From owner-freebsd-stable Wed Jul 17 15:22:35 2002 Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6A3E437B400 for ; Wed, 17 Jul 2002 15:22:29 -0700 (PDT) Received: from drugs.dv.isc.org (drugs.dv.isc.org [130.155.191.236]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9669843E4A for ; Wed, 17 Jul 2002 15:22:27 -0700 (PDT) (envelope-from marka@drugs.dv.isc.org) Received: from drugs.dv.isc.org (localhost [127.0.0.1]) by drugs.dv.isc.org (8.12.5/8.12.5) with ESMTP id g6HMMJJe085318; Thu, 18 Jul 2002 08:22:22 +1000 (EST) (envelope-from marka@drugs.dv.isc.org) Message-Id: <200207172222.g6HMMJJe085318@drugs.dv.isc.org> To: Tai-hwa Liang Cc: freebsd-stable@FreeBSD.ORG From: Mark.Andrews@isc.org Subject: Re: slow ssh connection speed(bind problem?) In-reply-to: Your message of "Wed, 17 Jul 2002 22:16:41 +0800." <20020717214655.R51546-100000@www.mmlab.cse.yzu.edu.tw> Date: Thu, 18 Jul 2002 08:22:19 +1000 Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > Hi, > > After cvsupped to the latest version of RELENG_4 this morning, I > found that the sshd on the newly built system takes more time during ssh > connection handshaking: > > some.host.on.lan> ssh -vvv newly.built.releng.4.server > . > . > . > debug1: SSH2_MSG_NEWKEYS received > debug1: done: ssh_kex2. > debug1: send SSH2_MSG_SERVICE_REQUEST > debug1: service_accept: ssh-userauth > debug1: got SSH2_MSG_SERVICE_ACCEPT # stuck about 1 minute here > . > . > > Server debug log: > > . > . > debug1: newkeys: mode 0 > debug1: SSH2_MSG_NEWKEYS received > debug1: KEX done > debug3: Trying to reverse map address 192.168.0.9. # stuck here > . > . > > > Both of the client and server run OpenSSH-3.4p1. Neither the > server nor the client has named enabled. > > I'm pretty sure that there is *no* change in any resolv related > configuration file on newly.built.releng.4.server: > > /etc/hosts > ::1 localhost localhost.my.domain > 127.0.0.1 localhost.my.domain localhost > 192.168.0.12 newly.built.releng.4.server test > > /etc/resolv.conf: > domain my.domain. > search my.domain. > nameserver 192.168.0.1 > > /etc/host.conf: > > # First try the /etc/hosts file > hosts > # Now try the nameserver next. > bind > # If you have YP/NIS configured, uncomment the next line > # nis > > However, the sshd seems being blocked at canohost.c:77 for about > 65 seconds: > > $OpenBSD: canohost.c,v 1.32 2002/06/11 08:11:45 itojun Exp $ > . > . > . > /* Map the IP address to a host name. */ > if (getnameinfo((struct sockaddr *)&from, fromlen, name, > sizeof(name), NULL, 0, NI_NAMEREQD) != 0) { > /* Host name not found. Use ip address. */ > log("Could not reverse map address %.100s.", ntop); > return xstrdup(ntop); > } > > Furthermore, if I turned on log_in_vain on the server side, > there would be several lines of "Connection attempt to UDP 127.0.0.1:1073 > from 127.0.0.1:53" appended to server log during client connection. Well are you serving the RFC 1918 address range you are using or are you depending upon the over loaded servers on the Internet to answer you leaked queries? If you are using RFC 1918 address and are using the DNS you should be serving the appropriate address range. Even a empty zone (SOA and NS record only) will do to stop the queries leaking and speed up the response. > I'm wondering whether there was any bind(especially getnameinfo()) > related changes in recent RELENG_4. Or did I miss any sshd_config related > knobs? > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-stable" in the body of the message -- Mark Andrews, Internet Software Consortium 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews@isc.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message