Re: Slow connects due to out-of-context DNS lookup

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Please send verbose output, i.e. "ssh -vvv ..."

On Wed, 1 Mar 2017, Adrian Wilkins wrote:

> Ok, so my situation :
> 
> Connecting to internal machines via a bastion server in AWS.
> 
> Because I'm raising and tearing down the infrastructure a lot at this stage
> with Terraform, the IP addresses change.
> 
> For the management subnet, I have a private DNS zone defined, and a public
> zone with a record for the bastion server.
> 
> What I wanted ; to just be able to define a config entry thus :
> 
> ---
> 
> Host graylog
>   Hostname graylog.management
>   ProxyCommand ssh -q -W %h:%p user@xxxxxxxxxxxxxxxxxxx
> 
> ---
> 
> This takes a long time (> 30s)to connect because the client is doing a DNS
> lookup on the Hostname, which apparently has to fail before it attempts to
> connect.
> 
> Add this to your /etc/hosts ...
> 
> ---
> 
> 127.0.0.1  graylog.management
> 
> ---
> 
> ... and connection is swift. This seems like a rather grody workaround,
> because one day I may have a VPN server inside this cloud and want DNS lookups
> to work properly.
> 
> Is there a way to suppress this DNS lookup happening locally, when using
> ProxyCommand?
> 
> Is this in the same set of things being discussed at
> 
> http://marc.info/?l=openssh-unix-dev&m=139556798100796&w=2
> 
> and https://bugzilla.mindrot.org/show_bug.cgi?id=2218
> 
> ?
> 
> I don't have CanonicalizeHostName on, so what's doing the lookup?
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev@xxxxxxxxxxx
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
> 
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux