problem with DNS lookups on non-IPv4-only-mode?
Darren Tucker
dtucker at zip.com.au
Tue Jun 8 13:47:30 EST 2004
Kendell Welch wrote:
> Hi All, I'm Kendell, and I'm new to the list.
>
> I've been working on a SSH VPN client. I've noticed a possible
> glitch/bug with OpenSSH on various platforms (Linux and various BSD, but
> Windows seems to be OK for some reason.)
Which Linux distributions/versions, which BSD's, which versions of
OpenSSH compiled with which options?
> The SSH VPN client can configure SSH tunnels using DNS names instead of IP
> addresses. It seems that if the client "rapidly" configures a number of
> tunnels using DNS names instead of IP addy's (say, 5-10 tunnels,) sshd
> hangs for a minute or more. Eventually sshd "comes back", but in the mean
> time, no terminal interaction or any other SSH traffic is sent from the
> server (based on Ethereal observation.)
It sounds like getaddrinfo() is blocking. Some glibc's are known to
take a long time to resolve IPv4or6 addresses:
http://www.openssh.com/faq.html#3.3.
> We put sshd into debug mode, and saw the hang was during DNS lookups. A
> colleague found that running sshd with the -4 option made the problem "go
> away" (this option forces sshd to run only in IPv4 mode...I think.)
[...]
> P.S. For those of you with Windows 2K/XP, the problem can be demonstrated
> by using the free-trial version of Safe Passage from:
> http://www.vastrange.com/
The features for this list " Works with any SSH Server account with no
special configurations" and "Securely encrypts any TCP/IP or DNS traffic
via SSH keeping your transfered data safe and private."
Does this mean that UDP is not supported? It sound like you're mapping
connect() calls (and/or the Winsock equivalent) into direct-tcpip
channel requests?
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list