[PATCH] UseDNS should default to "no"
Alex Bligh
alex at alex.org.uk
Thu Nov 13 03:54:20 EST 2014
On 12 Nov 2014, at 11:43, Daniel Kahn Gillmor <dkg at fifthhorseman.net> wrote:
> Perhaps a better approach here is to leave UseDNS=yes as the default,
> but also default to -u0, and generate a deprecation warning when
> encountering any need for DNS while -u0 is set, so that future versions
> of openssh can get away with disabling those lookups entirely.
>
> What do other folks think is the right way to improve the default
> behavior here?
The first thing I do to a host on install is disable every bit of
ssh/DNS interaction I can, plus GSSAPI (I know that's not upstream)
as both significantly slow connection times.
If you're happy disabling tcpwrappers and ripping it out the source
code, this is a rather more minor change, I'd suggest.
--
Alex Bligh
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20141112/8317f2b4/attachment.bin>
More information about the openssh-unix-dev
mailing list