problem with DNS lookups on non-IPv4-only-mode?
Kendell Welch
kwelch at useractive.com
Wed Jun 9 07:11:14 EST 2004
Below are some details about a few of the servers on which I encountered
the hanging DNS problem...I'm afraid that the BSD account I had trouble
with is no longer available...Windows OpenSSH servers have never had the
problem as best as I can tell.
---Machine 2---
Red Hat Linux release 8.0 (Psyche)
Kernel: Linux 2.4.23-xfs
glibc-2.2.93-5
glibc-devel-2.2.93-5
glibc-common-2.2.93-5
glibc-kernheaders-2.4-7.20
OpenSSH_3.4p1, SSH protocols 1.5/2.0, OpenSSL 0x0090602f
---------------
---Machine 2---
Custom Distribution
Kernel: Linux 2.4.25
Glibc Version 2.1 - that's the best answer I could get from our admin :P
OpenSSH_3.7.1p2, SSH protocols 1.5/2.0, OpenSSL 0.9.6g 9 Aug 2002
---------------
---Machine 3---
Nomad Linux 2.0
Kernel: 2.4.25 #1 SMP
Glibc Version 2.1 - that's the best answer I could get from our admin :P
OpenSSH_3.7.1p2, SSH protocols 1.5/2.0, OpenSSL 0.9.6g 9 Aug 2002
---------------
Thanks!
Kendell
On Mon, 7 Jun 2004, Kendell Welch wrote:
> Hi All, I'm Kendell, and I'm new to the list.
>
> I've been working on a SSH VPN client. I've noticed a possible
> glitch/bug with OpenSSH on various platforms (Linux and various BSD, but
> Windows seems to be OK for some reason.)
>
> The SSH VPN client can configure SSH tunnels using DNS names instead of IP
> addresses. It seems that if the client "rapidly" configures a number of
> tunnels using DNS names instead of IP addy's (say, 5-10 tunnels,) sshd
> hangs for a minute or more. Eventually sshd "comes back", but in the mean
> time, no terminal interaction or any other SSH traffic is sent from the
> server (based on Ethereal observation.)
>
> We put sshd into debug mode, and saw the hang was during DNS lookups. A
> colleague found that running sshd with the -4 option made the problem "go
> away" (this option forces sshd to run only in IPv4 mode...I think.)
>
> The problem manifests itself (at least on Linux) even if the Kernel is
> compiled with IPv6 support.
>
> Is there possibly some problem with support for IP and/or DNS lookup
> for SSH tunnels?
>
> My team and I are available for any questions regarding reproducing the
> problem, and/or other assistance.
>
> Thanks!
> Kendell Welch
> Vast Range Security
> http://www.vastrange.com/
>
> P.S. For those of you with Windows 2K/XP, the problem can be demonstrated
> by using the free-trial version of Safe Passage from:
> http://www.vastrange.com/
>
>
More information about the openssh-unix-dev
mailing list