1 |
On 09/02/2013 20:22, Florian Philipp wrote: |
2 |
> Hi list! |
3 |
> |
4 |
> I have an issue with SSH. It's a variation of the old "Set 'UseDNS no' |
5 |
> to avoid delays with faulty DNS records" theme. |
6 |
> |
7 |
> Following setup: |
8 |
> 1. I have a server with IPv6 compiled into the SSH daemon but no actual |
9 |
> IPv6 network interface. |
10 |
> |
11 |
> 2. The SSH client has no IPv6, neither compiled nor active. |
12 |
> |
13 |
> 3. The DNS server doesn't serve or support AAAA records. Apparently it |
14 |
> drops all such requests. All other records for IP and reverse lookup are |
15 |
> correct. |
16 |
> |
17 |
> Now I'm experiencing the classic, very long delay when connecting to the |
18 |
> server via SSH because it does DNS lookups. When I look at wireshark |
19 |
> dumps, I see correctly served A and reverse lookups but the server also |
20 |
> insists on doing AAAA requests which time out. |
21 |
|
22 |
When you say "the server also insists on doing AAAA requests" you mean |
23 |
the SSH server, right? |
24 |
|
25 |
> |
26 |
> I tried limiting the sshd "AddressFamily" to inet (aka IPv4) but this |
27 |
> didn't change anything. Is there another workaround or do I really have |
28 |
> to deactivate DNS lookups? |
29 |
|
30 |
Is the server Gentoo and do you really need IPv6 support on it? Did you |
31 |
consider rebuilding that host with IPv6 disabled in USE? |
32 |
|
33 |
IPv6 coexisting with IPv4 is always going to be a tricky problem, and |
34 |
the recommended defaults you run into all over are usually intended to |
35 |
force people to hurry IPv6 implementation along :-) |
36 |
|
37 |
There's always a way to change defaults, and I found this: |
38 |
|
39 |
http://askubuntu.com/questions/32298/prefer-a-ipv4-dns-lookups-before-aaaaipv6-lookups |
40 |
|
41 |
The magic file you need to edit appears to be |
42 |
|
43 |
/etc/gai.conf |
44 |
|
45 |
-- |
46 |
Alan McKinnon |
47 |
alan.mckinnon@×××××.com |