Slow connects due to out-of-context DNS lookup
Damien Miller
djm at mindrot.org
Thu Mar 2 08:33:42 AEDT 2017
Please send verbose output, i.e. "ssh -vvv ..."
On Wed, 1 Mar 2017, Adrian Wilkins wrote:
> Ok, so my situation :
>
> Connecting to internal machines via a bastion server in AWS.
>
> Because I'm raising and tearing down the infrastructure a lot at this stage
> with Terraform, the IP addresses change.
>
> For the management subnet, I have a private DNS zone defined, and a public
> zone with a record for the bastion server.
>
> What I wanted ; to just be able to define a config entry thus :
>
> ---
>
> Host graylog
> Hostname graylog.management
> ProxyCommand ssh -q -W %h:%p user at jumpbox.my.aws.zone
>
> ---
>
> This takes a long time (> 30s)to connect because the client is doing a DNS
> lookup on the Hostname, which apparently has to fail before it attempts to
> connect.
>
> Add this to your /etc/hosts ...
>
> ---
>
> 127.0.0.1 graylog.management
>
> ---
>
> ... and connection is swift. This seems like a rather grody workaround,
> because one day I may have a VPN server inside this cloud and want DNS lookups
> to work properly.
>
> Is there a way to suppress this DNS lookup happening locally, when using
> ProxyCommand?
>
> Is this in the same set of things being discussed at
>
> http://marc.info/?l=openssh-unix-dev&m=139556798100796&w=2
>
> and https://bugzilla.mindrot.org/show_bug.cgi?id=2218
>
> ?
>
> I don't have CanonicalizeHostName on, so what's doing the lookup?
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>
More information about the openssh-unix-dev
mailing list