Re: [gentoo-user] SSH UseDNS without IPv6?

[Alan McKinnon <alan.mckinnon@gmail.com>]

On 09/02/2013 20:22, Florian Philipp wrote:
> Hi list!
> 
> I have an issue with SSH. It's a variation of the old "Set 'UseDNS no'
> to avoid delays with faulty DNS records" theme.
> 
> Following setup:
> 1. I have a server with IPv6 compiled into the SSH daemon but no actual
> IPv6 network interface.
> 
> 2. The SSH client has no IPv6, neither compiled nor active.
> 
> 3. The DNS server doesn't serve or support AAAA records. Apparently it
> drops all such requests. All other records for IP and reverse lookup are
> correct.
> 
> Now I'm experiencing the classic, very long delay when connecting to the
> server via SSH because it does DNS lookups. When I look at wireshark
> dumps, I see correctly served A and reverse lookups but the server also
> insists on doing AAAA requests which time out.

When you say "the server also insists on doing AAAA requests" you mean
the SSH server, right?

> 
> I tried limiting the sshd "AddressFamily" to inet (aka IPv4) but this
> didn't change anything. Is there another workaround or do I really have
> to deactivate DNS lookups?

Is the server Gentoo and do you really need IPv6 support on it? Did you
consider rebuilding that host with IPv6 disabled in USE?

IPv6 coexisting with IPv4 is always going to be a tricky problem, and
the recommended defaults you run into all over are usually intended to
force people to hurry IPv6 implementation along :-)

There's always a way to change defaults, and I found this:

http://askubuntu.com/questions/32298/prefer-a-ipv4-dns-lookups-before-aaaaipv6-lookups

The magic file you need to edit appears to be

/etc/gai.conf

-- 
Alan McKinnon
alan.mckinnon@gmail.com