Slow connects due to out-of-context DNS lookup

Adrian Wilkins adrian.wilkins at
Thu Mar 2 00:41:38 AEDT 2017

Ok, so my situation :

Connecting to internal machines via a bastion server in AWS.

Because I'm raising and tearing down the infrastructure a lot at this 
stage with Terraform, the IP addresses change.

For the management subnet, I have a private DNS zone defined, and a 
public zone with a record for the bastion server.

What I wanted ; to just be able to define a config entry thus :


Host graylog
   ProxyCommand ssh -q -W %h:%p user at


This takes a long time (> 30s)to connect because the client is doing a 
DNS lookup on the Hostname, which apparently has to fail before it 
attempts to connect.

Add this to your /etc/hosts ...



... and connection is swift. This seems like a rather grody workaround, 
because one day I may have a VPN server inside this cloud and want DNS 
lookups to work properly.

Is there a way to suppress this DNS lookup happening locally, when using 

Is this in the same set of things being discussed at



I don't have CanonicalizeHostName on, so what's doing the lookup?

More information about the openssh-unix-dev mailing list