problem with DNS lookups on non-IPv4-only-mode?

Darren Tucker dtucker at zip.com.au
Tue Jun 8 13:47:30 EST 2004


Kendell Welch wrote:

> Hi All, I'm Kendell, and I'm new to the list.
> 
> I've been working on a SSH VPN client.  I've noticed a possible
> glitch/bug with OpenSSH on various platforms (Linux and various BSD, but
> Windows seems to be OK for some reason.)

Which Linux distributions/versions, which BSD's, which versions of 
OpenSSH compiled with which options?

> The SSH VPN client can configure SSH tunnels using DNS names instead of IP
> addresses.  It seems that if the client "rapidly" configures a number of
> tunnels using DNS names instead of IP addy's (say, 5-10 tunnels,) sshd
> hangs for a minute or more.  Eventually sshd "comes back", but in the mean
> time, no terminal interaction or any other SSH traffic is sent from the
> server (based on Ethereal observation.)

It sounds like getaddrinfo() is blocking.  Some glibc's are known to 
take a long time to resolve IPv4or6 addresses:
http://www.openssh.com/faq.html#3.3.

> We put sshd into debug mode, and saw the hang was during DNS lookups.  A
> colleague found that running sshd with the -4 option made the problem "go
> away" (this option forces sshd to run only in IPv4 mode...I think.)
[...]
> P.S. For those of you with Windows 2K/XP, the problem can be demonstrated
>      by using the free-trial version of Safe Passage from:
>      http://www.vastrange.com/

The features for this list " Works with any SSH Server account with no 
special configurations" and "Securely encrypts any TCP/IP or DNS traffic 
via SSH keeping your transfered data safe and private."

Does this mean that UDP is not supported?  It sound like you're mapping 
connect() calls (and/or the Winsock equivalent) into direct-tcpip 
channel requests?

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
     Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.




More information about the openssh-unix-dev mailing list