > ;; Query time: 4208 msec > ;; SERVER: 24.25.227.64#53(24.25.227.64) > ;; WHEN: Sun Jun 5 16:58:13 2005 > ;; MSG SIZE rcvd: 39 > No ANSWER section. . . seems to prove that the issue is probably reverse DNS, AFAIAC. Should look more like: ====================================== #dig -x 192.168.0.1 ; <<>> DiG 9.3.0 <<>> -x 192.168.0.1 ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50363 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1 ;; QUESTION SECTION: ;1.0.168.192.in-addr.arpa. IN PTR ;; ANSWER SECTION: 1.0.168.192.in-addr.arpa. 86400 IN PTR archangel.daleco.biz.0.168.192.in-addr.arpa. <snippage> ======================================= I forget which, but one chapter in the handbook deals with running a nameserver; getting reverse DNS should eliminate your delay issue. Kevin Kinsey DaleCo, S.P.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?42A3CBF8.5020809>