| 1 |
On 09/02/2013 20:22, Florian Philipp wrote: |
| 2 |
> Hi list! |
| 3 |
> |
| 4 |
> I have an issue with SSH. It's a variation of the old "Set 'UseDNS no' |
| 5 |
> to avoid delays with faulty DNS records" theme. |
| 6 |
> |
| 7 |
> Following setup: |
| 8 |
> 1. I have a server with IPv6 compiled into the SSH daemon but no actual |
| 9 |
> IPv6 network interface. |
| 10 |
> |
| 11 |
> 2. The SSH client has no IPv6, neither compiled nor active. |
| 12 |
> |
| 13 |
> 3. The DNS server doesn't serve or support AAAA records. Apparently it |
| 14 |
> drops all such requests. All other records for IP and reverse lookup are |
| 15 |
> correct. |
| 16 |
> |
| 17 |
> Now I'm experiencing the classic, very long delay when connecting to the |
| 18 |
> server via SSH because it does DNS lookups. When I look at wireshark |
| 19 |
> dumps, I see correctly served A and reverse lookups but the server also |
| 20 |
> insists on doing AAAA requests which time out. |
| 21 |
|
| 22 |
When you say "the server also insists on doing AAAA requests" you mean |
| 23 |
the SSH server, right? |
| 24 |
|
| 25 |
> |
| 26 |
> I tried limiting the sshd "AddressFamily" to inet (aka IPv4) but this |
| 27 |
> didn't change anything. Is there another workaround or do I really have |
| 28 |
> to deactivate DNS lookups? |
| 29 |
|
| 30 |
Is the server Gentoo and do you really need IPv6 support on it? Did you |
| 31 |
consider rebuilding that host with IPv6 disabled in USE? |
| 32 |
|
| 33 |
IPv6 coexisting with IPv4 is always going to be a tricky problem, and |
| 34 |
the recommended defaults you run into all over are usually intended to |
| 35 |
force people to hurry IPv6 implementation along :-) |
| 36 |
|
| 37 |
There's always a way to change defaults, and I found this: |
| 38 |
|
| 39 |
http://askubuntu.com/questions/32298/prefer-a-ipv4-dns-lookups-before-aaaaipv6-lookups |
| 40 |
|
| 41 |
The magic file you need to edit appears to be |
| 42 |
|
| 43 |
/etc/gai.conf |
| 44 |
|
| 45 |
-- |
| 46 |
Alan McKinnon |
| 47 |
alan.mckinnon@×××××.com |
Archives