On Sun, Jan 12, 2014 at 10:39 PM, Damien Miller <djm at mindrot.org> wrote: > Yes, OpenSSH uses the standard libc resolver to perform name > resolution. This is synchronous and blocking, so no other traffic > is processed while one is in progress. Note that which side the address is resolved on is under the control of the SOCKS client. eg, in firefox this is about:config network.proxy.socks_remote_dns. The up side is that the client can implement different retry behaviour. The down side is that any addrress resolution on the client side leaks information. -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.