Re: how to debug ssh slow connection issues.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

Jason Pyeron wrote:



-----Original Message-----
From: centos-bounces@xxxxxxxxxx [mailto:centos-bounces@xxxxxxxxxx] On
Behalf Of Filipe Brandenburger
Sent: Friday, May 23, 2008 8:55 PM
To: CentOS mailing list
Subject: Re:  how to debug ssh slow connection issues.

Try to change this in your /etc/ssh/sshd_config:


Change:

UseDNS yes
to:
UseDNS no



Okay that fixed it, but why? I used nslookup and set my server to the same
as /etc/resolv.conf. There were no delays, at all all of our class C
resolves both ways (and matching) same as out private net.

Where to go next on "properly" fixing this sshd/dns issue?
From the earlier posts, it appears that your DNS server is not properly resolving the REVERSE addresses, i.e. IP address-to-hostname. SSH does a reverse lookup, trying to resolve the IP address to a hostname, unless you set the "UseDNS" option to "no".
Until you fix your DNS server to properly resolve the reverse addresses for your network you will continue to have this issue. Having gone down this road myself, it's not as hard as it sounds. Just having a nameserver resolve your local FORWARD zone won't cut it, you have to have the REVERSE zone set up too.
In my example, I have a local network named "local" (how original!) and use the 192.168.1.0/24 address range. The nameserver I use (Bind 9 on a CentOS box) is configured mostly as a caching nameserver but resolves two local domains, "local" and "1.168.192.in-addr.arpa". All of the name-to-ip entries ("A" records) and aliases ("CNAME" records) are in the "local" zone, all of the ip-to-name entries ("PTR" records) are in the "1.168.192.in-addr.arpa" zone.
If this is mostly gibberish, it might be a good idea to brush up a bit on using the bind nameserver, there are several useful tutorials available on the web, a quick Google search will turn up several. The best reference I can recommend is "DNS and Bind" by Paul Abniz and Cricket Liu, published by O'Reilly. There's a good combination of theory and practice in that book, but it is a daunting read for a newbie. 

Just my $.02!
--
Jay Leafey - Memphis, TN
jay.leafey@xxxxxxxxxxxx

<<attachment: smime.p7s>>

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux