[Bug 1667] sshd slow connect with 'UseDNS yes'
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Fri Nov 6 04:52:05 EST 2009
https://bugzilla.mindrot.org/show_bug.cgi?id=1667
--- Comment #11 from Brian <brian.p.stamper at nasa.gov> 2009-11-06 04:52:03 EST ---
> There's your problem: your DNS is taking 5s to respond.
Well, something odd is going on. I'm not convinced it's as simple as
DNS is taking 5 seconds to respond, though I may be willing to concede
the issue is not with openssh. See the following:
[root at corvus ~]# time nslookup ns1.arc.nasa.gov 143.232.252.34
Server: 143.232.252.34
Address: 143.232.252.34#53
Name: ns1.arc.nasa.gov
Address: 143.232.252.34
real 0m0.005s
user 0m0.001s
sys 0m0.002s
[root at corvus ~]# time nslookup ns1.arc.nasa.gov ns1.arc.nasa.gov
Server: ns1.arc.nasa.gov
Address: 143.232.252.34#53
Name: ns1.arc.nasa.gov
Address: 143.232.252.34
real 0m5.008s
user 0m0.001s
sys 0m0.003s
[root at corvus ~]# time host -t A flux.arc.nasa.gov ns1.arc.nasa.gov
Using domain server:
Name: ns1.arc.nasa.gov
Address: 143.232.252.34#53
Aliases:
flux.arc.nasa.gov has address 143.232.109.139
real 0m5.008s
user 0m0.001s
sys 0m0.003s
[root at corvus ~]# time host -t A flux.arc.nasa.gov 143.232.252.34
Using domain server:
Name: 143.232.252.34
Address: 143.232.252.34#53
Aliases:
flux.arc.nasa.gov has address 143.232.109.139
real 0m0.005s
user 0m0.000s
sys 0m0.004s
[root at corvus ~]# time host -t AAAA flux.arc.nasa.gov ns1.arc.nasa.gov
Using domain server:
Name: ns1.arc.nasa.gov
Address: 143.232.252.34#53
Aliases:
flux.arc.nasa.gov has no AAAA record
real 0m5.008s
user 0m0.001s
sys 0m0.004s
[root at corvus ~]# time host -t AAAA flux.arc.nasa.gov 143.232.252.34
Using domain server:
Name: 143.232.252.34
Address: 143.232.252.34#53
Aliases:
flux.arc.nasa.gov has no AAAA record
real 0m0.005s
user 0m0.002s
sys 0m0.003s
[root at corvus ~]#
[root at corvus ~]# grep hosts /etc/nsswitch.conf
#hosts: db files nisplus nis dns
hosts: files dns
[root at corvus ~]# cat /etc/resolv.conf
search arc.nasa.gov
nameserver 128.102.0.34
nameserver 143.232.252.34
[root at corvus ~]#
Something with the resolver maybe? Clearly basic name resolution of
the nameserver is plenty fast. But when giving the hostname of the dns
server as an argument, it takes 5 seconds to respond.
[root at corvus ~]# time nslookup ns1.arc.nasa.gov
Server: 128.102.0.34
Address: 128.102.0.34#53
Name: ns1.arc.nasa.gov
Address: 143.232.252.34
real 0m0.006s
user 0m0.001s
sys 0m0.003s
[root at corvus ~]# time nslookup ns2.arc.nasa.gov
Server: 128.102.0.34
Address: 128.102.0.34#53
Name: ns2.arc.nasa.gov
Address: 128.102.0.34
real 0m0.006s
user 0m0.001s
sys 0m0.003s
[root at corvus ~]# time host -t AAAA flux.arc.nasa.gov
flux.arc.nasa.gov has no AAAA record
real 0m0.006s
user 0m0.000s
sys 0m0.003s
[root at corvus ~]#
I'm not sure what changes when giving the hostname as an argument as
oppose to no argument or the ip.
"nslookup ns1.arc.nasa.gov"
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
09:48:23.191397 IP corvus.arc.nasa.gov.50677 > ns1.arc.nasa.gov.domain:
62346+ A? ns1.arc.nasa.gov. (34)
09:48:23.191831 IP ns1.arc.nasa.gov.domain > corvus.arc.nasa.gov.50677:
62346* 1/3/2 A ns1.arc.nasa.gov (132)
09:48:23.191921 IP corvus.arc.nasa.gov.40824 > ns1.arc.nasa.gov.domain:
61200+ PTR? 34.252.232.143.in-addr.arpa. (45)
09:48:23.192382 IP ns1.arc.nasa.gov.domain > corvus.arc.nasa.gov.40824:
61200* 1/3/3 (173)
"nslookup ns1.arc.nasa.gov ns1.arc.nasa.gov"
09:48:31.335862 IP corvus.arc.nasa.gov.53838 > ns1.arc.nasa.gov.domain:
16500+ A? ns1.arc.nasa.gov. (34)
09:48:31.335933 IP corvus.arc.nasa.gov.53838 > ns1.arc.nasa.gov.domain:
59525+ AAAA? ns1.arc.nasa.gov. (34)
09:48:31.336346 IP ns1.arc.nasa.gov.domain > corvus.arc.nasa.gov.53838:
16500* 1/3/2 A ns1.arc.nasa.gov (132)
09:48:36.336413 IP corvus.arc.nasa.gov.53838 > ns1.arc.nasa.gov.domain:
16500+ A? ns1.arc.nasa.gov. (34)
09:48:36.336812 IP ns1.arc.nasa.gov.domain > corvus.arc.nasa.gov.53838:
16500* 1/3/2 A ns1.arc.nasa.gov (132)
09:48:36.336920 IP corvus.arc.nasa.gov.53838 > ns1.arc.nasa.gov.domain:
59525+ AAAA? ns1.arc.nasa.gov. (34)
09:48:36.337318 IP ns1.arc.nasa.gov.domain > corvus.arc.nasa.gov.53838:
59525* 0/1/0 (81)
09:48:36.338002 IP corvus.arc.nasa.gov.43373 > ns1.arc.nasa.gov.domain:
56964+ A? ns1.arc.nasa.gov. (34)
09:48:36.338456 IP ns1.arc.nasa.gov.domain > corvus.arc.nasa.gov.43373:
56964* 1/3/2 A ns1.arc.nasa.gov (132)
Unfortunately another group here is responsible for the DNS servers, I
will engage them as well and see if they know what's causing the
behavior. It looks as though something changed in the fedora resolver
though. I don't get this behavior on fedora 6 and 7 boxes using the
same server from the same subnet.
[root at old-flux ~]# uname -r
2.6.22.1-32.fc6
[root at old-flux ~]# time nslookup ns1.arc.nasa.gov
Server: 128.102.0.34
Address: 128.102.0.34#53
Name: ns1.arc.nasa.gov
Address: 143.232.252.34
real 0m0.456s
user 0m0.004s
sys 0m0.002s
[root at old-flux ~]# time nslookup ns1.arc.nasa.gov ns1.arc.nasa.gov
Server: ns1.arc.nasa.gov
Address: 143.232.252.34#53
Name: ns1.arc.nasa.gov
Address: 143.232.252.34
real 0m0.009s
user 0m0.004s
sys 0m0.003s
[root at old-flux ~]#
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
More information about the openssh-bugs
mailing list