Re: ssh initial connects SLOW

On 25 Jan, 01:10, Nico Kadel-Garcia <nka...@xxxxxxxxx> wrote:
On 24 Jan, 23:31, Darren Tucker <dtuc...@xxxxxxxxxxxxxxxx> wrote:

On 2008-01-20, Nico Kadel-Garcia <nka...@xxxxxxxxx> wrote:

Randy Yates wrote:
[...]
This is an *OLD* issue. The SSH daemon does a lookup of the hostname
via which you connect to see if it has a matching IP address and reverse
DNS lookup, in order primarily to do logging of what host the client came
from. In a dynamic DNS environment, this is particularly tricky to log
correctly, so it tries to find out what DNS thinks the host is. And it's
possible, in some screwed up DNS environments, to register a hostname
of "192.168.1.101", or to put it in /etc/hosts to point actually to
something else.

Depending on exactly what's triggering the DNS reverse lookup on the
server, you can disable it with "UseDNS no" in sshd_config.

If I remember the source code correctly, this does not block the
attempted *logging* of the hostname of the connecting site, and thus
this option doesn't actually stop the lookup. But modifying the init
script to use "sshd -u0" to set the length of the recorded hostname
information ot 0 does, in fact, block the lookup. This is well
documented in the sshd manpage.

I don't have a source tree in my hands at the moment to verify it: it
would have been easy to modify the code to check for the UseDNS
setting and skip it entirely, but I'm surprised if that change has
occurred since the last time I looked.

Found it: around line 66 in canohost.c. Yes, it does a reverse DNS
*twice*, and skips theh *secondI* one if UseDNS is turned off.

.

Relevant Pages

  • Re: How to disable the "implicit mx record" in Exchange
    ... Exchange or Microsoft DNS to compensate for the error conditions. ... If the lookup fails, then it should be reported as an error and the ... "and the A record host accepts mail but not for the particular ...
    (microsoft.public.exchange.admin)
  • Re: How to disable the "implicit mx record" in Exchange
    ... It is only when the MX lookup fails on occation that we ... Exchange or Microsoft DNS to compensate for the error conditions. ... MX record host, and sometimes it is sending to the host with the A record for ...
    (microsoft.public.exchange.admin)
  • Re: Quick Mail Log Question
    ... > something to do with DNS, or Reverse DNS. ... A 'canonical name' is another description of the full name of the host. ... Normally you lookup the IP number which belongs to a hostname/FQDN. ...
    (comp.unix.admin)
  • Re: ssh initial connects SLOW
    ... DNS lookup, in order primarily to do logging of what host the client came ...
    (comp.security.ssh)
  • Re: Cannot access a web page
    ... First let's find out what your DNS is really telling you. ... Does the lookup give you the same IP address that your HOSTS file ... More importantly that page contains absolutely no reference to Skype ...
    (microsoft.public.windows.inetexplorer.ie6.browser)