[Bug 1667] New: sshd slow connect with 'UseDNS yes'

Tue Oct 27 10:30:44 EST 2009

https://bugzilla.mindrot.org/show_bug.cgi?id=1667

           Summary: sshd slow connect with 'UseDNS yes'
           Product: Portable OpenSSH
           Version: 5.2p1
          Platform: All
        OS/Version: Linux
            Status: NEW
          Severity: major
          Priority: P2
         Component: sshd
        AssignedTo: unassigned-bugs at mindrot.org
        ReportedBy: brian.p.stamper at nasa.gov

ssh is slow to connect (25 seconds) when UseDNS is enabled, despite
quick name servers.  Disabling UseDNS is a poor workaround, especially
since I ask my users to anchor their ssh keys with "from=" lines in
their authorized_keys file.

If the client host is in /etc/hosts, the connection is immediate.  If
the client host is not in /etc/hosts, the connection takes 25 seconds. 
If I turn off UseDNS, the connection is once again instant.  My DNS
servers are near instant responses.

[root at server ~]# time nslookup <client ip>
Server:         x
Address:        x

<client ip>.in-addr.arpa    name = <client>

real    0m0.005s
user    0m0.000s
sys     0m0.004s
[root at server ~]# time nslookup <client>
Server:         x
Address:        x

Name:   <client>
Address: <client ip>

real    0m0.005s
user    0m0.001s
sys     0m0.003s
[root at server ~]#

I have confirmed that this seemingly affects all of my hosts running
Fedora 10 or later (openssh 5.2p1) but not my machines running Fedora 9
or earlier (openssh 5.1p1)

nsswitch.conf hosts is set to "files dns"

I've seen threads about this in the ubuntu and other forums, and
inevitably the answer is "Turn UseDNS to off"  That's not really a
great answer.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.