Date: Thu, 18 Jul 2002 12:04:04 +1000 From: Mark.Andrews@isc.org To: Tai-hwa Liang <avatar@www.mmlab.cse.yzu.edu.tw> Cc: freebsd-stable@FreeBSD.ORG Subject: Re: slow ssh connection speed(bind problem?) Message-ID: <200207180204.g6I244Je000390@drugs.dv.isc.org> In-Reply-To: Your message of "Thu, 18 Jul 2002 09:45:20 %2B0800." <20020718093542.Q53886-100000@www.mmlab.cse.yzu.edu.tw>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Thu, 18 Jul 2002 Mark.Andrews@isc.org wrote: > [...] > > > /etc/hosts > > > ::1 localhost localhost.my.domain > > > 127.0.0.1 localhost.my.domain localhost > > > 192.168.0.12 newly.built.releng.4.server test > > > > > > /etc/resolv.conf: > > > domain my.domain. > > > search my.domain. > > > nameserver 192.168.0.1 > > > > [...] > > > > Well are you serving the RFC 1918 address range you are using > > or are you depending upon the over loaded servers on the Internet > > to answer you leaked queries? If you are using RFC 1918 address > > and are using the DNS you should be serving the appropriate > > address range. Even a empty zone (SOA and NS record only) > > will do to stop the queries leaking and speed up the response. > We did setup a named listen on 192.168.0.1 and serves all RFC 1918 ranged > addressing records(forward & reverse) since years ago. The slowdown only > appeared after enabling UsePrivilegeSeparation in the latest OpenSSH-3.4p1. > > According to Chris Johnson's reply, a working /var/empty/etc/resolv.conf > did solve the problem; however, a Linux box with OpenSSH-3.4p1 + > UsePrivilegeSeparation with an empty /var/empty/(no resolv.conf) doesn't > have such problem, though. Well if resolv.conf is missing the resolver will try to contact a nameserver on the local machine via 127.0.0.1#53 or 0.0.0.0#53. > > > I'm wondering whether there was any bind(especially getnameinfo()) > > > related changes in recent RELENG_4. Or did I miss any sshd_config related > > > knobs? > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > with "unsubscribe freebsd-stable" in the body of the message > > -- > > Mark Andrews, Internet Software Consortium > > 1 Seymour St., Dundas Valley, NSW 2117, Australia > > PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews@isc.org > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-stable" in the body of the message -- Mark Andrews, Internet Software Consortium 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews@isc.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200207180204.g6I244Je000390>