problem with DNS lookups on non-IPv4-only-mode?

Kendell Welch kwelch at useractive.com
Tue Jun 8 13:21:50 EST 2004


Hi All, I'm Kendell, and I'm new to the list.

I've been working on a SSH VPN client.  I've noticed a possible
glitch/bug with OpenSSH on various platforms (Linux and various BSD, but
Windows seems to be OK for some reason.)

The SSH VPN client can configure SSH tunnels using DNS names instead of IP
addresses.  It seems that if the client "rapidly" configures a number of
tunnels using DNS names instead of IP addy's (say, 5-10 tunnels,) sshd
hangs for a minute or more.  Eventually sshd "comes back", but in the mean
time, no terminal interaction or any other SSH traffic is sent from the
server (based on Ethereal observation.)

We put sshd into debug mode, and saw the hang was during DNS lookups.  A
colleague found that running sshd with the -4 option made the problem "go
away" (this option forces sshd to run only in IPv4 mode...I think.)

The problem manifests itself (at least on Linux) even if the Kernel is
compiled with IPv6 support.

Is there possibly some problem with support for IP and/or DNS lookup
for SSH tunnels?

My team and I are available for any questions regarding reproducing the
problem, and/or other assistance.

Thanks!
Kendell Welch
Vast Range Security
http://www.vastrange.com/

P.S. For those of you with Windows 2K/XP, the problem can be demonstrated
     by using the free-trial version of Safe Passage from:
     http://www.vastrange.com/




More information about the openssh-unix-dev mailing list